Publicidade

Aldemir Pinheiro

[Resolvido] &nbspao instalar um programa apareceu malwares e adwarers

Patrocínio:

Boa noite, ao usar um programa baixado pela internet  meu computador  vem apresentando  problemas como:

lentidão  tambem janelas e navegadores  abrem  constantemente e sozinhos

já o edge abre com ---ografia  

desktop alem de aparentar alongado na vertical aparece esbranquecido 

letra dos atalhos se tornaram no formato de datilografia  

e arquivos  viraram atalhos.lmk

 

FRST
http://www.cjoint.com/c/GFAbv2TFOa8
Addition
http://www.cjoint.com/c/GFAbwSJeig8

 

No aguardo. muito Obrigado
 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia! Aldemir Pinheiro _\

 

> Desinstale: <5>

 

1.0.0.1 (HKLM-x32\...\YeaDesktop) (Version: 1.0.0.1 - ) <<
DiskWMpower version 1.0 <<
Online Application (x32 Version: 2.6.0 - Microleaves) <<
OtherSearch (HKLM-x32\...\OtherSearch) (Version: 4.0.0.0 - Skyler Emil) <<
Social2Search (HKLM\...\89798490c2b4d681479595f7b986c615) (Version: 11.14.1.75 (i1.0) - Social2Search)<<

 

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )

 

start
CloseProcesses:
HKLM\...\Run: [Login] => C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe [5367296 2017-06-25] () <==== ATENÇÃO 
HKLM-x32\...\Run: [DiskPower] => C:\Program Files (x86)\DiskWMpower\DiskPower.exe [210432 2017-02-10] () <==== ATENÇÃO 
HKLM\...\RunOnce: [OMEWPRODUCT_UJAYA] => C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe [340480 2017-06-25] (RW3N) <==== ATENÇÃO 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [X44WUWTEZG7JBPE] => C:\Program Files\4PKCUNJOVT\HEQR3MPPU.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [AIEXR79YGJQMP3I] => C:\Program Files\694ASJ82FT\694ASJ82F.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [nfqu5xdln43] => C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe [8192 2017-06-25] () 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [wsnoxgrylyi] => C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe [8192 2017-06-25] () 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [0LNI83FHNYQ9GCY] => C:\Program Files\RLR47SCMCK\RLR47SCMC.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [E1DU437K072Q4H7] => C:\Program Files (x86)\0skpobfw0eo\7F1D7.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [3513856 2017-06-13] () <==== ATENÇÃO 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [msiql] => C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe [2072576 2017-06-25] () <==== ATENÇÃO 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [{BEF52EAB-8493-F95E-1956-6E8C5FBC5B0C}] => C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe [117561 2017-05-13] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo
S2 89798490c2b4d681479595f7b986c615; C:\Program Files\89798490c2b4d681479595f7b986c615\6fedccfacdec2958edd3d0f4f6a249a1.exe [1184768 2017-06-23] () [Arquivo não assinado] <==== ATENÇÃO 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2855152 2016-06-05] (Microsoft Corporation)
S2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [247464 2016-12-22] () 
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) 
R2 OtherSearch; C:\Program Files (x86)\ZBeAlTQs36\kl.dll [762368 2017-06-25] () [Arquivo não assinado] <==== ATENÇÃO 
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-03-07] () <==== ATENÇÃO
R1 e9fbb8bffa005bf33fed2856825b190d; C:\WINDOWS\system32\drivers\e9fbb8bffa005bf33fed2856825b190d.sys [71536 2017-06-23] (KE84TD) <==== ATENÇÃO
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATENÇÃO
2017-06-25 19:04 - 2017-06-25 20:39 - 00002656 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore 
2017-06-25 19:04 - 2017-06-25 20:39 - 00000322 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job 
2017-06-25 19:04 - 2017-06-25 19:07 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater 
2017-06-25 19:04 - 2017-06-25 19:06 - 00000486 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job 
2017-06-25 19:04 - 2017-06-25 19:04 - 01623552 _____ C:\Users\Todos os Usuários\service.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 01623552 _____ C:\ProgramData\service.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 00016802 _____ C:\WINDOWS\System32\Tasks\PrintsCouth 
2017-06-25 19:04 - 2017-06-25 19:04 - 00003506 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater 
2017-06-25 19:04 - 2017-06-25 19:04 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\UCBrowser 
2017-06-25 19:04 - 2017-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\UCBrowser 
2017-06-25 19:03 - 2017-06-25 19:04 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\UCChannel 
2017-06-25 19:03 - 2017-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\YeaDesktop 
2017-06-25 19:03 - 2017-06-25 19:03 - 00930816 _____ C:\Users\Hakaz7\AppData\Local\test_db_cara.db 
2017-06-25 19:03 - 2017-06-25 19:03 - 00140800 _____ C:\Users\Hakaz7\AppData\Local\installer.dat 
2017-06-25 19:03 - 2017-06-25 19:03 - 00011568 _____ C:\Users\Hakaz7\AppData\Local\InstallationConfiguration.xml 
2017-06-25 19:03 - 2017-06-25 19:03 - 00001052 _____ C:\Users\Public\Desktop\magicdisk.lnk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Users\Public\Documents\XMUpdate 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Program Files (x86)\mgdisk 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000410 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G3.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G2.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-06-25 19:02 - 2017-06-25 19:02 - 00003304 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003296 _____ C:\WINDOWS\System32\Tasks\89798490c2b4d681479595f7b986c615 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\WINDOWS\SysWOW64\SSL 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\Microleaves 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\AdvinstAnalytics 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Program Files\89798490c2b4d681479595f7b986c615 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Program Files (x86)\Microleaves 
2017-06-25 18:59 - 2017-06-25 18:59 - 00002052 _____ C:\WINDOWS\System32\Tasks\O6dPumpAUx 
2017-06-25 18:58 - 2017-06-25 19:11 - 00000000 ____D C:\Program Files (x86)\ZBeAlTQs36 
2017-06-25 18:58 - 2017-06-25 18:59 - 00000002 _____ C:\END 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files\RLR47SCMCK 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files (x86)\DiskWMpower 
2017-06-25 18:57 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files (x86)\0skpobfw0eo 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Program Files\694ASJ82FT 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Program Files\4PKCUNJOVT 
2017-06-25 18:56 - 2017-06-25 18:56 - 00000000 ____D C:\Program Files (x86)\KMSPico 
2017-06-25 18:51 - 2017-06-24 15:07 - 10227008 _____ C:\Users\Hakaz7\Desktop\KMSPico__Windows_10_Activator.mp4
2017-06-24 15:07 - 2017-06-24 15:07 - 10227008 _____ C:\Users\Hakaz7\Downloads\KMSPico__Windows_10_Activator.mp4
2017-06-25 18:56 - 2017-06-25 18:56 - 0061440 _____ (The Gentee Group) C:\Users\Hakaz7\AppData\Local\Temp\genteert.dll 
2017-06-25 18:58 - 2017-06-25 18:58 - 0453383 _____ (WeMonetize ) C:\Users\Hakaz7\AppData\Local\Temp\S05G6B6.exe
2017-06-25 19:04 - 2017-03-07 10:44 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 05367296 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe 
2017-06-25 18:57 - 2017-06-25 18:57 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe 
2017-06-25 18:58 - 2017-06-25 18:58 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe 
2017-06-25 19:03 - 2017-06-13 17:34 - 03513856 _____ () C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 02072576 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe 
2017-06-25 19:04 - 2017-03-07 10:44 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\UCAgent.exe 
2017-05-13 00:38 - 2017-05-13 00:38 - 00117561 _____ () C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe  
2017-06-25 20:00 - 2017-06-25 20:00 - 00481792 _____ () C:\WINDOWS\TEMP\gC0E1.tmp.exe 
2017-06-25 20:00 - 2017-06-25 20:00 - 00460800 _____ () C:\WINDOWS\TEMP\gCB23.tmp.exe 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncApi64.dll => Nenhum Arquivo
Task: {09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATENÇÃO
Task: {2B3D4C55-B27B-4266-8CC0-D449AC953618} - System32\Tasks\O6dPumpAUx => C:\Program Files (x86)\ZBeAlTQs36\updengine.exe [2017-06-25] () <==== ATENÇÃO
Task: {31514E56-53B7-4929-BDFA-92C5A4FF0702} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-06-25] (UC Web Inc.) <==== ATENÇÃO
Task: {58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} - System32\Tasks\PrintsCouth => Rundll32.exe "C:\Program Files\PrintsCouth\PrintsCouth.dll",bUjgdkEtA <==== ATENÇÃO
Task: {AA993382-ABE3-4686-AF3D-F26B0FE219EA} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO 
Task: {B6B84572-80FD-403E-AAFC-D5BDA21495D5} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO 
Task: {B8B826C3-E110-4C85-845F-D8E70B51CBE7} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATENÇÃO
Task: {BE4A6AE7-1342-466F-8250-46DF14D45C07} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO
Task: {D30C4AF5-8775-40AC-84EF-E353332925FC} - System32\Tasks\89798490c2b4d681479595f7b986c615 => sc start 89798490c2b4d681479595f7b986c615 <==== ATENÇÃO 
Task: {F323D747-D4A8-4462-AD3A-B99AA23FC9E4} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATENÇÃO 
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATENÇÃO  
WMI_ActiveScriptEventConsumer_ASEC: <==== ATENÇÃO
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk -> C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444] 
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914] 
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458] 
FirewallRules: [UDP Query User{2173846D-BE62-4434-BAC0-2B5C666DBB60}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe 
FirewallRules: [TCP Query User{6C901EC6-9AC6-4C79-AE1F-E7A0BB4FC635}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe 
FirewallRules: [{1F6AB5A9-2C0A-4298-9444-50E2AA16F76F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 
FirewallRules: [{E397A2C9-41F9-4C86-B2D0-043A9B6120BA}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 
FirewallRules: [{AE6F9839-9CC3-4226-AF12-E1B67F2C41C9}] => (Allow) C:\Program Files\Nightly\firefox.exe 
FirewallRules: [{500A9256-49D3-4BAC-AEB9-4B1EE56300F8}] => (Allow) C:\Program Files\Nightly\firefox.exe 
C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe 
C:\Program Files (x86)\DiskWMpower\DiskPower.exe 
C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe 
C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe 
C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe 
C:\users\hakaz7\desktop\u1504.exe 
C:\ProgramData\service.exe 
C:\Users\Todos os Usuários\service.exe 
CreateRestorePoint:
EmptyTemp:
Reboot:
end

