Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Aldemir Pinheiro

[Resolvido] Ao instalar um programa apareceu malwares e adwares

Recommended Posts

Boa noite, ao usar um programa baixado pela internet  meu computador  vem apresentando  problemas como:

lentidão  tambem janelas e navegadores  abrem  constantemente e sozinhos

já o edge abre com ---ografia  

desktop alem de aparentar alongado na vertical aparece esbranquecido 

letra dos atalhos se tornaram no formato de datilografia  

e arquivos  viraram atalhos.lmk

 

FRST
http://www.cjoint.com/c/GFAbv2TFOa8
Addition
http://www.cjoint.com/c/GFAbwSJeig8

 

No aguardo. muito Obrigado
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia! Aldemir Pinheiro _\

 

> Desinstale: <5>

 

1.0.0.1 (HKLM-x32\...\YeaDesktop) (Version: 1.0.0.1 - ) <<
DiskWMpower version 1.0 <<
Online Application (x32 Version: 2.6.0 - Microleaves) <<
OtherSearch (HKLM-x32\...\OtherSearch) (Version: 4.0.0.0 - Skyler Emil) <<
Social2Search (HKLM\...\89798490c2b4d681479595f7b986c615) (Version: 11.14.1.75 (i1.0) - Social2Search)<<

 

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )

 

start
CloseProcesses:
HKLM\...\Run: [Login] => C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe [5367296 2017-06-25] () <==== ATENÇÃO 
HKLM-x32\...\Run: [DiskPower] => C:\Program Files (x86)\DiskWMpower\DiskPower.exe [210432 2017-02-10] () <==== ATENÇÃO 
HKLM\...\RunOnce: [OMEWPRODUCT_UJAYA] => C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe [340480 2017-06-25] (RW3N) <==== ATENÇÃO 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [X44WUWTEZG7JBPE] => C:\Program Files\4PKCUNJOVT\HEQR3MPPU.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [AIEXR79YGJQMP3I] => C:\Program Files\694ASJ82FT\694ASJ82F.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [nfqu5xdln43] => C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe [8192 2017-06-25] () 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [wsnoxgrylyi] => C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe [8192 2017-06-25] () 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [0LNI83FHNYQ9GCY] => C:\Program Files\RLR47SCMCK\RLR47SCMC.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [E1DU437K072Q4H7] => C:\Program Files (x86)\0skpobfw0eo\7F1D7.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [3513856 2017-06-13] () <==== ATENÇÃO 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [msiql] => C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe [2072576 2017-06-25] () <==== ATENÇÃO 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [{BEF52EAB-8493-F95E-1956-6E8C5FBC5B0C}] => C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe [117561 2017-05-13] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo
S2 89798490c2b4d681479595f7b986c615; C:\Program Files\89798490c2b4d681479595f7b986c615\6fedccfacdec2958edd3d0f4f6a249a1.exe [1184768 2017-06-23] () [Arquivo não assinado] <==== ATENÇÃO 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2855152 2016-06-05] (Microsoft Corporation)
S2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [247464 2016-12-22] () 
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) 
R2 OtherSearch; C:\Program Files (x86)\ZBeAlTQs36\kl.dll [762368 2017-06-25] () [Arquivo não assinado] <==== ATENÇÃO 
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-03-07] () <==== ATENÇÃO
R1 e9fbb8bffa005bf33fed2856825b190d; C:\WINDOWS\system32\drivers\e9fbb8bffa005bf33fed2856825b190d.sys [71536 2017-06-23] (KE84TD) <==== ATENÇÃO
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATENÇÃO
2017-06-25 19:04 - 2017-06-25 20:39 - 00002656 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore 
2017-06-25 19:04 - 2017-06-25 20:39 - 00000322 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job 
2017-06-25 19:04 - 2017-06-25 19:07 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater 
2017-06-25 19:04 - 2017-06-25 19:06 - 00000486 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job 
2017-06-25 19:04 - 2017-06-25 19:04 - 01623552 _____ C:\Users\Todos os Usuários\service.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 01623552 _____ C:\ProgramData\service.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 00016802 _____ C:\WINDOWS\System32\Tasks\PrintsCouth 
2017-06-25 19:04 - 2017-06-25 19:04 - 00003506 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater 
2017-06-25 19:04 - 2017-06-25 19:04 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\UCBrowser 
2017-06-25 19:04 - 2017-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\UCBrowser 
2017-06-25 19:03 - 2017-06-25 19:04 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\UCChannel 
2017-06-25 19:03 - 2017-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\YeaDesktop 
2017-06-25 19:03 - 2017-06-25 19:03 - 00930816 _____ C:\Users\Hakaz7\AppData\Local\test_db_cara.db 
2017-06-25 19:03 - 2017-06-25 19:03 - 00140800 _____ C:\Users\Hakaz7\AppData\Local\installer.dat 
2017-06-25 19:03 - 2017-06-25 19:03 - 00011568 _____ C:\Users\Hakaz7\AppData\Local\InstallationConfiguration.xml 
2017-06-25 19:03 - 2017-06-25 19:03 - 00001052 _____ C:\Users\Public\Desktop\magicdisk.lnk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Users\Public\Documents\XMUpdate 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Program Files (x86)\mgdisk 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000410 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G3.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G2.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-06-25 19:02 - 2017-06-25 19:02 - 00003304 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003296 _____ C:\WINDOWS\System32\Tasks\89798490c2b4d681479595f7b986c615 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\WINDOWS\SysWOW64\SSL 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\Microleaves 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\AdvinstAnalytics 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Program Files\89798490c2b4d681479595f7b986c615 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Program Files (x86)\Microleaves 
2017-06-25 18:59 - 2017-06-25 18:59 - 00002052 _____ C:\WINDOWS\System32\Tasks\O6dPumpAUx 
2017-06-25 18:58 - 2017-06-25 19:11 - 00000000 ____D C:\Program Files (x86)\ZBeAlTQs36 
2017-06-25 18:58 - 2017-06-25 18:59 - 00000002 _____ C:\END 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files\RLR47SCMCK 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files (x86)\DiskWMpower 
2017-06-25 18:57 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files (x86)\0skpobfw0eo 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Program Files\694ASJ82FT 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Program Files\4PKCUNJOVT 
2017-06-25 18:56 - 2017-06-25 18:56 - 00000000 ____D C:\Program Files (x86)\KMSPico 
2017-06-25 18:51 - 2017-06-24 15:07 - 10227008 _____ C:\Users\Hakaz7\Desktop\KMSPico__Windows_10_Activator.mp4
2017-06-24 15:07 - 2017-06-24 15:07 - 10227008 _____ C:\Users\Hakaz7\Downloads\KMSPico__Windows_10_Activator.mp4
2017-06-25 18:56 - 2017-06-25 18:56 - 0061440 _____ (The Gentee Group) C:\Users\Hakaz7\AppData\Local\Temp\genteert.dll 
2017-06-25 18:58 - 2017-06-25 18:58 - 0453383 _____ (WeMonetize ) C:\Users\Hakaz7\AppData\Local\Temp\S05G6B6.exe
2017-06-25 19:04 - 2017-03-07 10:44 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 05367296 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe 
2017-06-25 18:57 - 2017-06-25 18:57 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe 
2017-06-25 18:58 - 2017-06-25 18:58 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe 
2017-06-25 19:03 - 2017-06-13 17:34 - 03513856 _____ () C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 02072576 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe 
2017-06-25 19:04 - 2017-03-07 10:44 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\UCAgent.exe 
2017-05-13 00:38 - 2017-05-13 00:38 - 00117561 _____ () C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe  
2017-06-25 20:00 - 2017-06-25 20:00 - 00481792 _____ () C:\WINDOWS\TEMP\gC0E1.tmp.exe 
2017-06-25 20:00 - 2017-06-25 20:00 - 00460800 _____ () C:\WINDOWS\TEMP\gCB23.tmp.exe 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncApi64.dll => Nenhum Arquivo
Task: {09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATENÇÃO
Task: {2B3D4C55-B27B-4266-8CC0-D449AC953618} - System32\Tasks\O6dPumpAUx => C:\Program Files (x86)\ZBeAlTQs36\updengine.exe [2017-06-25] () <==== ATENÇÃO
Task: {31514E56-53B7-4929-BDFA-92C5A4FF0702} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-06-25] (UC Web Inc.) <==== ATENÇÃO
Task: {58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} - System32\Tasks\PrintsCouth => Rundll32.exe "C:\Program Files\PrintsCouth\PrintsCouth.dll",bUjgdkEtA <==== ATENÇÃO
Task: {AA993382-ABE3-4686-AF3D-F26B0FE219EA} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO 
Task: {B6B84572-80FD-403E-AAFC-D5BDA21495D5} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO 
Task: {B8B826C3-E110-4C85-845F-D8E70B51CBE7} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATENÇÃO
Task: {BE4A6AE7-1342-466F-8250-46DF14D45C07} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO
Task: {D30C4AF5-8775-40AC-84EF-E353332925FC} - System32\Tasks\89798490c2b4d681479595f7b986c615 => sc start 89798490c2b4d681479595f7b986c615 <==== ATENÇÃO 
Task: {F323D747-D4A8-4462-AD3A-B99AA23FC9E4} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATENÇÃO  
WMI_ActiveScriptEventConsumer_ASEC: <==== ATENÇÃO
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk -> C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444] 
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914] 
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458] 
FirewallRules: [UDP Query User{2173846D-BE62-4434-BAC0-2B5C666DBB60}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe 
FirewallRules: [TCP Query User{6C901EC6-9AC6-4C79-AE1F-E7A0BB4FC635}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe 
FirewallRules: [{1F6AB5A9-2C0A-4298-9444-50E2AA16F76F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 
FirewallRules: [{E397A2C9-41F9-4C86-B2D0-043A9B6120BA}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 
FirewallRules: [{AE6F9839-9CC3-4226-AF12-E1B67F2C41C9}] => (Allow) C:\Program Files\Nightly\firefox.exe 
FirewallRules: [{500A9256-49D3-4BAC-AEB9-4B1EE56300F8}] => (Allow) C:\Program Files\Nightly\firefox.exe 
C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe 
C:\Program Files (x86)\DiskWMpower\DiskPower.exe 
C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe 
C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe 
C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe 
C:\users\hakaz7\desktop\u1504.exe 
C:\ProgramData\service.exe 
C:\Users\Todos os Usuários\service.exe 
CreateRestorePoint:
EmptyTemp:
Reboot:
end

 

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde! 
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool" (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

 

[A+]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá DigRam obrigado por responder

 

Desculpa a demora

tenho uma partição linux que eu somente tenho 6 segundos para  escolher com qual sistema deve iniciar  windows, se não inicia automaticamente inicia como linux, por isso tenho reboot´s dando errado em alguns pendrives. 

 

o que acontece: meu pendrive  não está reiniciando, pois havia um linux bootavel instalado nele, onde eu  o apaguei, mas agora está infectando a maquina  novamente pois não saiu os virus, por este motivo preciso desinstalar a repartição ubuntu como descrito neste site https://computadorcomwindows.com/2015/08/21/tutorial-como-remover-particoes-de-um-dispositivo-usb-pen-drive/  

pois quando eu reinicio dou um reboot, pede para q remova o disco removivel com sistema operacional instalado farei isso.


porem faria isso se não tivesse apagado meus arquivos do pendrive, mas mesmo assim acusa como tendo um SO. Então eu deveria  recolocar o SO novamente no pendrive, porem o que me impede é a .ISO que tenho está em formato .RAR e de acordo com este video eu deveria tira-lo mas depois de feito o processo não aparece o formato .ISO nem nada, como faço para tirar um formato .ISO do arquivo .rar? quero desinstalar o ubuntu tenho todos os arquivos para fazer um pendrive bootavel com o mesmo SO que havia instalado só não sei fazer um .RAR virar .ISO  como no caso é o que eu deveria fazer de acordo com este video:

poderia me ajudar? pois quando termina o processo não aparece nada

 

ops:
_________________________________________________________________________________________________
Não consigo encontrar programa: Online Application (x32 Version: 2.6.0 - Microleaves)
para desistalaçao em painel controle> desinstalar ou alterer um programa.                                    nem mesmo pela cortana.
existe um meio mais eficaz de encontrar um programa para sua desinstalação se é que este programa não esteja com o nome modificado ou alterado ou renomeado

_________________________________________________________________________________________________

De qualquer forma relatorio fixlog reboot no pendrive:

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-06-2017 01
Executado por Hakaz7 (29-06-2017 00:06:16) Run:1
Executando a partir de C:\Users\Hakaz7\Desktop
Perfis Carregados: Hakaz7 (Perfis Disponíveis: Hakaz7 & aldem)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
start
CloseProcesses:
HKLM\...\Run: [Login] => C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe [5367296 2017-06-25] () <==== ATEN��O 
HKLM-x32\...\Run: [DiskPower] => C:\Program Files (x86)\DiskWMpower\DiskPower.exe [210432 2017-02-10] () <==== ATEN��O 
HKLM\...\RunOnce: [OMEWPRODUCT_UJAYA] => C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe [340480 2017-06-25] (RW3N) <==== ATEN��O 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restri��o <==== ATEN��O 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [X44WUWTEZG7JBPE] => C:\Program Files\4PKCUNJOVT\HEQR3MPPU.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [AIEXR79YGJQMP3I] => C:\Program Files\694ASJ82FT\694ASJ82F.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [nfqu5xdln43] => C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe [8192 2017-06-25] () 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [wsnoxgrylyi] => C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe [8192 2017-06-25] () 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [0LNI83FHNYQ9GCY] => C:\Program Files\RLR47SCMCK\RLR47SCMC.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [E1DU437K072Q4H7] => C:\Program Files (x86)\0skpobfw0eo\7F1D7.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [3513856 2017-06-13] () <==== ATEN��O 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [msiql] => C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe [2072576 2017-06-25] () <==== ATEN��O 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [{BEF52EAB-8493-F95E-1956-6E8C5FBC5B0C}] => C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe [117561 2017-05-13] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo
S2 89798490c2b4d681479595f7b986c615; C:\Program Files\89798490c2b4d681479595f7b986c615\6fedccfacdec2958edd3d0f4f6a249a1.exe [1184768 2017-06-23] () [Arquivo n�o assinado] <==== ATEN��O 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2855152 2016-06-05] (Microsoft Corporation)
S2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [247464 2016-12-22] () 
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) 
R2 OtherSearch; C:\Program Files (x86)\ZBeAlTQs36\kl.dll [762368 2017-06-25] () [Arquivo n�o assinado] <==== ATEN��O 
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-03-07] () <==== ATEN��O
R1 e9fbb8bffa005bf33fed2856825b190d; C:\WINDOWS\system32\drivers\e9fbb8bffa005bf33fed2856825b190d.sys [71536 2017-06-23] (KE84TD) <==== ATEN��O
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATEN��O
2017-06-25 19:04 - 2017-06-25 20:39 - 00002656 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore 
2017-06-25 19:04 - 2017-06-25 20:39 - 00000322 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job 
2017-06-25 19:04 - 2017-06-25 19:07 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater 
2017-06-25 19:04 - 2017-06-25 19:06 - 00000486 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job 
2017-06-25 19:04 - 2017-06-25 19:04 - 01623552 _____ C:\Users\Todos os Usu�rios\service.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 01623552 _____ C:\ProgramData\service.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 00016802 _____ C:\WINDOWS\System32\Tasks\PrintsCouth 
2017-06-25 19:04 - 2017-06-25 19:04 - 00003506 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater 
2017-06-25 19:04 - 2017-06-25 19:04 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\UCBrowser 
2017-06-25 19:04 - 2017-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\UCBrowser 
2017-06-25 19:03 - 2017-06-25 19:04 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\UCChannel 
2017-06-25 19:03 - 2017-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\YeaDesktop 
2017-06-25 19:03 - 2017-06-25 19:03 - 00930816 _____ C:\Users\Hakaz7\AppData\Local\test_db_cara.db 
2017-06-25 19:03 - 2017-06-25 19:03 - 00140800 _____ C:\Users\Hakaz7\AppData\Local\installer.dat 
2017-06-25 19:03 - 2017-06-25 19:03 - 00011568 _____ C:\Users\Hakaz7\AppData\Local\InstallationConfiguration.xml 
2017-06-25 19:03 - 2017-06-25 19:03 - 00001052 _____ C:\Users\Public\Desktop\magicdisk.lnk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Users\Public\Documents\XMUpdate 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Program Files (x86)\mgdisk 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000410 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G3.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G2.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-06-25 19:02 - 2017-06-25 19:02 - 00003304 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003296 _____ C:\WINDOWS\System32\Tasks\89798490c2b4d681479595f7b986c615 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\WINDOWS\SysWOW64\SSL 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\Microleaves 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\AdvinstAnalytics 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Program Files\89798490c2b4d681479595f7b986c615 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Program Files (x86)\Microleaves 
2017-06-25 18:59 - 2017-06-25 18:59 - 00002052 _____ C:\WINDOWS\System32\Tasks\O6dPumpAUx 
2017-06-25 18:58 - 2017-06-25 19:11 - 00000000 ____D C:\Program Files (x86)\ZBeAlTQs36 
2017-06-25 18:58 - 2017-06-25 18:59 - 00000002 _____ C:\END 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files\RLR47SCMCK 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files (x86)\DiskWMpower 
2017-06-25 18:57 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files (x86)\0skpobfw0eo 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Program Files\694ASJ82FT 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Program Files\4PKCUNJOVT 
2017-06-25 18:56 - 2017-06-25 18:56 - 00000000 ____D C:\Program Files (x86)\KMSPico 
2017-06-25 18:51 - 2017-06-24 15:07 - 10227008 _____ C:\Users\Hakaz7\Desktop\KMSPico__Windows_10_Activator.mp4
2017-06-24 15:07 - 2017-06-24 15:07 - 10227008 _____ C:\Users\Hakaz7\Downloads\KMSPico__Windows_10_Activator.mp4
2017-06-25 18:56 - 2017-06-25 18:56 - 0061440 _____ (The Gentee Group) C:\Users\Hakaz7\AppData\Local\Temp\genteert.dll 
2017-06-25 18:58 - 2017-06-25 18:58 - 0453383 _____ (WeMonetize ) C:\Users\Hakaz7\AppData\Local\Temp\S05G6B6.exe
2017-06-25 19:04 - 2017-03-07 10:44 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 05367296 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe 
2017-06-25 18:57 - 2017-06-25 18:57 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe 
2017-06-25 18:58 - 2017-06-25 18:58 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe 
2017-06-25 19:03 - 2017-06-13 17:34 - 03513856 _____ () C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 02072576 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe 
2017-06-25 19:04 - 2017-03-07 10:44 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\UCAgent.exe 
2017-05-13 00:38 - 2017-05-13 00:38 - 00117561 _____ () C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe  
2017-06-25 20:00 - 2017-06-25 20:00 - 00481792 _____ () C:\WINDOWS\TEMP\gC0E1.tmp.exe 
2017-06-25 20:00 - 2017-06-25 20:00 - 00460800 _____ () C:\WINDOWS\TEMP\gCB23.tmp.exe 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncApi64.dll => Nenhum Arquivo
Task: {09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATEN��O
Task: {2B3D4C55-B27B-4266-8CC0-D449AC953618} - System32\Tasks\O6dPumpAUx => C:\Program Files (x86)\ZBeAlTQs36\updengine.exe [2017-06-25] () <==== ATEN��O
Task: {31514E56-53B7-4929-BDFA-92C5A4FF0702} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-06-25] (UC Web Inc.) <==== ATEN��O
Task: {58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} - System32\Tasks\PrintsCouth => Rundll32.exe "C:\Program Files\PrintsCouth\PrintsCouth.dll",bUjgdkEtA <==== ATEN��O
Task: {AA993382-ABE3-4686-AF3D-F26B0FE219EA} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATEN��O 
Task: {B6B84572-80FD-403E-AAFC-D5BDA21495D5} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATEN��O 
Task: {B8B826C3-E110-4C85-845F-D8E70B51CBE7} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATEN��O
Task: {BE4A6AE7-1342-466F-8250-46DF14D45C07} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATEN��O
Task: {D30C4AF5-8775-40AC-84EF-E353332925FC} - System32\Tasks\89798490c2b4d681479595f7b986c615 => sc start 89798490c2b4d681479595f7b986c615 <==== ATEN��O 
Task: {F323D747-D4A8-4462-AD3A-B99AA23FC9E4} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATEN��O 
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATEN��O 
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATEN��O 
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATEN��O 
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATEN��O 
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATEN��O 
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATEN��O  
WMI_ActiveScriptEventConsumer_ASEC: <==== ATEN��O
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk -> C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444] 
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914] 
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458] 
FirewallRules: [UDP Query User{2173846D-BE62-4434-BAC0-2B5C666DBB60}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe 
FirewallRules: [TCP Query User{6C901EC6-9AC6-4C79-AE1F-E7A0BB4FC635}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe 
FirewallRules: [{1F6AB5A9-2C0A-4298-9444-50E2AA16F76F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 
FirewallRules: [{E397A2C9-41F9-4C86-B2D0-043A9B6120BA}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 
FirewallRules: [{AE6F9839-9CC3-4226-AF12-E1B67F2C41C9}] => (Allow) C:\Program Files\Nightly\firefox.exe 
FirewallRules: [{500A9256-49D3-4BAC-AEB9-4B1EE56300F8}] => (Allow) C:\Program Files\Nightly\firefox.exe 
C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe 
C:\Program Files (x86)\DiskWMpower\DiskPower.exe 
C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe 
C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe 
C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe 
C:\users\hakaz7\desktop\u1504.exe 
C:\ProgramData\service.exe 
C:\Users\Todos os Usu�rios\service.exe 
CreateRestorePoint:
EmptyTemp:
Reboot:
end
 