 

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde! 
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool" (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

 

[A+]

1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Postado (editado)

Olá DigRam obrigado por responder

 

Desculpa a demora

tenho uma partição linux que eu somente tenho 6 segundos para  escolher com qual sistema deve iniciar  windows, se não inicia automaticamente inicia como linux, por isso tenho reboot´s dando errado em alguns pendrives. 

 

o que acontece: meu pendrive  não está reiniciando, pois havia um linux bootavel instalado nele, onde eu  o apaguei, mas agora está infectando a maquina  novamente pois não saiu os virus, por este motivo preciso desinstalar a repartição ubuntu como descrito neste site https://computadorcomwindows.com/2015/08/21/tutorial-como-remover-particoes-de-um-dispositivo-usb-pen-drive/  

pois quando eu reinicio dou um reboot, pede para q remova o disco removivel com sistema operacional instalado farei isso.


porem faria isso se não tivesse apagado meus arquivos do pendrive, mas mesmo assim acusa como tendo um SO. Então eu deveria  recolocar o SO novamente no pendrive, porem o que me impede é a .ISO que tenho está em formato .RAR e de acordo com este video eu deveria tira-lo mas depois de feito o processo não aparece o formato .ISO nem nada, como faço para tirar um formato .ISO do arquivo .rar? quero desinstalar o ubuntu tenho todos os arquivos para fazer um pendrive bootavel com o mesmo SO que havia instalado só não sei fazer um .RAR virar .ISO  como no caso é o que eu deveria fazer de acordo com este video:

poderia me ajudar? pois quando termina o processo não aparece nada

 

ops:
_________________________________________________________________________________________________
Não consigo encontrar programa: Online Application (x32 Version: 2.6.0 - Microleaves)
para desistalaçao em painel controle> desinstalar ou alterer um programa.                                    nem mesmo pela cortana.
existe um meio mais eficaz de encontrar um programa para sua desinstalação se é que este programa não esteja com o nome modificado ou alterado ou renomeado

_________________________________________________________________________________________________

De qualquer forma relatorio fixlog reboot no pendrive:

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-06-2017 01
Executado por Hakaz7 (29-06-2017 00:06:16) Run:1
Executando a partir de C:\Users\Hakaz7\Desktop
Perfis Carregados: Hakaz7 (Perfis Disponíveis: Hakaz7 & aldem)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
start
CloseProcesses:
HKLM\...\Run: [Login] => C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe [5367296 2017-06-25] () <==== ATEN��O 
HKLM-x32\...\Run: [DiskPower] => C:\Program Files (x86)\DiskWMpower\DiskPower.exe [210432 2017-02-10] () <==== ATEN��O 
HKLM\...\RunOnce: [OMEWPRODUCT_UJAYA] => C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe [340480 2017-06-25] (RW3N) <==== ATEN��O 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restri��o <==== ATEN��O 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [X44WUWTEZG7JBPE] => C:\Program Files\4PKCUNJOVT\HEQR3MPPU.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [AIEXR79YGJQMP3I] => C:\Program Files\694ASJ82FT\694ASJ82F.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [nfqu5xdln43] => C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe [8192 2017-06-25] () 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [wsnoxgrylyi] => C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe [8192 2017-06-25] () 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [0LNI83FHNYQ9GCY] => C:\Program Files\RLR47SCMCK\RLR47SCMC.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [E1DU437K072Q4H7] => C:\Program Files (x86)\0skpobfw0eo\7F1D7.exe [1040384 2017-06-25] (RW3N) 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [3513856 2017-06-13] () <==== ATEN��O 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [msiql] => C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe [2072576 2017-06-25] () <==== ATEN��O 
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [{BEF52EAB-8493-F95E-1956-6E8C5FBC5B0C}] => C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe [117561 2017-05-13] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo
S2 89798490c2b4d681479595f7b986c615; C:\Program Files\89798490c2b4d681479595f7b986c615\6fedccfacdec2958edd3d0f4f6a249a1.exe [1184768 2017-06-23] () [Arquivo n�o assinado] <==== ATEN��O 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2855152 2016-06-05] (Microsoft Corporation)
S2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [247464 2016-12-22] () 
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) 
R2 OtherSearch; C:\Program Files (x86)\ZBeAlTQs36\kl.dll [762368 2017-06-25] () [Arquivo n�o assinado] <==== ATEN��O 
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-03-07] () <==== ATEN��O
R1 e9fbb8bffa005bf33fed2856825b190d; C:\WINDOWS\system32\drivers\e9fbb8bffa005bf33fed2856825b190d.sys [71536 2017-06-23] (KE84TD) <==== ATEN��O
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATEN��O
2017-06-25 19:04 - 2017-06-25 20:39 - 00002656 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore 
2017-06-25 19:04 - 2017-06-25 20:39 - 00000322 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job 
2017-06-25 19:04 - 2017-06-25 19:07 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater 
2017-06-25 19:04 - 2017-06-25 19:06 - 00000486 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job 
2017-06-25 19:04 - 2017-06-25 19:04 - 01623552 _____ C:\Users\Todos os Usu�rios\service.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 01623552 _____ C:\ProgramData\service.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 00016802 _____ C:\WINDOWS\System32\Tasks\PrintsCouth 
2017-06-25 19:04 - 2017-06-25 19:04 - 00003506 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater 
2017-06-25 19:04 - 2017-06-25 19:04 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\UCBrowser 
2017-06-25 19:04 - 2017-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\UCBrowser 
2017-06-25 19:03 - 2017-06-25 19:04 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\UCChannel 
2017-06-25 19:03 - 2017-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\YeaDesktop 
2017-06-25 19:03 - 2017-06-25 19:03 - 00930816 _____ C:\Users\Hakaz7\AppData\Local\test_db_cara.db 
2017-06-25 19:03 - 2017-06-25 19:03 - 00140800 _____ C:\Users\Hakaz7\AppData\Local\installer.dat 
2017-06-25 19:03 - 2017-06-25 19:03 - 00011568 _____ C:\Users\Hakaz7\AppData\Local\InstallationConfiguration.xml 
2017-06-25 19:03 - 2017-06-25 19:03 - 00001052 _____ C:\Users\Public\Desktop\magicdisk.lnk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Users\Public\Documents\XMUpdate 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk 
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Program Files (x86)\mgdisk 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000410 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G3.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G2.job 
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-06-25 19:02 - 2017-06-25 19:02 - 00003304 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003296 _____ C:\WINDOWS\System32\Tasks\89798490c2b4d681479595f7b986c615 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2 
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\WINDOWS\SysWOW64\SSL 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\Microleaves 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\AdvinstAnalytics 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Program Files\89798490c2b4d681479595f7b986c615 
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Program Files (x86)\Microleaves 
2017-06-25 18:59 - 2017-06-25 18:59 - 00002052 _____ C:\WINDOWS\System32\Tasks\O6dPumpAUx 
2017-06-25 18:58 - 2017-06-25 19:11 - 00000000 ____D C:\Program Files (x86)\ZBeAlTQs36 
2017-06-25 18:58 - 2017-06-25 18:59 - 00000002 _____ C:\END 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files\RLR47SCMCK 
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files (x86)\DiskWMpower 
2017-06-25 18:57 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files (x86)\0skpobfw0eo 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Program Files\694ASJ82FT 
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Program Files\4PKCUNJOVT 
2017-06-25 18:56 - 2017-06-25 18:56 - 00000000 ____D C:\Program Files (x86)\KMSPico 
2017-06-25 18:51 - 2017-06-24 15:07 - 10227008 _____ C:\Users\Hakaz7\Desktop\KMSPico__Windows_10_Activator.mp4
2017-06-24 15:07 - 2017-06-24 15:07 - 10227008 _____ C:\Users\Hakaz7\Downloads\KMSPico__Windows_10_Activator.mp4
2017-06-25 18:56 - 2017-06-25 18:56 - 0061440 _____ (The Gentee Group) C:\Users\Hakaz7\AppData\Local\Temp\genteert.dll 
2017-06-25 18:58 - 2017-06-25 18:58 - 0453383 _____ (WeMonetize ) C:\Users\Hakaz7\AppData\Local\Temp\S05G6B6.exe
2017-06-25 19:04 - 2017-03-07 10:44 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 05367296 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe 
2017-06-25 18:57 - 2017-06-25 18:57 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe 
2017-06-25 18:58 - 2017-06-25 18:58 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe 
2017-06-25 19:03 - 2017-06-13 17:34 - 03513856 _____ () C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe 
2017-06-25 19:04 - 2017-06-25 19:04 - 02072576 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe 
2017-06-25 19:04 - 2017-03-07 10:44 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\UCAgent.exe 
2017-05-13 00:38 - 2017-05-13 00:38 - 00117561 _____ () C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe  
2017-06-25 20:00 - 2017-06-25 20:00 - 00481792 _____ () C:\WINDOWS\TEMP\gC0E1.tmp.exe 
2017-06-25 20:00 - 2017-06-25 20:00 - 00460800 _____ () C:\WINDOWS\TEMP\gCB23.tmp.exe 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo 
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncApi64.dll => Nenhum Arquivo
Task: {09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATEN��O
Task: {2B3D4C55-B27B-4266-8CC0-D449AC953618} - System32\Tasks\O6dPumpAUx => C:\Program Files (x86)\ZBeAlTQs36\updengine.exe [2017-06-25] () <==== ATEN��O
Task: {31514E56-53B7-4929-BDFA-92C5A4FF0702} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-06-25] (UC Web Inc.) <==== ATEN��O
Task: {58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} - System32\Tasks\PrintsCouth => Rundll32.exe "C:\Program Files\PrintsCouth\PrintsCouth.dll",bUjgdkEtA <==== ATEN��O
Task: {AA993382-ABE3-4686-AF3D-F26B0FE219EA} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATEN��O 
Task: {B6B84572-80FD-403E-AAFC-D5BDA21495D5} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATEN��O 
Task: {B8B826C3-E110-4C85-845F-D8E70B51CBE7} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATEN��O
Task: {BE4A6AE7-1342-466F-8250-46DF14D45C07} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATEN��O
Task: {D30C4AF5-8775-40AC-84EF-E353332925FC} - System32\Tasks\89798490c2b4d681479595f7b986c615 => sc start 89798490c2b4d681479595f7b986c615 <==== ATEN��O 
Task: {F323D747-D4A8-4462-AD3A-B99AA23FC9E4} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATEN��O 
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATEN��O 
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATEN��O 
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATEN��O 
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATEN��O 
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATEN��O 
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATEN��O  
WMI_ActiveScriptEventConsumer_ASEC: <==== ATEN��O
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk -> C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ 
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444] 
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914] 
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458] 
FirewallRules: [UDP Query User{2173846D-BE62-4434-BAC0-2B5C666DBB60}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe 
FirewallRules: [TCP Query User{6C901EC6-9AC6-4C79-AE1F-E7A0BB4FC635}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe 
FirewallRules: [{1F6AB5A9-2C0A-4298-9444-50E2AA16F76F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 
FirewallRules: [{E397A2C9-41F9-4C86-B2D0-043A9B6120BA}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 
FirewallRules: [{AE6F9839-9CC3-4226-AF12-E1B67F2C41C9}] => (Allow) C:\Program Files\Nightly\firefox.exe 
FirewallRules: [{500A9256-49D3-4BAC-AEB9-4B1EE56300F8}] => (Allow) C:\Program Files\Nightly\firefox.exe 
C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe 
C:\Program Files (x86)\DiskWMpower\DiskPower.exe 
C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe 
C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe 
C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe 
C:\users\hakaz7\desktop\u1504.exe 
C:\ProgramData\service.exe 
C:\Users\Todos os Usu�rios\service.exe 
CreateRestorePoint:
EmptyTemp:
Reboot:
end
 
*****************

Processos fechados com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Login => valor removido (a) com sucesso.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DiskPower => valor não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMEWPRODUCT_UJAYA => valor não encontrado (a).
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\X44WUWTEZG7JBPE => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AIEXR79YGJQMP3I => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nfqu5xdln43 => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wsnoxgrylyi => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\0LNI83FHNYQ9GCY => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\E1DU437K072Q4H7 => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YeaDesktop => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msiql => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{BEF52EAB-8493-F95E-1956-6E8C5FBC5B0C} => valor removido (a) com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a). 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a). 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a). 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a). 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a). 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a). 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a). 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a). 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a). 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a). 
89798490c2b4d681479595f7b986c615 => serviço não encontrado (a).
ClickToRunSvc => Não foi possível finalizar o serviço.
HKLM\System\CurrentControlSet\Services\ClickToRunSvc => chave removido (a) com sucesso.
ClickToRunSvc => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\egGetSvc => chave removido (a) com sucesso.
egGetSvc => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\MBAMService => chave removido (a) com sucesso.
MBAMService => serviço removido (a) com sucesso.
OtherSearch => serviço não encontrado (a).
HKLM\System\CurrentControlSet\Services\UCBrowserSvc => chave removido (a) com sucesso.
UCBrowserSvc => serviço removido (a) com sucesso.
e9fbb8bffa005bf33fed2856825b190d => serviço não encontrado (a).
ucdrv => Não foi possível finalizar o serviço.
HKLM\System\CurrentControlSet\Services\ucdrv => chave removido (a) com sucesso.
ucdrv => serviço removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore => movido com sucesso
C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => movido com sucesso
C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater => movido com sucesso
C:\WINDOWS\Tasks\UCBrowserUpdater.job => movido com sucesso
C:\Users\Todos os Usuários\service.exe => movido com sucesso
"C:\ProgramData\service.exe" => não encontrado (a).
C:\WINDOWS\System32\Tasks\PrintsCouth => movido com sucesso
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => movido com sucesso
C:\Users\Hakaz7\AppData\Local\UCBrowser => movido com sucesso

"C:\Program Files (x86)\UCBrowser" pasta mover:

Não pode ser movido "C:\Program Files (x86)\UCBrowser" => Agendado para ser movido na reinicialização.

C:\Users\Hakaz7\AppData\Roaming\UCChannel => movido com sucesso
"C:\Program Files (x86)\YeaDesktop" => não encontrado (a).
C:\Users\Hakaz7\AppData\Local\test_db_cara.db => movido com sucesso
C:\Users\Hakaz7\AppData\Local\installer.dat => movido com sucesso
C:\Users\Hakaz7\AppData\Local\InstallationConfiguration.xml => movido com sucesso
C:\Users\Public\Desktop\magicdisk.lnk => movido com sucesso
C:\Users\Public\Documents\XMUpdate => movido com sucesso
C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk => movido com sucesso
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop" => não encontrado (a).
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk => movido com sucesso
C:\Program Files (x86)\mgdisk => movido com sucesso
C:\WINDOWS\Tasks\Updater_Online_Application.job => movido com sucesso
C:\WINDOWS\Tasks\Online Application V2G3.job => movido com sucesso
C:\WINDOWS\Tasks\Online Application V2G2.job => movido com sucesso
C:\WINDOWS\Tasks\Online Application V2G1.job => movido com sucesso
C:\WINDOWS\System32\Tasks\Updater_Online_Application => movido com sucesso
C:\WINDOWS\System32\Tasks\89798490c2b4d681479595f7b986c615 => movido com sucesso
C:\WINDOWS\System32\Tasks\Online Application V2G3 => movido com sucesso
C:\WINDOWS\System32\Tasks\Online Application V2G2 => movido com sucesso
C:\WINDOWS\System32\Tasks\Online Application V2G1 => movido com sucesso
C:\WINDOWS\SysWOW64\SSL => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\Microleaves => movido com sucesso
C:\Users\Hakaz7\AppData\Local\AdvinstAnalytics => movido com sucesso
"C:\Program Files\89798490c2b4d681479595f7b986c615" => não encontrado (a).
C:\Program Files (x86)\Microleaves => movido com sucesso
C:\WINDOWS\System32\Tasks\O6dPumpAUx => movido com sucesso
C:\Program Files (x86)\ZBeAlTQs36 => movido com sucesso
C:\END => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu => movido com sucesso
C:\Program Files\RLR47SCMCK => movido com sucesso
C:\Program Files (x86)\DiskWMpower => movido com sucesso
C:\Program Files (x86)\0skpobfw0eo => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf => movido com sucesso
C:\Program Files\694ASJ82FT => movido com sucesso
C:\Program Files\4PKCUNJOVT => movido com sucesso
C:\Program Files (x86)\KMSPico => movido com sucesso
C:\Users\Hakaz7\Desktop\KMSPico__Windows_10_Activator.mp4 => movido com sucesso
C:\Users\Hakaz7\Downloads\KMSPico__Windows_10_Activator.mp4 => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Temp\genteert.dll => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Temp\S05G6B6.exe => movido com sucesso
C:\Program Files (x86)\UCBrowser\Application\UCService.exe => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe => movido com sucesso
"C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe" => não encontrado (a).
"C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe" => não encontrado (a).
"C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe" => não encontrado (a).
C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe => movido com sucesso
"C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\UCAgent.exe" => não encontrado (a).
"C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe" => não encontrado (a).
C:\WINDOWS\TEMP\gC0E1.tmp.exe => movido com sucesso
"C:\WINDOWS\TEMP\gCB23.tmp.exe" => não encontrado (a).
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Updater_Online_Application => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B3D4C55-B27B-4266-8CC0-D449AC953618} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B3D4C55-B27B-4266-8CC0-D449AC953618} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\O6dPumpAUx => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\O6dPumpAUx => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{31514E56-53B7-4929-BDFA-92C5A4FF0702} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31514E56-53B7-4929-BDFA-92C5A4FF0702} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\PrintsCouth => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PrintsCouth => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA993382-ABE3-4686-AF3D-F26B0FE219EA} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA993382-ABE3-4686-AF3D-F26B0FE219EA} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Online Application V2G2 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6B84572-80FD-403E-AAFC-D5BDA21495D5} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6B84572-80FD-403E-AAFC-D5BDA21495D5} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Online Application V2G3 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8B826C3-E110-4C85-845F-D8E70B51CBE7} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8B826C3-E110-4C85-845F-D8E70B51CBE7} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE4A6AE7-1342-466F-8250-46DF14D45C07} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE4A6AE7-1342-466F-8250-46DF14D45C07} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Online Application V2G1 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D30C4AF5-8775-40AC-84EF-E353332925FC} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D30C4AF5-8775-40AC-84EF-E353332925FC} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\89798490c2b4d681479595f7b986c615 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\89798490c2b4d681479595f7b986c615 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F323D747-D4A8-4462-AD3A-B99AA23FC9E4} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F323D747-D4A8-4462-AD3A-B99AA23FC9E4} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => chave removido (a) com sucesso.
C:\WINDOWS\Tasks\Online Application V2G1.job => não encontrado (a).
C:\WINDOWS\Tasks\Online Application V2G2.job => não encontrado (a).
C:\WINDOWS\Tasks\Online Application V2G3.job => não encontrado (a).
C:\WINDOWS\Tasks\UCBrowserUpdater.job => não encontrado (a).
C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => não encontrado (a).
C:\WINDOWS\Tasks\Updater_Online_Application.job => não encontrado (a).
WMI_ActiveScriptEventConsumer_ASEC: <==== ATENÇÃO => removido (a) com sucesso.
C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Public\Desktop\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Atalho argumento removido (a) com sucesso..
C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS removido (a) com sucesso..
C:\WINDOWS\system32\drivers => ":x64" ADS removido (a) com sucesso..
C:\WINDOWS\system32\drivers => ":x86" ADS removido (a) com sucesso..
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2173846D-BE62-4434-BAC0-2B5C666DBB60}C:\users\hakaz7\desktop\u1504.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C901EC6-9AC6-4C79-AE1F-E7A0BB4FC635}C:\users\hakaz7\desktop\u1504.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F6AB5A9-2C0A-4298-9444-50E2AA16F76F} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E397A2C9-41F9-4C86-B2D0-043A9B6120BA} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE6F9839-9CC3-4226-AF12-E1B67F2C41C9} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{500A9256-49D3-4BAC-AEB9-4B1EE56300F8} => valor removido (a) com sucesso.
"C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe" => não encontrado (a).
"C:\Program Files (x86)\DiskWMpower\DiskPower.exe" => não encontrado (a).
"C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe" => não encontrado (a).
"C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe" => não encontrado (a).
"C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe" => não encontrado (a).
C:\users\hakaz7\desktop\u1504.exe => movido com sucesso
"C:\ProgramData\service.exe" => não encontrado (a).
"C:\Users\Todos os Usuários\service.exe" => não encontrado (a).
Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 7745088 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 170884552 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 175595466 B
Edge => 3629331 B
Chrome => 516531349 B
Firefox => 48206584 B
Opera => 219745650 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 24963 B
systemprofile32 => 128 B
LocalService => 54122 B
NetworkService => 71794 B
Hakaz7 => 508654752 B
aldem => 1449418 B