*****************

Processos fechados com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Login => valor removido (a) com sucesso.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DiskPower => valor não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMEWPRODUCT_UJAYA => valor não encontrado (a).
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\X44WUWTEZG7JBPE => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AIEXR79YGJQMP3I => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nfqu5xdln43 => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wsnoxgrylyi => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\0LNI83FHNYQ9GCY => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\E1DU437K072Q4H7 => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YeaDesktop => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msiql => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{BEF52EAB-8493-F95E-1956-6E8C5FBC5B0C} => valor removido (a) com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a). 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a). 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a). 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a). 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a). 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a). 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a). 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a). 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a). 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a). 
89798490c2b4d681479595f7b986c615 => serviço não encontrado (a).
ClickToRunSvc => Não foi possível finalizar o serviço.
HKLM\System\CurrentControlSet\Services\ClickToRunSvc => chave removido (a) com sucesso.
ClickToRunSvc => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\egGetSvc => chave removido (a) com sucesso.
egGetSvc => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\MBAMService => chave removido (a) com sucesso.
MBAMService => serviço removido (a) com sucesso.
OtherSearch => serviço não encontrado (a).
HKLM\System\CurrentControlSet\Services\UCBrowserSvc => chave removido (a) com sucesso.
UCBrowserSvc => serviço removido (a) com sucesso.
e9fbb8bffa005bf33fed2856825b190d => serviço não encontrado (a).
ucdrv => Não foi possível finalizar o serviço.
HKLM\System\CurrentControlSet\Services\ucdrv => chave removido (a) com sucesso.
ucdrv => serviço removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore => movido com sucesso
C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => movido com sucesso
C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater => movido com sucesso
C:\WINDOWS\Tasks\UCBrowserUpdater.job => movido com sucesso
C:\Users\Todos os Usuários\service.exe => movido com sucesso
"C:\ProgramData\service.exe" => não encontrado (a).
C:\WINDOWS\System32\Tasks\PrintsCouth => movido com sucesso
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => movido com sucesso
C:\Users\Hakaz7\AppData\Local\UCBrowser => movido com sucesso

"C:\Program Files (x86)\UCBrowser" pasta mover:

Não pode ser movido "C:\Program Files (x86)\UCBrowser" => Agendado para ser movido na reinicialização.

C:\Users\Hakaz7\AppData\Roaming\UCChannel => movido com sucesso
"C:\Program Files (x86)\YeaDesktop" => não encontrado (a).
C:\Users\Hakaz7\AppData\Local\test_db_cara.db => movido com sucesso
C:\Users\Hakaz7\AppData\Local\installer.dat => movido com sucesso
C:\Users\Hakaz7\AppData\Local\InstallationConfiguration.xml => movido com sucesso
C:\Users\Public\Desktop\magicdisk.lnk => movido com sucesso
C:\Users\Public\Documents\XMUpdate => movido com sucesso
C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk => movido com sucesso
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop" => não encontrado (a).
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk => movido com sucesso
C:\Program Files (x86)\mgdisk => movido com sucesso
C:\WINDOWS\Tasks\Updater_Online_Application.job => movido com sucesso
C:\WINDOWS\Tasks\Online Application V2G3.job => movido com sucesso
C:\WINDOWS\Tasks\Online Application V2G2.job => movido com sucesso
C:\WINDOWS\Tasks\Online Application V2G1.job => movido com sucesso
C:\WINDOWS\System32\Tasks\Updater_Online_Application => movido com sucesso
C:\WINDOWS\System32\Tasks\89798490c2b4d681479595f7b986c615 => movido com sucesso
C:\WINDOWS\System32\Tasks\Online Application V2G3 => movido com sucesso
C:\WINDOWS\System32\Tasks\Online Application V2G2 => movido com sucesso
C:\WINDOWS\System32\Tasks\Online Application V2G1 => movido com sucesso
C:\WINDOWS\SysWOW64\SSL => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\Microleaves => movido com sucesso
C:\Users\Hakaz7\AppData\Local\AdvinstAnalytics => movido com sucesso
"C:\Program Files\89798490c2b4d681479595f7b986c615" => não encontrado (a).
C:\Program Files (x86)\Microleaves => movido com sucesso
C:\WINDOWS\System32\Tasks\O6dPumpAUx => movido com sucesso
C:\Program Files (x86)\ZBeAlTQs36 => movido com sucesso
C:\END => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu => movido com sucesso
C:\Program Files\RLR47SCMCK => movido com sucesso
C:\Program Files (x86)\DiskWMpower => movido com sucesso
C:\Program Files (x86)\0skpobfw0eo => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf => movido com sucesso
C:\Program Files\694ASJ82FT => movido com sucesso
C:\Program Files\4PKCUNJOVT => movido com sucesso
C:\Program Files (x86)\KMSPico => movido com sucesso
C:\Users\Hakaz7\Desktop\KMSPico__Windows_10_Activator.mp4 => movido com sucesso
C:\Users\Hakaz7\Downloads\KMSPico__Windows_10_Activator.mp4 => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Temp\genteert.dll => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Temp\S05G6B6.exe => movido com sucesso
C:\Program Files (x86)\UCBrowser\Application\UCService.exe => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe => movido com sucesso
"C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe" => não encontrado (a).
"C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe" => não encontrado (a).
"C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe" => não encontrado (a).
C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe => movido com sucesso
"C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\UCAgent.exe" => não encontrado (a).
"C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe" => não encontrado (a).
C:\WINDOWS\TEMP\gC0E1.tmp.exe => movido com sucesso
"C:\WINDOWS\TEMP\gCB23.tmp.exe" => não encontrado (a).
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Updater_Online_Application => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B3D4C55-B27B-4266-8CC0-D449AC953618} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B3D4C55-B27B-4266-8CC0-D449AC953618} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\O6dPumpAUx => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\O6dPumpAUx => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{31514E56-53B7-4929-BDFA-92C5A4FF0702} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31514E56-53B7-4929-BDFA-92C5A4FF0702} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\PrintsCouth => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PrintsCouth => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA993382-ABE3-4686-AF3D-F26B0FE219EA} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA993382-ABE3-4686-AF3D-F26B0FE219EA} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Online Application V2G2 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6B84572-80FD-403E-AAFC-D5BDA21495D5} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6B84572-80FD-403E-AAFC-D5BDA21495D5} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Online Application V2G3 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8B826C3-E110-4C85-845F-D8E70B51CBE7} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8B826C3-E110-4C85-845F-D8E70B51CBE7} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE4A6AE7-1342-466F-8250-46DF14D45C07} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE4A6AE7-1342-466F-8250-46DF14D45C07} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Online Application V2G1 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D30C4AF5-8775-40AC-84EF-E353332925FC} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D30C4AF5-8775-40AC-84EF-E353332925FC} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\89798490c2b4d681479595f7b986c615 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\89798490c2b4d681479595f7b986c615 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F323D747-D4A8-4462-AD3A-B99AA23FC9E4} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F323D747-D4A8-4462-AD3A-B99AA23FC9E4} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => chave removido (a) com sucesso.
C:\WINDOWS\Tasks\Online Application V2G1.job => não encontrado (a).
C:\WINDOWS\Tasks\Online Application V2G2.job => não encontrado (a).
C:\WINDOWS\Tasks\Online Application V2G3.job => não encontrado (a).
C:\WINDOWS\Tasks\UCBrowserUpdater.job => não encontrado (a).
C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => não encontrado (a).
C:\WINDOWS\Tasks\Updater_Online_Application.job => não encontrado (a).
WMI_ActiveScriptEventConsumer_ASEC: <==== ATENÇÃO => removido (a) com sucesso.
C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Public\Desktop\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Atalho argumento removido (a) com sucesso..
C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS removido (a) com sucesso..
C:\WINDOWS\system32\drivers => ":x64" ADS removido (a) com sucesso..
C:\WINDOWS\system32\drivers => ":x86" ADS removido (a) com sucesso..
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2173846D-BE62-4434-BAC0-2B5C666DBB60}C:\users\hakaz7\desktop\u1504.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C901EC6-9AC6-4C79-AE1F-E7A0BB4FC635}C:\users\hakaz7\desktop\u1504.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F6AB5A9-2C0A-4298-9444-50E2AA16F76F} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E397A2C9-41F9-4C86-B2D0-043A9B6120BA} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE6F9839-9CC3-4226-AF12-E1B67F2C41C9} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{500A9256-49D3-4BAC-AEB9-4B1EE56300F8} => valor removido (a) com sucesso.
"C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe" => não encontrado (a).
"C:\Program Files (x86)\DiskWMpower\DiskPower.exe" => não encontrado (a).
"C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe" => não encontrado (a).
"C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe" => não encontrado (a).
"C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe" => não encontrado (a).
C:\users\hakaz7\desktop\u1504.exe => movido com sucesso
"C:\ProgramData\service.exe" => não encontrado (a).
"C:\Users\Todos os Usuários\service.exe" => não encontrado (a).
Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 7745088 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 170884552 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 175595466 B
Edge => 3629331 B
Chrome => 516531349 B
Firefox => 48206584 B
Opera => 219745650 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 24963 B
systemprofile32 => 128 B
LocalService => 54122 B
NetworkService => 71794 B
Hakaz7 => 508654752 B
aldem => 1449418 B

RecycleBin => 1096 B
EmptyTemp: => 1.5 GB de dados temporários Removidos.

================================

Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 29-06-2017 00:15:59)

"C:\Program Files (x86)\UCBrowser" => Não pode ser movido

==== Fim de Fixlog 00:16:02 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Noite! Aldemir Pinheiro _\

 

> Somente poderei ajudá-lo em situações que envolvam malwares,que é o objetivo desta sala.

 

> Baixe: < RogueKiller_portable32 > < RogueKiller_Logo.jpg > ( ... by Adlice Software ) ( 32 bits version )

> Baixe: < RogueKiller_portable64 > < ablsEVeT.jpg  > ( ... by Adlice Software ) ( 64 bits version )

> Salve-o ao desktop! 
> Feche aplicativos que estejam abertos!
> Execute RogueKiller_portable32.exe ou RogueKiller_portable64.exe e aceite a Eula.

http://www.adlice.com/thanks-downloading-roguekiller/


> Feche esta página da Adlice Software,que lhe abre ao navegador.
> Ps: Se o "Filtro SmartScreen",do navegador IE,bloquear o anti-malware,clique em "Mais informações".
> À seguir,clique: "Executar de qualquer maneira"

 

0GpHdLYp.jpg

 

> Clique na guia "SCAN" >> "Start Scan".
> Aguarde a conclusão!

> Clique "Open Report" >> "Open TXT".
> Copie e poste o relatório! (Modo: Escanear)

 

[Abs]

Compartilhar este post


Link para o post
Compartilhar em outros sites

 

 

17 horas atrás, DigRam disse:

/_ Boa Noite! Aldemir Pinheiro _\

 

> Somente poderei ajudá-lo em situações que envolvam malwares,que é o objetivo desta sala.