RecycleBin => 1096 B
EmptyTemp: => 1.5 GB de dados temporários Removidos.

================================

Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 29-06-2017 00:15:59)

"C:\Program Files (x86)\UCBrowser" => Não pode ser movido

==== Fim de Fixlog 00:16:02 ====

Editado por Aldemir Pinheiro
texto fora de ordem se eu não edita-se não haveria compreensão
0

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Noite! Aldemir Pinheiro _\

 

> Somente poderei ajudá-lo em situações que envolvam malwares,que é o objetivo desta sala.

 

> Baixe: < RogueKiller_portable32 > < RogueKiller_Logo.jpg > ( ... by Adlice Software ) ( 32 bits version )

> Baixe: < RogueKiller_portable64 > < ablsEVeT.jpg  > ( ... by Adlice Software ) ( 64 bits version )

> Salve-o ao desktop! 
> Feche aplicativos que estejam abertos!
> Execute RogueKiller_portable32.exe ou RogueKiller_portable64.exe e aceite a Eula.

http://www.adlice.com/thanks-downloading-roguekiller/


> Feche esta página da Adlice Software,que lhe abre ao navegador.
> Ps: Se o "Filtro SmartScreen",do navegador IE,bloquear o anti-malware,clique em "Mais informações".
> À seguir,clique: "Executar de qualquer maneira"

 

0GpHdLYp.jpg

 

> Clique na guia "SCAN" >> "Start Scan".
> Aguarde a conclusão!

> Clique "Open Report" >> "Open TXT".
> Copie e poste o relatório! (Modo: Escanear)

 

[Abs]

1

Compartilhar este post


Link para o post
Compartilhar em outros sites

 

 

17 horas atrás, DigRam disse:

/_ Boa Noite! Aldemir Pinheiro _\

 

> Somente poderei ajudá-lo em situações que envolvam malwares,que é o objetivo desta sala.

 

 

pode me dizer onde consigo informações a respeito de problemas  no qual já foi sitado por mim ou onde encontrar ajuda a perguntas básicas ou quais salas são adequadas para este tipo de assunto principalmente para um principiante como eu? 

pq ficar procurando no youtube é um tiro no escuro.

 

só pra constar: navegador edge abre automaticamente inumeros e sites mesmo sem conecção com a internet

________________________________________________________________________________________________________________

RogueKiller:

_________________________________________________________________________________________________________________

 

RogueKiller V12.11.4.0 (x64) [Jun 26 2017] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 10 (10.0.14393) 64 bits version
Iniciou : Modo normal
Usuário : Hakaz7 [Administrador]
Started from : C:\Users\Hakaz7\Desktop\RogueKiller_portable64.exe
Modo : Escanear -- Data : 06/30/2017 14:44:34 (Duration : 00:54:01)

¤¤¤ Processos : 7 ¤¤¤
[Proc.Injected] explorer.exe(2992) -- C:\WINDOWS\explorer.exe[7] -> Encontrado
[Suspicious.Path] 1xxqi5i4d4p.exe(5084) -- C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe[-] -> Encontrado
[Suspicious.Path] vj0qppnix0s.exe(5144) -- C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe[-] -> Encontrado
[Adw.Wizzcaster] 413UK2YQ5.exe(5224) -- C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe[-] -> Encontrado
[Suspicious.Path] g5yau5p535c.exe(5236) -- C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe[-] -> Encontrado
[Adw.Wizzcaster] K98SCZW5C.exe(5624) -- C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe[-] -> Encontrado
[PUP.UCBrowser] (SVC) ucdrv -- \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys[7] -> Encontrado

¤¤¤ Registro : 38 ¤¤¤
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Encontrado
[PUP.OnlineIO] (X86) HKEY_LOCAL_MACHINE\Software\Microleaves -> Encontrado
[PUP.OtherSearch|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\OtherSearch -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\UCBrowser -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Installer -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowserPID -> Encontrado
[Adw.Sokuxuan] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\YeaDesktop -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Installer -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowserPID -> Encontrado
[Adw.Sokuxuan] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\YeaDesktop -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\UCBrowser -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\UCBrowser -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 3v01hnawfvt : "C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj\g5zb2q2gx3a.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 0xro0ptlrzv : "C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj\pkghddf0hlo.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | daikrzkppxy : "C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e\g535xe2lo02.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | ggiblzdfwv1 : "C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop\cz1qwc0wjes.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | uc2zbx2dqbu : "C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3\0tcets4rqji.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | d3wtulpy20p : "C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | z13law2el1c : "C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | xvfe0x4jyk5 : "C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 3v01hnawfvt : "C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj\g5zb2q2gx3a.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 0xro0ptlrzv : "C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj\pkghddf0hlo.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | daikrzkppxy : "C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e\g535xe2lo02.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | ggiblzdfwv1 : "C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop\cz1qwc0wjes.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | uc2zbx2dqbu : "C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3\0tcets4rqji.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | d3wtulpy20p : "C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | z13law2el1c : "C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | xvfe0x4jyk5 : "C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe" [-] -> Encontrado
[PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ucdrv (\??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X])  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{225009b3-5eee-4ba0-960b-97377dcf2249} | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X])  -> Encontrado
[PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {94632381-B65E-4552-8059-C9C64450C04D} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe|Name=è¿?é?·äº?å? é??å¼?æ?¾å¹³å°|Desc=è¿?é?·äº?å? é??å¼?æ?¾å¹³å°| [x] -> Encontrado
[PUP.UCBrowser] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9} | StubPath : "C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser" [x] -> Encontrado

¤¤¤ Tarefas : 1 ¤¤¤
[PUP.UCBrowser] \UCBrowserSecureUpdater -- "C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe" (--update-config) -> Encontrado

¤¤¤ Arquivos : 6 ¤¤¤
[PUP.OnlineIO|PUP.Gen0][Pasta] C:\ProgramData\Microleaves -> Encontrado
[Ads.Generic|Hidden.ADS][Stream] C:\WINDOWS\System32\drivers:ucdrv-x64.sys -> Encontrado
[Ads.Generic|Hidden.ADS][Stream] C:\WINDOWS\System32\drivers:x64 -> Encontrado
[Ads.Generic|Hidden.ADS][Stream] C:\WINDOWS\System32\drivers:x86 -> Encontrado
[PUP.OnlineIO|PUP.Gen0][Pasta] C:\ProgramData\Microleaves -> Encontrado
[PUP.UCBrowser][Pasta] C:\Program Files (x86)\UCBrowser -> Encontrado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ +++++
--- User ---
[MBR] 697b9a7974949dcb254cac2251b57da7
[BSP] e32eb9ff587e78f4eecfaf0fb4d0c9ee : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 406614 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 832954366 | Size: 69773 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate Expansion SCSI Disk Device +++++
--- User ---
[MBR] 28375214bf2efb974f53181af2f8db89
[BSP] 8bee9f484750d1919fa4256a17b2d457 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Função incorreta. )

+++++ PhysicalDrive2: Kingston DataTraveler C10 USB Device +++++
--- User ---
[MBR] a6fdc9e7353332f91bc51b303e048a9a
[BSP] a6efef6bee52c10cb8670af040e060f3 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x69) [VISIBLE] Offset (sectors): 1917127181 | Size: 820717 MB
1 - [XXXXXX] UNKNOWN (0xff) [VISIBLE] Offset (sectors): 1936942450 | Size: 830925 MB
2 - [XXXXXX] UNKNOWN (0x6c) [VISIBLE] Offset (sectors): 1768256047 | Size: 863341 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 2885681152 | Size: 26 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Noite! Aldemir Pinheiro _\

 

> Ao executar novamente a RogueKiller,você clicará em "Remove Selected".

> Ps: Nisto,é importante que ao acessar as guias,as caixinhas estejam marcadas!
> Clique "Finish" >> "Open Report" >> "Open TXT".
> Agora,teremos o log apresentando a(s) remoções efetuadas! (Modo: Deletar)
> Copie-o e poste o relatório!

 

http://www.hardware.com.br/comunidade/area/seguranca-debates-duvidas-dicas-etc.59/

 

> Quanto a pergunta sobre a sala em questão,recomendo o acesso ao GdH neste link àcima. Se o Komm lhe atender,suas chances de êxito serão elevadas.

 

[Abs]
 

1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Postado (editado)

fiz o Start scan, marquei as caixinhas, haviam muitas mas, percebi que  não havia incluido pendrives e HD Externo  forçando a parada de remoção por desligamento do pc. 

liguei o computador,   fiz um novo scan quando foi para marcar as caixinhas o numero diminuiu substancialmente  (me pergunto: como se não houve remoção?) tudo bem! log de remoção atual:  

 

RogueKiller V12.11.4.0 (x64) [Jun 26 2017] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 10 (10.0.14393) 64 bits version
Iniciou : Modo normal
Usuário : Hakaz7 [Administrador]
Started from : C:\Users\Hakaz7\Desktop\RogueKiller_portable64.exe
Modo : Deletar -- Data : 07/01/2017 17:54:44 (Duration : 00:52:54)

¤¤¤ Processos : 4 ¤¤¤
[Proc.Injected] explorer.exe(3216) -- C:\WINDOWS\explorer.exe[7] -> Interrompido [TermProc]
[Adw.Wizzcaster] 413UK2YQ5.exe(4688) -- C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe[-] -> Interrompido [TermProc]
[Adw.Wizzcaster] K98SCZW5C.exe(4712) -- C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe[-] -> Interrompido [TermProc]
[PUP.UCBrowser] (SVC) ucdrv -- \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys[7] -> ERROR [41c]

¤¤¤ Registro : 5 ¤¤¤
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Deletado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Deletado
[PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ucdrv (\??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys) -> Deletado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X])  -> Substituído ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{225009b3-5eee-4ba0-960b-97377dcf2249} | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X])  -> Substituído ()

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 1 ¤¤¤
[PUP.UCBrowser][Pasta] C:\Program Files (x86)\UCBrowser -> Removido na reinicialização [91]
[PUP.UCBrowser][Pasta] C:\Program Files (x86)\UCBrowser\Security -> Removido na reinicialização [20]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ +++++
--- User ---
[MBR] 697b9a7974949dcb254cac2251b57da7
[BSP] e32eb9ff587e78f4eecfaf0fb4d0c9ee : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 406614 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 832954366 | Size: 69773 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: General USB Flash Disk USB Device +++++
--- User ---
[MBR] 357be95f00767e161449bcfa4f62daf5
[BSP] 9f23b466890e4b2c215f028c2e31a450 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 7650 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )
 

Editado por Aldemir Pinheiro
postar um log de remoção atual que não havia postado anteriormente
0

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Noite! Aldemir Pinheiro _\

 

Se em um novo scan as detecções foram menores,isto deve-se ao uso de algum software de limpeza,reduzindo o número destas detecções.

 

> Baixe: < ZHPCleaner_zps71d274df.jpg > ( 6LcRokv.jpg ... de Nicolas Coolman )

 

> Ou |Aqui!| << Mirror!
> Estando na página,clique

7ukwnm8.jpg

 

> Salve-a no desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<

 

psizeTv.jpg

 

> Clique "Eu".

 

6MKUYyzn.jpg

 

> Clique Scanner.

 

ljOOETD.jpg

 

> Aguarde a conclusão!

9g2LW3p.jpg

> Ao concluir,clique Reparar.

 

CWxMrxRA.jpg

 

> Surgirão guias que estarão em vermelho,indicando problemas a serem reparados.
> Clique Reparar.

 

fN86PG8.jpg

 

> Ao concluir,clique Relatório!
> Poste o log de reparo: ~ Type : Reparo

 

[Abs]

1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi DigRam! tudo bem?

 

Durante a verificação do ZHPCleaner o programa me perguntou se eu instalei uma numeração de server. não sei o que é server mas confirmei que sim

não sei dizer se essa minha posição foi correta. numa próxima verificação eu confirmo ou deixo de confirmar se instalei uma numeração  de server? (pq eu não sei ao menos oque seja numeração nem server). Qual seu conselho: confirmo ou não? 

 

log ZHPCleaner

----------------------------------------------------------------------------------------------------------------------------------------------------------

~ ZHPCleaner v2017.7.2.113 by Nicolas Coolman (2017/07/02)
~ Run by Hakaz7 (Administrator)  (02/07/2017 21:35:25)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparo
~ Report : C:\Users\Hakaz7\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Hakaz7\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 14393)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (3)
SUBSTITUIDO IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant [http://www.ourluckysites.com/search/?type=ds&ts=1492614365&z=823f5a8f46c5a000f42[...]]  =>Hijacker.OurLuckySites
SUBSTITUIDO IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch [http://www.ourluckysites.com/search/?type=ds&ts=1492614365&z=823f5a8f46c5a000f42[...]]  =>Hijacker.OurLuckySites
SUBSTITUIDO TaskBar: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk  [Bad :  --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://www.yeadesktop.com/](..)  =>PUP.Optional.Zusy


---\\  Arquivo hosts (19)
SUBSTITUIDO: 127.0.0.1    gf.tools.avast.com
SUBSTITUIDO: 127.0.0.1    pair.ff.avast.com
SUBSTITUIDO: 127.0.0.1    ipm-provider.ff.avast.com
SUBSTITUIDO: 127.0.0.1    id.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.iavs9x.u.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.ivps9x.u.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.ivps9tiny.u.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.vpsnitro.u.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.vpsnitrotiny.u.avast.com
SUBSTITUIDO: 127.0.0.1    v4618535.iavs5x.u.avast.com
SUBSTITUIDO: 127.0.0.1    v7.stats.avast.com
SUBSTITUIDO: 127.0.0.1    v7event.stats.avast.com
SUBSTITUIDO: 127.0.0.1    sm00.avast.com
SUBSTITUIDO: 127.0.0.1    submit5.avast.com
SUBSTITUIDO: 127.0.0.1    geoip.avast.com
SUBSTITUIDO: 127.0.0.1    w9448963.iavs9x.u.avast.com
SUBSTITUIDO: 127.0.0.1    w9448963.ivps9x.u.avast.com
SUBSTITUIDO: 127.0.0.1    w9448963.ivps9tiny.u.avast.com
Número de redirecionamentos encontrados 361/394


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (12)
MOVIDO pasta: C:\Users\Hakaz7\Desktop\KMSpico_patch - Atalho.lnk  [Bad : C:\Users\Hakaz7\Downloads\KMSpico_patch](.Secure Download Ltd..)  =>HackTool.KMSpico
MOVIDO pasta^: C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [UC Web Inc. - UCBrowser Security Driver]  =>.Superfluous.UCBrowser
MOVIDO pasta: C:\WINDOWS\Prefetch\KMSPICO 10.2.1.EXE-DDF5CF46.pf    =>HackTool.KMSpico
MOVIDO pasta: C:\WINDOWS\Prefetch\KMSPICO10.2.1__11516_IL16.EXE-37BA0FD8.pf    =>HackTool.KMSpico
MOVIDO pasta: C:\WINDOWS\Prefetch\KMSPICO_PATCH.EXE-64F51FC8.pf    =>HackTool.KMSpico
MOVIDO pasta: C:\WINDOWS\Prefetch\YEADESKTOP.EXE-2B22185B.pf    =>PUP.Optional.Zusy
MOVIDO pasta: C:\WINDOWS\Prefetch\YEADESKTOP3.TMP-AA051ED6.pf    =>PUP.Optional.Zusy
MOVIDO pasta: C:\Users\Hakaz7\Desktop\KMSpico_patch [Secure Download Ltd. - SoftPlanet Software Assistant Setup]  =>HackTool.KMSpico
MOVIDO pasta: C:\Users\Hakaz7\Downloads\KMSPico 10.2.1.iso    =>HackTool.KMSpico
MOVIDO pasta: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage    =>PUP.Optional.Chatango
MOVIDO pasta: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal    =>PUP.Optional.Chatango
MOVIDO arquivo*: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\UCBrowser  =>.Superfluous.UCBrowser