 

 

pode me dizer onde consigo informações a respeito de problemas  no qual já foi sitado por mim ou onde encontrar ajuda a perguntas básicas ou quais salas são adequadas para este tipo de assunto principalmente para um principiante como eu? 

pq ficar procurando no youtube é um tiro no escuro.

 

só pra constar: navegador edge abre automaticamente inumeros e sites mesmo sem conecção com a internet

________________________________________________________________________________________________________________

RogueKiller:

_________________________________________________________________________________________________________________

 

RogueKiller V12.11.4.0 (x64) [Jun 26 2017] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 10 (10.0.14393) 64 bits version
Iniciou : Modo normal
Usuário : Hakaz7 [Administrador]
Started from : C:\Users\Hakaz7\Desktop\RogueKiller_portable64.exe
Modo : Escanear -- Data : 06/30/2017 14:44:34 (Duration : 00:54:01)

¤¤¤ Processos : 7 ¤¤¤
[Proc.Injected] explorer.exe(2992) -- C:\WINDOWS\explorer.exe[7] -> Encontrado
[Suspicious.Path] 1xxqi5i4d4p.exe(5084) -- C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe[-] -> Encontrado
[Suspicious.Path] vj0qppnix0s.exe(5144) -- C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe[-] -> Encontrado
[Adw.Wizzcaster] 413UK2YQ5.exe(5224) -- C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe[-] -> Encontrado
[Suspicious.Path] g5yau5p535c.exe(5236) -- C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe[-] -> Encontrado
[Adw.Wizzcaster] K98SCZW5C.exe(5624) -- C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe[-] -> Encontrado
[PUP.UCBrowser] (SVC) ucdrv -- \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys[7] -> Encontrado

¤¤¤ Registro : 38 ¤¤¤
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Encontrado
[PUP.OnlineIO] (X86) HKEY_LOCAL_MACHINE\Software\Microleaves -> Encontrado
[PUP.OtherSearch|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\OtherSearch -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\UCBrowser -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Installer -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowserPID -> Encontrado
[Adw.Sokuxuan] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\YeaDesktop -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Installer -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowserPID -> Encontrado
[Adw.Sokuxuan] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\YeaDesktop -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\UCBrowser -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\UCBrowser -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 3v01hnawfvt : "C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj\g5zb2q2gx3a.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 0xro0ptlrzv : "C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj\pkghddf0hlo.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | daikrzkppxy : "C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e\g535xe2lo02.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | ggiblzdfwv1 : "C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop\cz1qwc0wjes.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | uc2zbx2dqbu : "C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3\0tcets4rqji.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | d3wtulpy20p : "C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | z13law2el1c : "C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | xvfe0x4jyk5 : "C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 3v01hnawfvt : "C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj\g5zb2q2gx3a.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 0xro0ptlrzv : "C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj\pkghddf0hlo.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | daikrzkppxy : "C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e\g535xe2lo02.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | ggiblzdfwv1 : "C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop\cz1qwc0wjes.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | uc2zbx2dqbu : "C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3\0tcets4rqji.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | d3wtulpy20p : "C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | z13law2el1c : "C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | xvfe0x4jyk5 : "C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe" [-] -> Encontrado
[PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ucdrv (\??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X])  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{225009b3-5eee-4ba0-960b-97377dcf2249} | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X])  -> Encontrado
[PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {94632381-B65E-4552-8059-C9C64450C04D} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe|Name=è¿?é?·äº?å? é??å¼?æ?¾å¹³å°|Desc=è¿?é?·äº?å? é??å¼?æ?¾å¹³å°| [x] -> Encontrado
[PUP.UCBrowser] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9} | StubPath : "C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser" [x] -> Encontrado

¤¤¤ Tarefas : 1 ¤¤¤
[PUP.UCBrowser] \UCBrowserSecureUpdater -- "C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe" (--update-config) -> Encontrado

¤¤¤ Arquivos : 6 ¤¤¤
[PUP.OnlineIO|PUP.Gen0][Pasta] C:\ProgramData\Microleaves -> Encontrado
[Ads.Generic|Hidden.ADS][Stream] C:\WINDOWS\System32\drivers:ucdrv-x64.sys -> Encontrado
[Ads.Generic|Hidden.ADS][Stream] C:\WINDOWS\System32\drivers:x64 -> Encontrado
[Ads.Generic|Hidden.ADS][Stream] C:\WINDOWS\System32\drivers:x86 -> Encontrado
[PUP.OnlineIO|PUP.Gen0][Pasta] C:\ProgramData\Microleaves -> Encontrado
[PUP.UCBrowser][Pasta] C:\Program Files (x86)\UCBrowser -> Encontrado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ +++++
--- User ---
[MBR] 697b9a7974949dcb254cac2251b57da7
[BSP] e32eb9ff587e78f4eecfaf0fb4d0c9ee : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 406614 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 832954366 | Size: 69773 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate Expansion SCSI Disk Device +++++
--- User ---
[MBR] 28375214bf2efb974f53181af2f8db89
[BSP] 8bee9f484750d1919fa4256a17b2d457 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Função incorreta. )

+++++ PhysicalDrive2: Kingston DataTraveler C10 USB Device +++++
--- User ---
[MBR] a6fdc9e7353332f91bc51b303e048a9a
[BSP] a6efef6bee52c10cb8670af040e060f3 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x69) [VISIBLE] Offset (sectors): 1917127181 | Size: 820717 MB
1 - [XXXXXX] UNKNOWN (0xff) [VISIBLE] Offset (sectors): 1936942450 | Size: 830925 MB
2 - [XXXXXX] UNKNOWN (0x6c) [VISIBLE] Offset (sectors): 1768256047 | Size: 863341 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 2885681152 | Size: 26 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Noite! Aldemir Pinheiro _\

 

> Ao executar novamente a RogueKiller,você clicará em "Remove Selected".

> Ps: Nisto,é importante que ao acessar as guias,as caixinhas estejam marcadas!
> Clique "Finish" >> "Open Report" >> "Open TXT".
> Agora,teremos o log apresentando a(s) remoções efetuadas! (Modo: Deletar)
> Copie-o e poste o relatório!

 

http://www.hardware.com.br/comunidade/area/seguranca-debates-duvidas-dicas-etc.59/

 

> Quanto a pergunta sobre a sala em questão,recomendo o acesso ao GdH neste link àcima. Se o Komm lhe atender,suas chances de êxito serão elevadas.

 

[Abs]
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

fiz o Start scan, marquei as caixinhas, haviam muitas mas, percebi que  não havia incluido pendrives e HD Externo  forçando a parada de remoção por desligamento do pc. 

liguei o computador,   fiz um novo scan quando foi para marcar as caixinhas o numero diminuiu substancialmente  (me pergunto: como se não houve remoção?) tudo bem! log de remoção atual:  

 

RogueKiller V12.11.4.0 (x64) [Jun 26 2017] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 10 (10.0.14393) 64 bits version
Iniciou : Modo normal
Usuário : Hakaz7 [Administrador]
Started from : C:\Users\Hakaz7\Desktop\RogueKiller_portable64.exe
Modo : Deletar -- Data : 07/01/2017 17:54:44 (Duration : 00:52:54)

¤¤¤ Processos : 4 ¤¤¤
[Proc.Injected] explorer.exe(3216) -- C:\WINDOWS\explorer.exe[7] -> Interrompido [TermProc]
[Adw.Wizzcaster] 413UK2YQ5.exe(4688) -- C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe[-] -> Interrompido [TermProc]
[Adw.Wizzcaster] K98SCZW5C.exe(4712) -- C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe[-] -> Interrompido [TermProc]
[PUP.UCBrowser] (SVC) ucdrv -- \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys[7] -> ERROR [41c]

¤¤¤ Registro : 5 ¤¤¤
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Deletado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Deletado
[PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ucdrv (\??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys) -> Deletado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X])  -> Substituído ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{225009b3-5eee-4ba0-960b-97377dcf2249} | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X])  -> Substituído ()

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 1 ¤¤¤
[PUP.UCBrowser][Pasta] C:\Program Files (x86)\UCBrowser -> Removido na reinicialização [91]
[PUP.UCBrowser][Pasta] C:\Program Files (x86)\UCBrowser\Security -> Removido na reinicialização [20]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ +++++
--- User ---
[MBR] 697b9a7974949dcb254cac2251b57da7
[BSP] e32eb9ff587e78f4eecfaf0fb4d0c9ee : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 406614 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 832954366 | Size: 69773 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: General USB Flash Disk USB Device +++++
--- User ---
[MBR] 357be95f00767e161449bcfa4f62daf5
[BSP] 9f23b466890e4b2c215f028c2e31a450 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 7650 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Noite! Aldemir Pinheiro _\

 

Se em um novo scan as detecções foram menores,isto deve-se ao uso de algum software de limpeza,reduzindo o número destas detecções.

 

> Baixe: < ZHPCleaner_zps71d274df.jpg > ( 6LcRokv.jpg ... de Nicolas Coolman )

 

> Ou |Aqui!| << Mirror!
> Estando na página,clique

7ukwnm8.jpg

 

> Salve-a no desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<

 

psizeTv.jpg

 

> Clique "Eu".

 

6MKUYyzn.jpg

 

> Clique Scanner.

 

ljOOETD.jpg

 

> Aguarde a conclusão!

9g2LW3p.jpg

> Ao concluir,clique Reparar.

 

CWxMrxRA.jpg

 

> Surgirão guias que estarão em vermelho,indicando problemas a serem reparados.
> Clique Reparar.

 

fN86PG8.jpg

 

> Ao concluir,clique Relatório!
> Poste o log de reparo: ~ Type : Reparo

 

[Abs]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi DigRam! tudo bem?

 

Durante a verificação do ZHPCleaner o programa me perguntou se eu instalei uma numeração de server. não sei o que é server mas confirmei que sim

não sei dizer se essa minha posição foi correta. numa próxima verificação eu confirmo ou deixo de confirmar se instalei uma numeração  de server? (pq eu não sei ao menos oque seja numeração nem server). Qual seu conselho: confirmo ou não? 