---\\  Registro ( Chaves, Valores, Dados ) (58)
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 [Comodo Security]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB [F-Secure]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 [FRISK]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE [Bitdefender]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF [G-Data]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 [Malwarebytes]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF [Symantec]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 [Trend Micro]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 [Webroot]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A [SUPERAntiSpyware]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F [Kaspersky]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC [AVG Technologies]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 [PC Tools]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 [K7 Computing]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF [Doctor Web]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF [Emsisoft]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C [CheckPoint]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D [Emsisoft]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E [K7 Computing]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 [BullGuard]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF [McAfee]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB [Comodo Security]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF [McAfee]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E [Adaware Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 [Safer Networking]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 [Webroot]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 [ThreatTrack]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 [CurioLab]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 [Avira Operations]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 [BullGuard]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F [ESET]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 [AVG Technologies]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 [Symantec]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 [Malwarebytes]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 [Trend Micro]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 [Kaspersky]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 [ThreatTrack]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 [Total Defense]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF [AVG Technologies]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 [Bitdefender]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 [ESET]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A [Panda Security]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 [Doctor Web]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\ucdrv [C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys]  =>.Superfluous.UCBrowser
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\televisionfanatic.com []  =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\wdata.televisionfanatic.com []  =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yeadesktop.com []  =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yeadesktop.com []  =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\televisionfanatic.com []  =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\wdata.televisionfanatic.com []  =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yeadesktop.com [168]  =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yeadesktop.com []  =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\undefined []  =>.Superfluous.Downloader
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23E4C6D00564386418B357E6097ECF3E [02:\Software\Microleaves\ (Not File)]  =>.Superfluous.Microleaves
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\ourluckysitesSoftware []  =>Hijacker.OurLuckySites
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} [Microleaves]  =>.Superfluous.Microleaves


---\\  Resumo dos elementos encontrados na sua estação de trabalho (9)
https://nicolascoolman.eu/2017/05/16/hijacker-ourluckysites/  =>Hijacker.OurLuckySites
https://www.anti-malware.top/2016/05/17/adware-zusy/  =>PUP.Optional.Zusy
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/03/04/superfluous-ucbrowser/  =>.Superfluous.UCBrowser
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Chatango
https://nicolascoolman.eu/2017/06/26/trojan-certlock/  =>PUM.Misplaced.Certificate
https://nicolascoolman.eu/2017/03/15/superfluous-televisionfanatic/  =>.Superfluous.TelevisionFanatic
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.Downloader
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.Microleaves


---\\  Dodatkowe oczyszczenie. (29)
~ Chave de registro Tracing Supprimido (29)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ O sistema foi reiniciado.


---\\ Estatísticas
~ Items scan : 1546
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 434


~ End of clean in 00h01mn37s
~====================
ZHPCleaner-[R]-02072017-21_37_02.txt
ZHPCleaner--02072017-21_30_12.txt
 

   

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia! Aldemir Pinheiro _\

 

Quanto a pergunta que me fez,a ZHPCleaner lhe deu a opção de remover alterações ao  DhcpNameServer. De certa forma,ela foi promovida pela RogueKiller que a detectou como PUM.Dns. A sua concordância foi correta,mesmo não havendo correções pois a RogueKiller, nestes casos,costuma alertar para alguns Falsos Positivo.

 

> Baixe: < UsbFix >

> Ps: Utilize o navegador Internet Explorer,para o download.
> Salve-a ao desktop!

> Mantenha seu pendrive conectado ao PC.
> Abra a ferramenta UsbFix e dentre as opções escolha a limpeza. (Clean

> Poste o relatório ao concluir!

 

[Abs]
 

1

Compartilhar este post


Link para o post
Compartilhar em outros sites

bom dia DigRam

obrigado pela resposta sanou minhas duvidas, obrigado.

 

log UsbFix

__________________________________________________________________

############################## | UsbFix V 9.058 | [Limpar]

Usuário: Hakaz7 (Administrador) # ADMINISTRADOR
Atualizado em 03/07/2017 por SOSVirus
Começou em 12:07:33 | 03/07/2017

Site : https://www.usb-antivirus.com/pt/
Manual : https://www.usb-antivirus.com/pt/2014/03/tutorial-do-usbfix-scan/
Asistencia : https://www.sosvirus.net/es/
Detecção en vivo : https://www.usbfix.net/es/
Contato : https://www.usb-antivirus.com/pt/contato/

################## | System information |

MB: Hewlett-Packard (1493) 
CPU: Intel(R) Core(TM)2 Duo CPU     E7500  @ 2.93GHz
GC: Intel(R) B43 Express Chipset (Microsoft Corporation - WDDM 1.1)
RAM -> [Total : 2009 Mo | Free : 462 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft™ Windows 10 Pro (6.3.14393 64-Bit) 
WB: Internet Explorer : 11.00.14393.0
WB: Microsoft Edge : 11.00.14393.1358 (rs1_release.170602-2252)
WB: Google Chrome : 59.0.3071.115
WB: Mozilla Firefox : 41.0.2
WB: Opera : 46.0.2597.32

################## | Security Information |

AV: Windows Defender [Ativo |Atualizado]
AS: Windows Defender [Ativo |Atualizado]
AS: Malwarebytes Anti-Malware : 2.1.8.1057
FW: Windows Firewall [Ativo]
SC: Security Center [Ativo]
WU: Windows Update [Ativo]

################## | Disk Information |

C:\ (%SystemDrive%) -> Disco fixo # 397 Gb (55 Gb livre - 14%) [] # NTFS
E:\ -> Disco fixo # 932 Gb (454 Gb livre - 49%) [Seagate Expansion Drive] # NTFS
G:\ -> Disco removível # 2 Gb (2 Gb livre - 100%) [] # FAT32

################## | Procura genérica |


################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\System32\Userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\Hakaz7\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKCU\..\Run : [EU5RVEXBWBCD1HU] "C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe"
04 - HKCU\..\Run : [QA88O0040CCVATA] "C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe"
04 - HKCU\..\RunOnce : [Uninstall C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
04 - [x64] HKLM\..\Run : [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
04 - [x64] HKLM\..\Run : [WindowsDefender] "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [OneDrive] "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [Spotify Web Helper] "C:\Users\Hakaz7\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [EU5RVEXBWBCD1HU] "C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe"
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [QA88O0040CCVATA] "C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe"
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\RunOnce : [Uninstall C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"

################## | C:\ %SystemDrive% - Disco fixo (NTFS) |

[03/05/2017 - 21:20:06 | A | 1 Ko] - C:\DelFix.txt
[03/07/2017 - 06:31:48 | ASH | 262144 Ko] - C:\swapfile.sys
[03/07/2017 - 07:39:01 | ASH | 2695396 Ko] - C:\pagefile.sys
[27/06/2017 - 11:27:03 | D] - C:\Windows.old
[29/06/2017 - 00:38:36 | D] - C:\Config.Msi
[02/01/2016 - 05:39:02 | SHD] - C:\$RECYCLE.BIN
[28/05/2017 - 15:11:28 | D] - C:\$WINDOWS.~BT
[10/07/2015 - 09:21:38 | SHD] - C:\Documents and Settings
[25/07/2015 - 21:33:21 | D] - C:\Arquivos de Programas
[25/07/2015 - 21:36:11 | D] - C:\swsetup
[25/07/2015 - 21:36:53 | D] - C:\drvrtmp
[26/07/2015 - 16:07:28 | D] - C:\Intel
[29/10/2015 - 18:16:44 | D] - C:\viva
[30/10/2015 - 04:18:34 | N | 0 Ko] - C:\BOOTNXT
[29/01/2016 - 12:57:23 | D] - C:\EEK
[16/07/2016 - 08:47:47 | D] - C:\PerfLogs
[26/08/2016 - 21:06:39 | D] - C:\Temp
[17/04/2017 - 22:11:45 | D] - C:\OneDriveTemp
[26/05/2017 - 11:37:27 | SHD] - C:\Recovery
[26/05/2017 - 11:47:09 | D] - C:\$GetCurrent
[26/05/2017 - 11:48:26 | D] - C:\Windows10Upgrade
[28/05/2017 - 14:55:10 | D] - C:\$SysReset
[28/05/2017 - 15:01:57 | RD] - C:\Users
[25/06/2017 - 19:02:22 | D] - C:\Microsoft
[29/06/2017 - 00:07:10 | RD] - C:\Program Files (x86)
[29/06/2017 - 00:16:02 | D] - C:\FRST
[29/06/2017 - 00:37:10 | RD] - C:\Program Files
[30/06/2017 - 17:12:55 | D] - C:\WINDOWS
[01/07/2017 - 14:47:25 | HD] - C:\ProgramData
[03/07/2017 - 12:06:41 | D] - C:\UsbFix

################## | E:\ - Disco fixo (NTFS) |

[08/01/2015 - 04:13:28 | A | 1120 Ko] - E:\Warranty.pdf
[15/06/2015 - 12:07:12 | A | 0 Ko] - E:\Autorun.inf
[08/01/2015 - 19:18:14 | A | 550 Ko] - E:\SeagateExpansion.ico
[24/03/2016 - 04:06:10 | A | 17529 Ko] - E:\Start_Here_Win.exe
[05/08/2016 - 14:49:30 | SHD] - E:\$RECYCLE.BIN
[31/12/1969 - 22:15:14 | D] - E:\LG_DVR_000000
[10/05/2016 - 01:50:44 | D] - E:\Seagate
[25/06/2017 - 14:03:45 | D] - E:\lair ribeiro
[25/06/2017 - 15:17:50 | D] - E:\Filmes

################## | G:\ - Disco removível (FAT32) |

[15/01/2015 - 17:02:16 | A | 1239 Ko] - G:\RevelandotodosossegredosdaDeep.pdf

Análise realizada em 31.87 segundos

################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivirus.com/pt/ |
 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Tarde! Aldemir Pinheiro _\

 

> Poste novos logs da FRST. ( FRST.txt + Addition.txt )

 

[]s

1

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia! Aldemir Pinheiro _\

 

(4H66) C:\Program Files\7K2E40Q4DR\

413UK2YQ5.exe 
(4H66) C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe


> É de sua escolha estes arquivos na linha de processos?

 

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )

 

start

CloseProcesses:
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh 
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Program Files\D5K6CW0LI8 
2017-06-28 10:55 - 2017-06-28 10:55 - 00000000 _____ C:\Users\Hakaz7\AppData\Local\{B281DE83-8424-46E1-9ABB-2F92524F9C4E} 
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw 
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Program Files\7K2E40Q4DR 
2017-06-27 11:27 - 2017-06-27 11:27 - 00001250 _____ C:\Users\Hakaz7\Desktop\Ao proctologista.docx - Atalho.lnk 
2017-06-27 10:27 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\BEKAELOWIT 
2017-06-27 10:27 - 2017-06-27 10:27 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4 
2017-06-26 20:38 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\NB7ZC33F7V 
2017-06-26 20:38 - 2017-06-26 20:38 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3 
2017-06-26 19:08 - 2017-06-26 19:08 - 00000000 ____D C:\Users\Hakaz7\Documents\Modelos Personalizados do Office 
2017-06-26 17:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\78VQBR8YQT 
2017-06-26 17:37 - 2017-06-26 17:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop 
2017-06-26 14:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\4SZFM77SUR 
2017-06-26 14:37 - 2017-06-26 14:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e 
2017-06-26 11:37 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\J5CU3D2TL0 
2017-06-26 11:37 - 2017-06-26 11:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj 
2017-06-26 08:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\131B5LOBA4 
2017-06-26 08:37 - 2017-06-26 08:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj 
2017-06-25 19:44 - 2017-06-29 00:32 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\Ehqvtion 
2017-06-25 19:44 - 2017-06-25 19:44 - 01611944 _____ (Secure Download Ltd. ) C:\Users\Hakaz7\Downloads\KMSpico_patch 
2017-06-25 19:04 - 2017-07-01 14:47 - 00000000 ____D C:\Program Files (x86)\UCBrowser 
2017-06-05 15:35 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Desktop\Legendas35.zip 
2017-06-05 15:35 - 2017-04-28 01:57 - 04186534 _____ (Legendas Brasil ) C:\Users\Hakaz7\Desktop\Legendas35.exe
2017-06-05 15:31 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Downloads\Legendas35.zip 
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATENÇÃO 
C:\Program Files (x86)\UCBrowser
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end

 

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde! 
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool" (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

 

[A+]

1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Postado (editado)

Bom dia DigRam

não entendi: estes arquivos são de minha escolhas nas linhas dos processo? 

que eu entende (se é que eu entendo) é o resultado do escaneamento do FRST e Addition.

certo?!

fique a vontade para fazer perguntas 

se eu souber responde-las terei o maior prazer 

segue os logs 

 

fixlog:

___________________________________________________________________________________

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-06-2017 01
Executado por Hakaz7 (04-07-2017 23:25:34) Run:2
Executando a partir de C:\Users\Hakaz7\Desktop
Perfis Carregados: Hakaz7 (Perfis Disponíveis: Hakaz7 & aldem)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
start
CloseProcesses:
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh 
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Program Files\D5K6CW0LI8 
2017-06-28 10:55 - 2017-06-28 10:55 - 00000000 _____ C:\Users\Hakaz7\AppData\Local\{B281DE83-8424-46E1-9ABB-2F92524F9C4E} 
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw 
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Program Files\7K2E40Q4DR 
2017-06-27 11:27 - 2017-06-27 11:27 - 00001250 _____ C:\Users\Hakaz7\Desktop\Ao proctologista.docx - Atalho.lnk 
2017-06-27 10:27 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\BEKAELOWIT 
2017-06-27 10:27 - 2017-06-27 10:27 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4 
2017-06-26 20:38 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\NB7ZC33F7V 
2017-06-26 20:38 - 2017-06-26 20:38 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3 
2017-06-26 19:08 - 2017-06-26 19:08 - 00000000 ____D C:\Users\Hakaz7\Documents\Modelos Personalizados do Office 
2017-06-26 17:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\78VQBR8YQT 
2017-06-26 17:37 - 2017-06-26 17:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop 
2017-06-26 14:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\4SZFM77SUR 
2017-06-26 14:37 - 2017-06-26 14:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e 
2017-06-26 11:37 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\J5CU3D2TL0 
2017-06-26 11:37 - 2017-06-26 11:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj 
2017-06-26 08:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\131B5LOBA4 
2017-06-26 08:37 - 2017-06-26 08:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj 
2017-06-25 19:44 - 2017-06-29 00:32 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\Ehqvtion 
2017-06-25 19:44 - 2017-06-25 19:44 - 01611944 _____ (Secure Download Ltd. ) C:\Users\Hakaz7\Downloads\KMSpico_patch 
2017-06-25 19:04 - 2017-07-01 14:47 - 00000000 ____D C:\Program Files (x86)\UCBrowser 
2017-06-05 15:35 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Desktop\Legendas35.zip 
2017-06-05 15:35 - 2017-04-28 01:57 - 04186534 _____ (Legendas Brasil ) C:\Users\Hakaz7\Desktop\Legendas35.exe
2017-06-05 15:31 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Downloads\Legendas35.zip 
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATEN��O 
C:\Program Files (x86)\UCBrowser
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************

Processos fechados com sucesso.
C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh => movido com sucesso
C:\Program Files\D5K6CW0LI8 => movido com sucesso
C:\Users\Hakaz7\AppData\Local\{B281DE83-8424-46E1-9ABB-2F92524F9C4E} => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw => movido com sucesso
C:\Program Files\7K2E40Q4DR => movido com sucesso
C:\Users\Hakaz7\Desktop\Ao proctologista.docx - Atalho.lnk => movido com sucesso
C:\Program Files\BEKAELOWIT => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4 => movido com sucesso
C:\Program Files\NB7ZC33F7V => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3 => movido com sucesso
C:\Users\Hakaz7\Documents\Modelos Personalizados do Office => movido com sucesso
C:\Program Files\78VQBR8YQT => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop => movido com sucesso
C:\Program Files\4SZFM77SUR => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e => movido com sucesso
C:\Program Files\J5CU3D2TL0 => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj => movido com sucesso
C:\Program Files\131B5LOBA4 => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Ehqvtion => movido com sucesso
C:\Users\Hakaz7\Downloads\KMSpico_patch => movido com sucesso

"C:\Program Files (x86)\UCBrowser" pasta mover:

Não pode ser movido "C:\Program Files (x86)\UCBrowser" => Agendado para ser movido na reinicialização.

C:\Users\Hakaz7\Desktop\Legendas35.zip => movido com sucesso
C:\Users\Hakaz7\Desktop\Legendas35.exe => movido com sucesso
C:\Users\Hakaz7\Downloads\Legendas35.zip => movido com sucesso
ucdrv => Não foi possível finalizar o serviço.
HKLM\System\CurrentControlSet\Services\ucdrv => chave removido (a) com sucesso.
ucdrv => serviço removido (a) com sucesso.

"C:\Program Files (x86)\UCBrowser" pasta mover:

Não pode ser movido "C:\Program Files (x86)\UCBrowser" => Agendado para ser movido na reinicialização.

Ponto de Restauração criado com sucesso.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


========= Fim de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 6643328 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 67071122 B
Java, Flash, Steam htmlcache => 1270 B
Windows/system/drivers => 1876815 B
Edge => 77801261 B
Chrome => 68035816 B
Firefox => 0 B
Opera => 107525006 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 874 B
NetworkService => 71450 B
Hakaz7 => 59723873 B
aldem => 0 B

RecycleBin => 1616258837 B
EmptyTemp: => 1.9 GB de dados temporários Removidos.

================================

Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 04-07-2017 23:50:04)

"C:\Program Files (x86)\UCBrowser" => Não pode ser movido
"C:\Program Files (x86)\UCBrowser" => Não pode ser movido

==== Fim de Fixlog 23:50:09 ====

 

Editado por Aldemir Pinheiro
expondo meu ponto de vista e fiz uma pergunta anteriormente dada como afirmação
0

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Tarde! Aldemir Pinheiro _\

 

[Adw.Wizzcaster] 413UK2YQ5.exe(5224) -- C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe[-] -> Encontrado
[Adw.Wizzcaster] K98SCZW5C.exe(5624) -- C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe[-] -> Encontrado

---

---

> Quantoa aos arquivos,foram detectados por RogueKillercomo adwares.