 

log ZHPCleaner

----------------------------------------------------------------------------------------------------------------------------------------------------------

~ ZHPCleaner v2017.7.2.113 by Nicolas Coolman (2017/07/02)
~ Run by Hakaz7 (Administrator)  (02/07/2017 21:35:25)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparo
~ Report : C:\Users\Hakaz7\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Hakaz7\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 14393)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (3)
SUBSTITUIDO IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant [http://www.ourluckysites.com/search/?type=ds&ts=1492614365&z=823f5a8f46c5a000f42[...]]  =>Hijacker.OurLuckySites
SUBSTITUIDO IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch [http://www.ourluckysites.com/search/?type=ds&ts=1492614365&z=823f5a8f46c5a000f42[...]]  =>Hijacker.OurLuckySites
SUBSTITUIDO TaskBar: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk  [Bad :  --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://www.yeadesktop.com/](..)  =>PUP.Optional.Zusy


---\\  Arquivo hosts (19)
SUBSTITUIDO: 127.0.0.1    gf.tools.avast.com
SUBSTITUIDO: 127.0.0.1    pair.ff.avast.com
SUBSTITUIDO: 127.0.0.1    ipm-provider.ff.avast.com
SUBSTITUIDO: 127.0.0.1    id.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.iavs9x.u.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.ivps9x.u.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.ivps9tiny.u.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.vpsnitro.u.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.vpsnitrotiny.u.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.iavs5x.u.avast.com
SUBSTITUIDO: 127.0.0.1    v7.stats.avast.com
SUBSTITUIDO: 127.0.0.1    v7event.stats.avast.com
SUBSTITUIDO: 127.0.0.1    sm00.avast.com
SUBSTITUIDO: 127.0.0.1    submit5.avast.com
SUBSTITUIDO: 127.0.0.1    geoip.avast.com
SUBSTITUIDO: 127.0.0.1    w9448963.iavs9x.u.avast.com
SUBSTITUIDO: 127.0.0.1    w9448963.ivps9x.u.avast.com
SUBSTITUIDO: 127.0.0.1    w9448963.ivps9tiny.u.avast.com
Número de redirecionamentos encontrados 361/394


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (12)
MOVIDO pasta: C:\Users\Hakaz7\Desktop\KMSpico_patch - Atalho.lnk  [Bad : C:\Users\Hakaz7\Downloads\KMSpico_patch](.Secure Download Ltd..)  =>HackTool.KMSpico
MOVIDO pasta^: C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [UC Web Inc. - UCBrowser Security Driver]  =>.Superfluous.UCBrowser
MOVIDO pasta: C:\WINDOWS\Prefetch\KMSPICO 10.2.1.EXE-DDF5CF46.pf    =>HackTool.KMSpico
MOVIDO pasta: C:\WINDOWS\Prefetch\KMSPICO10.2.1__11516_IL16.EXE-37BA0FD8.pf    =>HackTool.KMSpico
MOVIDO pasta: C:\WINDOWS\Prefetch\KMSPICO_PATCH.EXE-64F51FC8.pf    =>HackTool.KMSpico
MOVIDO pasta: C:\WINDOWS\Prefetch\YEADESKTOP.EXE-2B22185B.pf    =>PUP.Optional.Zusy
MOVIDO pasta: C:\WINDOWS\Prefetch\YEADESKTOP3.TMP-AA051ED6.pf    =>PUP.Optional.Zusy
MOVIDO pasta: C:\Users\Hakaz7\Desktop\KMSpico_patch [Secure Download Ltd. - SoftPlanet Software Assistant Setup]  =>HackTool.KMSpico
MOVIDO pasta: C:\Users\Hakaz7\Downloads\KMSPico 10.2.1.iso    =>HackTool.KMSpico
MOVIDO pasta: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage    =>PUP.Optional.Chatango
MOVIDO pasta: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal    =>PUP.Optional.Chatango
MOVIDO arquivo*: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\UCBrowser  =>.Superfluous.UCBrowser


---\\  Registro ( Chaves, Valores, Dados ) (58)
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 [Comodo Security]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB [F-Secure]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 [FRISK]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE [Bitdefender]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF [G-Data]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 [Malwarebytes]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF [Symantec]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 [Trend Micro]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 [Webroot]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A [SUPERAntiSpyware]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F [Kaspersky]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC [AVG Technologies]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 [PC Tools]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 [K7 Computing]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF [Doctor Web]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF [Emsisoft]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C [CheckPoint]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D [Emsisoft]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E [K7 Computing]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 [BullGuard]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF [McAfee]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB [Comodo Security]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF [McAfee]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E [Adaware Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 [Safer Networking]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 [Webroot]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 [ThreatTrack]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 [CurioLab]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 [Avira Operations]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 [BullGuard]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F [ESET]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 [AVG Technologies]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 [Symantec]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 [Malwarebytes]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 [Trend Micro]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 [Kaspersky]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 [ThreatTrack]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 [Total Defense]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF [AVG Technologies]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 [Bitdefender]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 [ESET]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A [Panda Security]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 [Doctor Web]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\ucdrv [C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys]  =>.Superfluous.UCBrowser
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\televisionfanatic.com []  =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\wdata.televisionfanatic.com []  =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yeadesktop.com []  =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yeadesktop.com []  =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\televisionfanatic.com []  =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\wdata.televisionfanatic.com []  =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yeadesktop.com [168]  =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yeadesktop.com []  =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\undefined []  =>.Superfluous.Downloader
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23E4C6D00564386418B357E6097ECF3E [02:\Software\Microleaves\ (Not File)]  =>.Superfluous.Microleaves
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\ourluckysitesSoftware []  =>Hijacker.OurLuckySites
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} [Microleaves]  =>.Superfluous.Microleaves


---\\  Resumo dos elementos encontrados na sua estação de trabalho (9)
https://nicolascoolman.eu/2017/05/16/hijacker-ourluckysites/  =>Hijacker.OurLuckySites
https://www.anti-malware.top/2016/05/17/adware-zusy/  =>PUP.Optional.Zusy
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/03/04/superfluous-ucbrowser/  =>.Superfluous.UCBrowser
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Chatango
https://nicolascoolman.eu/2017/06/26/trojan-certlock/  =>PUM.Misplaced.Certificate
https://nicolascoolman.eu/2017/03/15/superfluous-televisionfanatic/  =>.Superfluous.TelevisionFanatic
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.Downloader
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.Microleaves


---\\  Dodatkowe oczyszczenie. (29)
~ Chave de registro Tracing Supprimido (29)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ O sistema foi reiniciado.


---\\ Estatísticas
~ Items scan : 1546
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 434


~ End of clean in 00h01mn37s
~====================
ZHPCleaner-[R]-02072017-21_37_02.txt
ZHPCleaner--02072017-21_30_12.txt
 

   

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia! Aldemir Pinheiro _\

 

Quanto a pergunta que me fez,a ZHPCleaner lhe deu a opção de remover alterações ao  DhcpNameServer. De certa forma,ela foi promovida pela RogueKiller que a detectou como PUM.Dns. A sua concordância foi correta,mesmo não havendo correções pois a RogueKiller, nestes casos,costuma alertar para alguns Falsos Positivo.

 

> Baixe: < UsbFix >

> Ps: Utilize o navegador Internet Explorer,para o download.
> Salve-a ao desktop!

> Mantenha seu pendrive conectado ao PC.
> Abra a ferramenta UsbFix e dentre as opções escolha a limpeza. (Clean

> Poste o relatório ao concluir!

 

[Abs]
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

bom dia DigRam

obrigado pela resposta sanou minhas duvidas, obrigado.

 

log UsbFix

__________________________________________________________________

############################## | UsbFix V 9.058 | [Limpar]

Usuário: Hakaz7 (Administrador) # ADMINISTRADOR
Atualizado em 03/07/2017 por SOSVirus
Começou em 12:07:33 | 03/07/2017

Site : https://www.usb-antivirus.com/pt/
Manual : https://www.usb-antivirus.com/pt/2014/03/tutorial-do-usbfix-scan/
Asistencia : https://www.sosvirus.net/es/
Detecção en vivo : https://www.usbfix.net/es/
Contato : https://www.usb-antivirus.com/pt/contato/

################## | System information |

MB: Hewlett-Packard (1493) 
CPU: Intel(R) Core(TM)2 Duo CPU     E7500  @ 2.93GHz
GC: Intel(R) B43 Express Chipset (Microsoft Corporation - WDDM 1.1)
RAM -> [Total : 2009 Mo | Free : 462 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft™ Windows 10 Pro (6.3.14393 64-Bit) 
WB: Internet Explorer : 11.00.14393.0
WB: Microsoft Edge : 11.00.14393.1358 (rs1_release.170602-2252)
WB: Google Chrome : 59.0.3071.115
WB: Mozilla Firefox : 41.0.2
WB: Opera : 46.0.2597.32

################## | Security Information |

AV: Windows Defender [Ativo |Atualizado]
AS: Windows Defender [Ativo |Atualizado]
AS: Malwarebytes Anti-Malware : 2.1.8.1057
FW: Windows Firewall [Ativo]
SC: Security Center [Ativo]
WU: Windows Update [Ativo]

################## | Disk Information |

C:\ (%SystemDrive%) -> Disco fixo # 397 Gb (55 Gb livre - 14%) [] # NTFS
E:\ -> Disco fixo # 932 Gb (454 Gb livre - 49%) [Seagate Expansion Drive] # NTFS
G:\ -> Disco removível # 2 Gb (2 Gb livre - 100%) [] # FAT32

################## | Procura genérica |


################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\System32\Userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\Hakaz7\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKCU\..\Run : [EU5RVEXBWBCD1HU] "C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe"
04 - HKCU\..\Run : [QA88O0040CCVATA] "C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe"
04 - HKCU\..\RunOnce : [Uninstall C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
04 - [x64] HKLM\..\Run : [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
04 - [x64] HKLM\..\Run : [WindowsDefender] "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [OneDrive] "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [Spotify Web Helper] "C:\Users\Hakaz7\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [EU5RVEXBWBCD1HU] "C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe"
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [QA88O0040CCVATA] "C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe"
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\RunOnce : [Uninstall C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"

################## | C:\ %SystemDrive% - Disco fixo (NTFS) |

[03/05/2017 - 21:20:06 | A | 1 Ko] - C:\DelFix.txt
[03/07/2017 - 06:31:48 | ASH | 262144 Ko] - C:\swapfile.sys
[03/07/2017 - 07:39:01 | ASH | 2695396 Ko] - C:\pagefile.sys
[27/06/2017 - 11:27:03 | D] - C:\Windows.old
[29/06/2017 - 00:38:36 | D] - C:\Config.Msi
[02/01/2016 - 05:39:02 | SHD] - C:\$RECYCLE.BIN
[28/05/2017 - 15:11:28 | D] - C:\$WINDOWS.~BT
[10/07/2015 - 09:21:38 | SHD] - C:\Documents and Settings
[25/07/2015 - 21:33:21 | D] - C:\Arquivos de Programas
[25/07/2015 - 21:36:11 | D] - C:\swsetup
[25/07/2015 - 21:36:53 | D] - C:\drvrtmp
[26/07/2015 - 16:07:28 | D] - C:\Intel
[29/10/2015 - 18:16:44 | D] - C:\viva
[30/10/2015 - 04:18:34 | N | 0 Ko] - C:\BOOTNXT
[29/01/2016 - 12:57:23 | D] - C:\EEK
[16/07/2016 - 08:47:47 | D] - C:\PerfLogs
[26/08/2016 - 21:06:39 | D] - C:\Temp
[17/04/2017 - 22:11:45 | D] - C:\OneDriveTemp
[26/05/2017 - 11:37:27 | SHD] - C:\Recovery
[26/05/2017 - 11:47:09 | D] - C:\$GetCurrent
[26/05/2017 - 11:48:26 | D] - C:\Windows10Upgrade
[28/05/2017 - 14:55:10 | D] - C:\$SysReset
[28/05/2017 - 15:01:57 | RD] - C:\Users
[25/06/2017 - 19:02:22 | D] - C:\Microsoft
[29/06/2017 - 00:07:10 | RD] - C:\Program Files (x86)
[29/06/2017 - 00:16:02 | D] - C:\FRST
[29/06/2017 - 00:37:10 | RD] - C:\Program Files
[30/06/2017 - 17:12:55 | D] - C:\WINDOWS
[01/07/2017 - 14:47:25 | HD] - C:\ProgramData
[03/07/2017 - 12:06:41 | D] - C:\UsbFix

################## | E:\ - Disco fixo (NTFS) |

[08/01/2015 - 04:13:28 | A | 1120 Ko] - E:\Warranty.pdf
[15/06/2015 - 12:07:12 | A | 0 Ko] - E:\Autorun.inf
[08/01/2015 - 19:18:14 | A | 550 Ko] - E:\SeagateExpansion.ico
[24/03/2016 - 04:06:10 | A | 17529 Ko] - E:\Start_Here_Win.exe
[05/08/2016 - 14:49:30 | SHD] - E:\$RECYCLE.BIN
[31/12/1969 - 22:15:14 | D] - E:\LG_DVR_000000
[10/05/2016 - 01:50:44 | D] - E:\Seagate
[25/06/2017 - 14:03:45 | D] - E:\lair ribeiro
[25/06/2017 - 15:17:50 | D] - E:\Filmes

################## | G:\ - Disco removível (FAT32) |

[15/01/2015 - 17:02:16 | A | 1239 Ko] - G:\RevelandotodosossegredosdaDeep.pdf

Análise realizada em 31.87 segundos

################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivirus.com/pt/ |
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Tarde! Aldemir Pinheiro _\

 

> Poste novos logs da FRST. ( FRST.txt + Addition.txt )

 

[]s

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia! Aldemir Pinheiro _\

 

(4H66) C:\Program Files\7K2E40Q4DR\

413UK2YQ5.exe 
(4H66) C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe


> É de sua escolha estes arquivos na linha de processos?

 

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )

 

start

CloseProcesses:
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh 
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Program Files\D5K6CW0LI8 
2017-06-28 10:55 - 2017-06-28 10:55 - 00000000 _____ C:\Users\Hakaz7\AppData\Local\{B281DE83-8424-46E1-9ABB-2F92524F9C4E} 
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw 
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Program Files\7K2E40Q4DR 
2017-06-27 11:27 - 2017-06-27 11:27 - 00001250 _____ C:\Users\Hakaz7\Desktop\Ao proctologista.docx - Atalho.lnk 
2017-06-27 10:27 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\BEKAELOWIT 
2017-06-27 10:27 - 2017-06-27 10:27 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4 
2017-06-26 20:38 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\NB7ZC33F7V 
2017-06-26 20:38 - 2017-06-26 20:38 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3 
2017-06-26 19:08 - 2017-06-26 19:08 - 00000000 ____D C:\Users\Hakaz7\Documents\Modelos Personalizados do Office 
2017-06-26 17:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\78VQBR8YQT 
2017-06-26 17:37 - 2017-06-26 17:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop 
2017-06-26 14:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\4SZFM77SUR 
2017-06-26 14:37 - 2017-06-26 14:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e 
2017-06-26 11:37 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\J5CU3D2TL0 
2017-06-26 11:37 - 2017-06-26 11:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj 
2017-06-26 08:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\131B5LOBA4 
2017-06-26 08:37 - 2017-06-26 08:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj 
2017-06-25 19:44 - 2017-06-29 00:32 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\Ehqvtion 
2017-06-25 19:44 - 2017-06-25 19:44 - 01611944 _____ (Secure Download Ltd. ) C:\Users\Hakaz7\Downloads\KMSpico_patch 
2017-06-25 19:04 - 2017-07-01 14:47 - 00000000 ____D C:\Program Files (x86)\UCBrowser 
2017-06-05 15:35 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Desktop\Legendas35.zip 
2017-06-05 15:35 - 2017-04-28 01:57 - 04186534 _____ (Legendas Brasil ) C:\Users\Hakaz7\Desktop\Legendas35.exe
2017-06-05 15:31 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Downloads\Legendas35.zip 
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATENÇÃO 
C:\Program Files (x86)\UCBrowser
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end

 

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde! 
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool" (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

 

[A+]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam

não entendi: estes arquivos são de minha escolhas nas linhas dos processo? 

que eu entende (se é que eu entendo) é o resultado do escaneamento do FRST e Addition.

certo?!

fique a vontade para fazer perguntas 

se eu souber responde-las terei o maior prazer 

segue os logs 

 

fixlog:

___________________________________________________________________________________

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-06-2017 01
Executado por Hakaz7 (04-07-2017 23:25:34) Run:2
Executando a partir de C:\Users\Hakaz7\Desktop
Perfis Carregados: Hakaz7 (Perfis Disponíveis: Hakaz7 & aldem)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
start
CloseProcesses:
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh 
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Program Files\D5K6CW0LI8 
2017-06-28 10:55 - 2017-06-28 10:55 - 00000000 _____ C:\Users\Hakaz7\AppData\Local\{B281DE83-8424-46E1-9ABB-2F92524F9C4E} 
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw 
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Program Files\7K2E40Q4DR 
2017-06-27 11:27 - 2017-06-27 11:27 - 00001250 _____ C:\Users\Hakaz7\Desktop\Ao proctologista.docx - Atalho.lnk 
2017-06-27 10:27 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\BEKAELOWIT 
2017-06-27 10:27 - 2017-06-27 10:27 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4 
2017-06-26 20:38 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\NB7ZC33F7V 
2017-06-26 20:38 - 2017-06-26 20:38 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3 
2017-06-26 19:08 - 2017-06-26 19:08 - 00000000 ____D C:\Users\Hakaz7\Documents\Modelos Personalizados do Office 
2017-06-26 17:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\78VQBR8YQT 
2017-06-26 17:37 - 2017-06-26 17:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop 
2017-06-26 14:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\4SZFM77SUR 
2017-06-26 14:37 - 2017-06-26 14:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e 
2017-06-26 11:37 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\J5CU3D2TL0 
2017-06-26 11:37 - 2017-06-26 11:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj 
2017-06-26 08:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\131B5LOBA4 
2017-06-26 08:37 - 2017-06-26 08:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj 
2017-06-25 19:44 - 2017-06-29 00:32 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\Ehqvtion 
2017-06-25 19:44 - 2017-06-25 19:44 - 01611944 _____ (Secure Download Ltd. ) C:\Users\Hakaz7\Downloads\KMSpico_patch 
2017-06-25 19:04 - 2017-07-01 14:47 - 00000000 ____D C:\Program Files (x86)\UCBrowser 
2017-06-05 15:35 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Desktop\Legendas35.zip 
2017-06-05 15:35 - 2017-04-28 01:57 - 04186534 _____ (Legendas Brasil ) C:\Users\Hakaz7\Desktop\Legendas35.exe
2017-06-05 15:31 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Downloads\Legendas35.zip 
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATEN��O 
C:\Program Files (x86)\UCBrowser
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************

Processos fechados com sucesso.
C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh => movido com sucesso
C:\Program Files\D5K6CW0LI8 => movido com sucesso
C:\Users\Hakaz7\AppData\Local\{B281DE83-8424-46E1-9ABB-2F92524F9C4E} => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw => movido com sucesso
C:\Program Files\7K2E40Q4DR => movido com sucesso
C:\Users\Hakaz7\Desktop\Ao proctologista.docx - Atalho.lnk => movido com sucesso
C:\Program Files\BEKAELOWIT => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4 => movido com sucesso
C:\Program Files\NB7ZC33F7V => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3 => movido com sucesso
C:\Users\Hakaz7\Documents\Modelos Personalizados do Office => movido com sucesso
C:\Program Files\78VQBR8YQT => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop => movido com sucesso
C:\Program Files\4SZFM77SUR => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e => movido com sucesso
C:\Program Files\J5CU3D2TL0 => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj => movido com sucesso
C:\Program Files\131B5LOBA4 => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Ehqvtion => movido com sucesso
C:\Users\Hakaz7\Downloads\KMSpico_patch => movido com sucesso

"C:\Program Files (x86)\UCBrowser" pasta mover:

Não pode ser movido "C:\Program Files (x86)\UCBrowser" => Agendado para ser movido na reinicialização.

C:\Users\Hakaz7\Desktop\Legendas35.zip => movido com sucesso
C:\Users\Hakaz7\Desktop\Legendas35.exe => movido com sucesso
C:\Users\Hakaz7\Downloads\Legendas35.zip => movido com sucesso
ucdrv => Não foi possível finalizar o serviço.
HKLM\System\CurrentControlSet\Services\ucdrv => chave removido (a) com sucesso.
ucdrv => serviço removido (a) com sucesso.

"C:\Program Files (x86)\UCBrowser" pasta mover:

Não pode ser movido "C:\Program Files (x86)\UCBrowser" => Agendado para ser movido na reinicialização.

Ponto de Restauração criado com sucesso.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


========= Fim de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 6643328 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 67071122 B
Java, Flash, Steam htmlcache => 1270 B
Windows/system/drivers => 1876815 B
Edge => 77801261 B
Chrome => 68035816 B
Firefox => 0 B
Opera => 107525006 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 874 B
NetworkService => 71450 B
Hakaz7 => 59723873 B
aldem => 0 B

RecycleBin => 1616258837 B
EmptyTemp: => 1.9 GB de dados temporários Removidos.

================================

Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 04-07-2017 23:50:04)

"C:\Program Files (x86)\UCBrowser" => Não pode ser movido
"C:\Program Files (x86)\UCBrowser" => Não pode ser movido

==== Fim de Fixlog 23:50:09 ====

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Tarde! Aldemir Pinheiro _\

 

[Adw.Wizzcaster] 413UK2YQ5.exe(5224) -- C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe[-] -> Encontrado
[Adw.Wizzcaster] K98SCZW5C.exe(5624) -- C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe[-] -> Encontrado

---

---

> Quantoa aos arquivos,foram detectados por RogueKillercomo adwares.

 

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

 

> Ou daqui: < AdwCleaner > << Link!
> Ao acessar,clique em "Download Now".

> Salve-o no desktop!
> Desabilite seu antivírus!

 

< Executar_Administrador.jpg >

 

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

 

x3PdXSYF.jpg

 

> Clique "Ferramentas" >> "Opções".

 

9dMG19qG.jpg

 

> Estando em "Opções",deixe as configurações conforme este banner.
> Clique "Ok".

 

72mv88Rt.jpg

 

> Ps: Dê início ao scan,clicando em "Verificar". 

 

AdwCleaner_Limpar_zps06005ae9.jpg

 

> Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatorio".
> Poste: < C:\AdwCleaner\AdwCleaner[C0].txt > 

 

[Abs]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Que bom! DigRam que foram encontrados

o RogueKiller detectou como adwares, isso é ótimo que será eliminado. da trabalho mas valeu muito a pena.

adwcleaner este aqui é uma pena que você perde todas as extensões se não tiver anotado, se as mesmas forem essenciais para o uso da navegação, mas vale a pena, sua ajuda analise e remoção

recupera todo meu computador e isso é o suficiente! sem reclamações   

 

AdwCleaner segue o log: abraços! 

____________________________________________________________________________

# AdwCleaner v6.047 - Relatório criado 05/07/2017 às 15:35:36
# Atualizado em 19/05/2017 por Malwarebytes
# Banco de dados : 2017-07-05.1 [Local]
# Sistema operacional : Windows 10 Pro  (X64)
# Usuário : Hakaz7 - ADMINISTRADOR
# Executando de : C:\Users\Hakaz7\Desktop\adwcleaner_6.047.exe
# Modo: Limpo
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

[-] Serviço excluído:ucdrv
[-] Serviço excluído:cfidsk


***** [ Pastas ] *****

[-] Pasta excluída:C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp


***** [ Arquivos ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Atividades agendadas ] *****

***** [ Registro ] *****

[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] Chave excluída:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Chave excluída na reinicialização:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Chave excluída na reinicialização:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[#] Chave excluída na reinicialização:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[-] Chave excluída:HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\MICROSOFT\wewewe
[-] Chave excluída:HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\PopWnd
[#] Chave excluída na reinicialização:HKCU\Software\MICROSOFT\wewewe
[#] Chave excluída na reinicialização:HKCU\Software\PopWnd
[#] Chave excluída na reinicialização:[x64] HKCU\Software\MICROSOFT\wewewe
[#] Chave excluída na reinicialização:[x64] HKCU\Software\PopWnd
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\DMunversion
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\babycp.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qtipr.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.babycp.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\babycp.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qtipr.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qtipr.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qtipr.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.babycp.com
[-] Chave excluída:HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Valor apagado:HKCU\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Chave excluída:HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
[-] Valor apagado:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
[-] Valor apagado:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [3DM]
[-] Valor apagado:HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [YeaDesktop.exe]


***** [ Verificando navegadores ... ] *****

[-] [C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminado:ipmkfpcnmccejididiaagpgchgjfajgp
[-] [C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Eliminado:br.ask.com


*************************

:: Configurações Winsock restauradas
:: "Image File Execution Options" chaves excluídas
:: Configurações Proxy restauradas
:: Políticas do IE excluídas
:: Políticas do Chrome excluídas
:: As preferências do Chrome são redefinidas:C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default
:: As preferências do Chrome são redefinidas:C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Profile 1
!! As preferências do Chrome não são redefinidas:C:\Users\aldem\AppData\Local\Google\Chrome\User Data\Default
:: Arquivo de hosts cancelado

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11144 Bytes] - [05/07/2017 15:35:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [10776 Bytes] - [05/07/2017 15:29:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [10847 Bytes] - [05/07/2017 15:32:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11366 Bytes] ##########
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Tarde! Aldemir Pinheiro _\

 

> Baixe: < Sophos Virus Removal Tool >
> Salve Sophos Virus Removal Tool.exe ao desktop!
> Execute-o! -> (Run) -> Clique "Next".
> Aceite os termos de licença! (I accept the terms in this license agreement)
> Clique duas vezes "Next" e "Next".
> Clique "Install" >> Finish
> Clique em concluir para iniciar o programa.

 

AIVPFC0H.jpg

 

> Uma vez que o banco de dados de vírus foi atualizado,clique em Iniciar verificação. (Start scanning)

 

oXTPyogV.jpg

 

> Se forem encontradas quaisquer ameaças clique em detalhes,então o arquivo log View... (canto inferior esquerdo)
> Copie e cole os resultados na sua resposta.

 

IQKqmfKA.jpg

 

> Fechar o documento do bloco de notas,feche a tela de detalhes sobre a ameaça e, em seguida, clique em Iniciar limpeza.
> Clique em sair para fechar o programa.

 

[Abs]

Compartilhar este post


Link para o post
Compartilhar em outros sites

olá DigRam 

só tem um problema ele elimina uma ameaça por vez e para cada ameaça ele faz um novo reboot ao invés deu apareceu number threats 2 cleanup fiz o reboot eliminei 1 ameaça apos o reboot  a segunda threats só que ao inves de apertar em cleanup para eliminar o segunda ameça eu cliquei novamente em scan aí ele não achou mais a encontrou anteriormente sendo que só limpou

uma sendo que havia duas.  deseja que eu novos logs do FRST?

 

segue logs Sophos Virus Tool: 

____________________________________________________________________________________________

 

2017-07-06 01:17:45.377    Sophos Virus Removal Tool version 2.6.1
2017-07-06 01:17:45.377    Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-07-06 01:17:45.377    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-07-06 01:17:45.377    Windows version 6.2 SP 0.0  build 9200 SM=0x100 PT=0x1 WOW64
2017-07-06 01:17:45.379    Checking for updates...
2017-07-06 01:17:45.779    Update progress: proxy server not available
2017-07-06 01:18:06.893    Option all = no
2017-07-06 01:18:06.893    Option recurse = yes
2017-07-06 01:18:06.938    Option archive = no
2017-07-06 01:18:06.938    Option service = yes
2017-07-06 01:18:06.938    Option confirm = yes
2017-07-06 01:18:06.938    Option sxl = yes
2017-07-06 01:18:06.938    Option max-data-age = 35
2017-07-06 01:18:06.938    Option vdl-logging = yes
2017-07-06 01:18:07.006    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-07-06 01:18:07.006    Machine ID:    e0d67e511372412e98fbf10bfe5598f3
2017-07-06 01:18:07.015    Component SVRTcli.exe version 2.6.1
2017-07-06 01:18:07.015    Component control.dll version 2.6.1
2017-07-06 01:18:07.015    Component SVRTservice.exe version 2.6.1
2017-07-06 01:18:07.015    Component engine\osdp.dll version 1.44.1.2286
2017-07-06 01:18:07.015    Component engine\veex.dll version 3.68.6.2286
2017-07-06 01:18:07.015    Component engine\savi.dll version 9.0.7.2286
2017-07-06 01:18:07.016    Component rkdisk.dll version 1.5.31.1
2017-07-06 01:18:07.016    Version info:    Product version    2.6.1
2017-07-06 01:18:07.016    Version info:    Detection engine    3.68.6
2017-07-06 01:18:07.016    Version info:    Detection data    5.40
2017-07-06 01:18:07.016    Version info:    Build date    30/05/2017
2017-07-06 01:18:07.016    Version info:    Data files added    313
2017-07-06 01:18:07.016    Version info:    Last successful update    (not yet updated)
2017-07-06 01:18:09.069    Downloading updates...
2017-07-06 01:18:09.073    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-07-06 01:18:09.073    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-06 01:18:09.073    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-06 01:18:09.073    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-07-06 01:18:09.073    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-07-06 01:18:09.073    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-07-06 01:18:09.073    Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-07-06 01:18:09.073    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-07-06 01:18:09.074    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product IDE542 LATEST path=]
2017-07-06 01:18:09.074    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-06 01:18:09.452    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-07-06 01:18:09.452    Update progress: [I19463] Product download size 166581621 bytes
2017-07-06 01:18:34.347    Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-07-06 01:18:34.348    Update progress: [I19463] Product download size 2265483 bytes
2017-07-06 01:18:36.182    Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-07-06 01:18:36.182    Update progress: [I19463] Product download size 2018230 bytes
2017-07-06 01:18:37.786    Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-07-06 01:18:37.786    Update progress: [I19463] Product download size 644214 bytes
2017-07-06 01:18:38.262    Installing updates...
2017-07-06 01:18:39.068    Error level 1
2017-07-06 01:18:55.233    Update successful
2017-07-06 01:19:07.405    Option all = no
2017-07-06 01:19:07.405    Option recurse = yes
2017-07-06 01:19:07.405    Option archive = no
2017-07-06 01:19:07.405    Option service = yes
2017-07-06 01:19:07.405    Option confirm = yes
2017-07-06 01:19:07.405    Option sxl = yes
2017-07-06 01:19:07.407    Option max-data-age = 35
2017-07-06 01:19:07.407    Option vdl-logging = yes
2017-07-06 01:19:07.436    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-07-06 01:19:07.436    Machine ID:    e0d67e511372412e98fbf10bfe5598f3
2017-07-06 01:19:07.437    Component SVRTcli.exe version 2.6.1
2017-07-06 01:19:07.437    Component control.dll version 2.6.1
2017-07-06 01:19:07.437    Component SVRTservice.exe version 2.6.1
2017-07-06 01:19:07.437    Component engine\osdp.dll version 1.44.1.2286
2017-07-06 01:19:07.437    Component engine\veex.dll version 3.68.6.2286
2017-07-06 01:19:07.437    Component engine\savi.dll version 9.0.7.2286
2017-07-06 01:19:07.438    Component rkdisk.dll version 1.5.31.1
2017-07-06 01:19:07.438    Version info:    Product version    2.6.1
2017-07-06 01:19:07.438    Version info:    Detection engine    3.68.6
2017-07-06 01:19:07.438    Version info:    Detection data    5.40
2017-07-06 01:19:07.438    Version info:    Build date    30/05/2017
2017-07-06 01:19:07.438    Version info:    Data files added    313
2017-07-06 01:19:07.438    Version info:    Last successful update    05/07/2017 22:18:55

2017-07-06 01:47:06.592    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\1\Registrypatch.exe
2017-07-06 01:47:06.602    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\1\Registrypatch.exe
2017-07-06 01:47:09.575    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\2\Registrypatch.exe
2017-07-06 01:47:09.575    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\2\Registrypatch.exe
2017-07-06 01:51:57.839    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe
2017-07-06 01:55:56.435    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe
2017-07-06 01:58:29.559    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\4PKCUNJOVT\HEQR3MPPU.exe
2017-07-06 01:58:29.965    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\4PKCUNJOVT\uninstaller.exe
2017-07-06 01:58:30.201    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\694ASJ82FT\694ASJ82F.exe
2017-07-06 01:58:30.354    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\694ASJ82FT\uninstaller.exe
2017-07-06 01:58:33.730    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe
2017-07-06 01:58:40.125    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe
2017-07-06 01:58:40.429    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\RLR47SCMCK\RLR47SCMC.exe
2017-07-06 01:58:40.640    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\RLR47SCMCK\uninstaller.exe
2017-07-06 01:58:41.362    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\0skpobfw0eo\7F1D7.exe
2017-07-06 02:18:56.331    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\7K2E40Q4DR\413UK2YQ5.exe
2017-07-06 02:18:56.352    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:18:56.352    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:18:56.352    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:00.898    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\7K2E40Q4DR\uninstaller.exe
2017-07-06 02:19:00.898    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:00.899    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:00.899    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:05.057    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\D5K6CW0LI8\K98SCZW5C.exe
2017-07-06 02:19:05.057    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:05.057    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:05.058    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:09.097    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\D5K6CW0LI8\uninstaller.exe
2017-07-06 02:19:09.097    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:09.097    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:09.097    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:41.568    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\ZBeAlTQs36\updengine.exe
2017-07-06 02:19:41.569    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:41.569    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:41.569    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:49.790    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\0vegnqyiip3\0tcets4rqji.exe
2017-07-06 02:19:49.791    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:49.791    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:49.791    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:54.123    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj\pkghddf0hlo.exe
2017-07-06 02:19:54.123    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:54.123    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:54.123    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:01.415    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe
2017-07-06 02:20:01.416    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:01.416    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:01.416    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:05.557    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\nar5sit5k5e\g535xe2lo02.exe
2017-07-06 02:20:05.558    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:05.558    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:05.558    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:09.669    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\pzaonjy5alj\g5zb2q2gx3a.exe
2017-07-06 02:20:09.669    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:09.669    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:09.669    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:39.695    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\y22qjezlqop\cz1qwc0wjes.exe
2017-07-06 02:20:39.695    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:39.695    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:39.695    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:40.060    Could not open C:\pagefile.sys
2017-07-06 02:29:21.735    Could not open C:\swapfile.sys
2017-07-06 02:29:25.847    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:29:25.848    Could not open C:\System Volume Information\{6678098f-5fd2-11e7-9e82-b499bafded39}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:29:25.848    Could not open C:\System Volume Information\{801a60fd-6106-11e7-9e85-b499bafded39}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:29:25.849    Could not open C:\System Volume Information\{d9d768aa-61b0-11e7-9e88-b499bafded39}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:31:02.153    Could not open C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Current Session
2017-07-06 02:31:02.153    Could not open C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2017-07-06 02:52:17.392    Could not open C:\WINDOWS\System32\config\BBI
2017-07-06 02:52:17.646    Could not open C:\WINDOWS\System32\config\RegBack\DEFAULT
2017-07-06 02:52:17.657    Could not open C:\WINDOWS\System32\config\RegBack\SAM
2017-07-06 02:52:17.659    Could not open C:\WINDOWS\System32\config\RegBack\SECURITY
2017-07-06 02:52:17.676    Could not open C:\WINDOWS\System32\config\RegBack\SOFTWARE
2017-07-06 02:52:17.686    Could not open C:\WINDOWS\System32\config\RegBack\SYSTEM
2017-07-06 03:17:29.196    Could not open LOGICAL:0003:00000000
2017-07-06 03:17:29.198    Could not open D:\
2017-07-06 03:20:39.356    The following items will be cleaned up:
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Tarde! Aldemir Pinheiro _\

 

Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\ <<

 

Vemos que as detecções do engenho da Sophos,ficaram restritas a pasta "Quarantine" da FRST.

Manualmente,vá até a esta pasta e delete seu conteúdo!

 

HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect

>

> Informações ao Registro que estão associadas as entradas quarentenadas.

 

Citar

 

As detecções apontam esta subchave ou valor ligado ao Mal/Generic-S

Citar

Virtual Internet Explorer (IE) vem com um conjunto de configurações padrão que são adequados para a maioria das circunstâncias; no entanto, editando o arquivo de definição de camada (ldf) usado para criar o aplicativo virtual é possível personalizar o IE para atender às necessidades específicas do cliente. Este artigo descreve como editar o ldf para personalizar o IE para atender às necessidades específicas do cliente.

Pelo visto,as entradas estão ligadas ao Virtual Internet Explorer (IE).

 

> Baixe: < 2wZxkvW.jpg > ( ... by Malwarebytes.org )

> Ou aqui! < JRT.exe >
> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...

Executar_Administrador.jpg

> Tendo dificuldades,pode executá-lo em Modo de Segurança com Rede.

KRBKDhB8.jpg

> Aguarde a conclusão e poste o relatório. ( JRT.txt )
 

[Abs]


 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Conteúdo Similar

    • Por Vitor_PS
      Boa noite,
      Meu computador tem apresentado lentidão para executar todas as tarefas. Peço que analisem o Log do FRST.
       
      Links:
      - https://www.cjoint.com/c/LFsvO7yODnV
      - https://www.cjoint.com/c/LFsvTDOjVIV
       
      Agradeço de antemão.
       
      Att. Vitor.
    • Por wanderiwata
      Boa tarde,
       
      Após utilizar um pendrive antigo que estava guardado, o sistema esta lento e alguns programas ao clicar nos seus ícones na barra de tarefas para abrír, ele abre porém fica em ícone de outro programa. 
       
      Um exemplo esta no print em anexo, onde o programa SoundForge 14 ao ser aberto aparece a miniatura dele em outro programa. Vejam que destaquei as 2 janelas do SoundForge no seu ícone, porém as mesmas aparecem agrupadas com o programa à´esquerda (Reaper).

      Seguem abaixo os logs do FRST
       
      FRST: https://www.cjoint.com/c/KJlrJXd27Vz
      Addition.txt: https://www.cjoint.com/c/KJlrKxgrn2z
       

    • Por Weick
      Olá!
       
      Estou com um Samsung Book X40 Core i5 10th Gen com 8Gb de RAM que está bastante lento na inicialização do SO e de programas. Demora a carregar browser e demais programas e é um notebook consideravelmente novo. Há algo no log que possa ajudar quanto a isso?
       
      Quando o notebook fica sem uso por alguns minutos, mesmo com browser aberto, ao voltar a usar, se eu clico direto no browser, não consigo acessar os sites abertos, é como se eu clicasse, mas a página/a aba não fosse selecionada (posso ter novas mensagens no WhatsApp Web, por exemplo, mas o navegador não as mostra, ele fica como estava antes do notebook ficar sem uso). Isso ocorre com o Chrome (não testei no Edge) e com outros sites além do WW. Daí, eu preciso primeiro clicar na barra de tarefas para "de-selecionar" a janela do navegador e só então clicar no navegador novamente para poder utilizá-lo. Não sei se me fiz entender... É meio difícil de explicar essa...
       
      Uma última questão é o desempenho do processo "Antimalware Service Executable", que tem consumido bastante memória se comparado a outros processos no Gerenciador de Tarefas: há algo que eu possa fazer para reduzir esse consumo de RAM? Seguem logs do Farbar:
       
      Log 1: FRST.txt (cjoint.com)
      Log 2: Addition.txt (cjoint.com)
       
      Obrigado,
      ~weick
    • Por Aldemir Pinheiro
      Olá Boa tarde a todos
       
      Ao baixar e instalar apk de terceiros
      percebi um alto consumo de Memória Ram  a 80% 
      acarretando em lentidão e travamentos 
      antes girava em torno de 40%
       
      Costumo mexer no mercado financeiro
      visto que o Computador se apresenta desta maneira
      resolvi por hora 
      parar minhas operações
       
      Agradeço a colaboração dos moderadores Autorizados
       
      Link:
       
      FRST.txt:
      https://www.cjoint.com/c/JDksPTeO4ea
       
      Addition: 
      https://www.cjoint.com/c/JDksUnQj0na
       
       
      Olá fiz nova verificação
       
       
    • Por hyper_pixel
      Amigos estou com problema extremamente grave no meu projeto.
      Montei uma aplicação em wp, mas tenho tido ultimamento problema grave de lentidão, Varias vezes vou entrar no site estava fora, liguei na hospedagem que é a kinghost e eles falaram que minha app derrubou o servidor, com excesso de requisições, lentidão em scripts de php.
      Eles falaram que ela consome 2000% a mais o processamento, eu achei um absurdo pois sou programador a anos e conheço boas praticas, desde tamanho de imagens ate limpeza de diretórios tirar bagunça etc.
      O wp esta atual 5.1
      Se esta rodando esta versao o sistema noa esta defasado, nao monte de sujeira e bagunca de 20 anos atras.
      Aqui alguns numeros dos relatorios da kinghost
      -----------------------------------------------------------

      Esses sao alguns dados do ambiente e dos problemas.
      ------------------------------------------------------------------------
      Plano: Hospedagem II Leal
      Plataforma: Linux
      Versao PHP: 7.0
      Servidor WEB: web1399 (Nginx)
      Data de analise do relatorio: 05/03/2019 - 04/04/2019
      Visitantes unicos: 7667
      Media por dia de paginas solicitadas: 8779
      Media por dia de requisicoes HTTP: 11586
      Subdomınios: 1
      Varnish: Sim
      Media por dia - CPU: 179:41 minutos
      Media por dia - Mem´oria: 366.58 MB
      Total de ocorrencias PHP slow log: 380401
      Total de ocorrencias estouro pool: 10
      Total de ocorrencias Mysql slow: 2
      -------------------------------------------------------------------
      Seu site esta consumindo 22,46x CPU acima do recomendado para seu plano/servidor.
      Seu site esta com muitas requisições lentas: 19.020,05x mais do que o recomend´avel.
      Seu site esta com estouro de pool: 2,00x mais do que o recomendável.
      -----------------------------------------------------------
      14958 POST /wp-cron.php?doing wp cron=1554345290.7757139205932617187500
      9145 POST /wp-cron.php?doing wp cron=1553312160.4959840774536132812500
      8863 POST /wp-cron.php?doing wp cron=1554262063.8900699615478515625000
      7809 POST /wp-cron.php?doing wp cron=1553910109.2700600624084472656250
      6118 POST /wp-cron.php?doing wp cron=1553834117.3720669746398925781250
      4881 POST /wp-cron.php?doing wp cron=1553223600.2862100601196289062500
      4334 GET /index.php?q=origem-da-via-lactea-megafusao-criou-nossa-galaxias-como-a-conhecemos-hoje/
      3862 POST /wp-cron.php?doing wp cron=1553364724.8797399997711181640625
      3246 GET /index.php?q=teoria-quantica-da-gravidade/
      2856 POST /wp-cron.php?doing wp cron=1554175980.3405930995941162109375
      ------------------------------------------------------------------------
       
      Eu pensei que era o jetpack pois ele fica monitorando o sistema, desativei ele primeiro e não resolveu, desativei esses outros listado acima, pois ainda nao estou fazendo vendas. Agora o site não caiu desde que estou vendo a uns 3 dias.
      Desativei alguns plugins que nao são essenciais: 
      JETPACK
      WOOCOMMERCE
      Hello Dolly
      WooCommerce PagSeguro
      WooCommerce CORREIOS
      WooCommerce PayPal Checkout Gateway
      ------------------------------------------------------------------------
       
      Algum de qual o problema? já ouviram algo assim antes, é problema normal do wp?
      tem alguma ideia de como resolver.
      Suspeito que o problema seja de ambiente tambem, kingnost, fazendo up de plano com servidor mais robusto resolva ou diminua os problemas.
      Esse site - https://www.focuscosmus.com
       
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.