 

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

 

> Ou daqui: < AdwCleaner > << Link!
> Ao acessar,clique em "Download Now".

> Salve-o no desktop!
> Desabilite seu antivírus!

 

< Executar_Administrador.jpg >

 

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

 

x3PdXSYF.jpg

 

> Clique "Ferramentas" >> "Opções".

 

9dMG19qG.jpg

 

> Estando em "Opções",deixe as configurações conforme este banner.
> Clique "Ok".

 

72mv88Rt.jpg

 

> Ps: Dê início ao scan,clicando em "Verificar". 

 

AdwCleaner_Limpar_zps06005ae9.jpg

 

> Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatorio".
> Poste: < C:\AdwCleaner\AdwCleaner[C0].txt > 

 

[Abs]

1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Que bom! DigRam que foram encontrados

o RogueKiller detectou como adwares, isso é ótimo que será eliminado. da trabalho mas valeu muito a pena.

adwcleaner este aqui é uma pena que você perde todas as extensões se não tiver anotado, se as mesmas forem essenciais para o uso da navegação, mas vale a pena, sua ajuda analise e remoção

recupera todo meu computador e isso é o suficiente! sem reclamações   

 

AdwCleaner segue o log: abraços! 

____________________________________________________________________________

# AdwCleaner v6.047 - Relatório criado 05/07/2017 às 15:35:36
# Atualizado em 19/05/2017 por Malwarebytes
# Banco de dados : 2017-07-05.1 [Local]
# Sistema operacional : Windows 10 Pro  (X64)
# Usuário : Hakaz7 - ADMINISTRADOR
# Executando de : C:\Users\Hakaz7\Desktop\adwcleaner_6.047.exe
# Modo: Limpo
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

[-] Serviço excluído:ucdrv
[-] Serviço excluído:cfidsk


***** [ Pastas ] *****

[-] Pasta excluída:C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp


***** [ Arquivos ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Atividades agendadas ] *****

***** [ Registro ] *****

[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] Chave excluída:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Chave excluída na reinicialização:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Chave excluída na reinicialização:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[#] Chave excluída na reinicialização:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[-] Chave excluída:HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\MICROSOFT\wewewe
[-] Chave excluída:HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\PopWnd
[#] Chave excluída na reinicialização:HKCU\Software\MICROSOFT\wewewe
[#] Chave excluída na reinicialização:HKCU\Software\PopWnd
[#] Chave excluída na reinicialização:[x64] HKCU\Software\MICROSOFT\wewewe
[#] Chave excluída na reinicialização:[x64] HKCU\Software\PopWnd
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\DMunversion
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\babycp.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qtipr.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.babycp.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\babycp.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qtipr.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qtipr.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qtipr.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.babycp.com
[-] Chave excluída:HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Valor apagado:HKCU\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Chave excluída:HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
[-] Valor apagado:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
[-] Valor apagado:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [3DM]
[-] Valor apagado:HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [YeaDesktop.exe]


***** [ Verificando navegadores ... ] *****

[-] [C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminado:ipmkfpcnmccejididiaagpgchgjfajgp
[-] [C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Eliminado:br.ask.com


*************************

:: Configurações Winsock restauradas
:: "Image File Execution Options" chaves excluídas
:: Configurações Proxy restauradas
:: Políticas do IE excluídas
:: Políticas do Chrome excluídas
:: As preferências do Chrome são redefinidas:C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default
:: As preferências do Chrome são redefinidas:C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Profile 1
!! As preferências do Chrome não são redefinidas:C:\Users\aldem\AppData\Local\Google\Chrome\User Data\Default
:: Arquivo de hosts cancelado

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11144 Bytes] - [05/07/2017 15:35:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [10776 Bytes] - [05/07/2017 15:29:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [10847 Bytes] - [05/07/2017 15:32:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11366 Bytes] ##########
 

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Tarde! Aldemir Pinheiro _\

 

> Baixe: < Sophos Virus Removal Tool >
> Salve Sophos Virus Removal Tool.exe ao desktop!
> Execute-o! -> (Run) -> Clique "Next".
> Aceite os termos de licença! (I accept the terms in this license agreement)
> Clique duas vezes "Next" e "Next".
> Clique "Install" >> Finish
> Clique em concluir para iniciar o programa.

 

AIVPFC0H.jpg

 

> Uma vez que o banco de dados de vírus foi atualizado,clique em Iniciar verificação. (Start scanning)

 

oXTPyogV.jpg

 

> Se forem encontradas quaisquer ameaças clique em detalhes,então o arquivo log View... (canto inferior esquerdo)
> Copie e cole os resultados na sua resposta.

 

IQKqmfKA.jpg

 

> Fechar o documento do bloco de notas,feche a tela de detalhes sobre a ameaça e, em seguida, clique em Iniciar limpeza.
> Clique em sair para fechar o programa.

 

[Abs]

1

Compartilhar este post


Link para o post
Compartilhar em outros sites

olá DigRam 

só tem um problema ele elimina uma ameaça por vez e para cada ameaça ele faz um novo reboot ao invés deu apareceu number threats 2 cleanup fiz o reboot eliminei 1 ameaça apos o reboot  a segunda threats só que ao inves de apertar em cleanup para eliminar o segunda ameça eu cliquei novamente em scan aí ele não achou mais a encontrou anteriormente sendo que só limpou

uma sendo que havia duas.  deseja que eu novos logs do FRST?

 

segue logs Sophos Virus Tool: 

____________________________________________________________________________________________

 

2017-07-06 01:17:45.377    Sophos Virus Removal Tool version 2.6.1
2017-07-06 01:17:45.377    Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-07-06 01:17:45.377    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-07-06 01:17:45.377    Windows version 6.2 SP 0.0  build 9200 SM=0x100 PT=0x1 WOW64
2017-07-06 01:17:45.379    Checking for updates...
2017-07-06 01:17:45.779    Update progress: proxy server not available
2017-07-06 01:18:06.893    Option all = no
2017-07-06 01:18:06.893    Option recurse = yes
2017-07-06 01:18:06.938    Option archive = no
2017-07-06 01:18:06.938    Option service = yes
2017-07-06 01:18:06.938    Option confirm = yes
2017-07-06 01:18:06.938    Option sxl = yes
2017-07-06 01:18:06.938    Option max-data-age = 35
2017-07-06 01:18:06.938    Option vdl-logging = yes
2017-07-06 01:18:07.006    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-07-06 01:18:07.006    Machine ID:    e0d67e511372412e98fbf10bfe5598f3
2017-07-06 01:18:07.015    Component SVRTcli.exe version 2.6.1
2017-07-06 01:18:07.015    Component control.dll version 2.6.1
2017-07-06 01:18:07.015    Component SVRTservice.exe version 2.6.1
2017-07-06 01:18:07.015    Component engine\osdp.dll version 1.44.1.2286
2017-07-06 01:18:07.015    Component engine\veex.dll version 3.68.6.2286
2017-07-06 01:18:07.015    Component engine\savi.dll version 9.0.7.2286
2017-07-06 01:18:07.016    Component rkdisk.dll version 1.5.31.1
2017-07-06 01:18:07.016    Version info:    Product version    2.6.1
2017-07-06 01:18:07.016    Version info:    Detection engine    3.68.6
2017-07-06 01:18:07.016    Version info:    Detection data    5.40
2017-07-06 01:18:07.016    Version info:    Build date    30/05/2017
2017-07-06 01:18:07.016    Version info:    Data files added    313
2017-07-06 01:18:07.016    Version info:    Last successful update    (not yet updated)
2017-07-06 01:18:09.069    Downloading updates...
2017-07-06 01:18:09.073    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-07-06 01:18:09.073    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-06 01:18:09.073    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-06 01:18:09.073    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-07-06 01:18:09.073    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-07-06 01:18:09.073    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-07-06 01:18:09.073    Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-07-06 01:18:09.073    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-07-06 01:18:09.074    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product IDE542 LATEST path=]
2017-07-06 01:18:09.074    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-07-06 01:18:09.074    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-06 01:18:09.452    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-07-06 01:18:09.452    Update progress: [I19463] Product download size 166581621 bytes
2017-07-06 01:18:34.347    Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-07-06 01:18:34.348    Update progress: [I19463] Product download size 2265483 bytes
2017-07-06 01:18:36.182    Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-07-06 01:18:36.182    Update progress: [I19463] Product download size 2018230 bytes
2017-07-06 01:18:37.786    Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-07-06 01:18:37.786    Update progress: [I19463] Product download size 644214 bytes
2017-07-06 01:18:38.262    Installing updates...
2017-07-06 01:18:39.068    Error level 1
2017-07-06 01:18:55.233    Update successful
2017-07-06 01:19:07.405    Option all = no
2017-07-06 01:19:07.405    Option recurse = yes
2017-07-06 01:19:07.405    Option archive = no
2017-07-06 01:19:07.405    Option service = yes
2017-07-06 01:19:07.405    Option confirm = yes
2017-07-06 01:19:07.405    Option sxl = yes
2017-07-06 01:19:07.407    Option max-data-age = 35
2017-07-06 01:19:07.407    Option vdl-logging = yes
2017-07-06 01:19:07.436    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-07-06 01:19:07.436    Machine ID:    e0d67e511372412e98fbf10bfe5598f3
2017-07-06 01:19:07.437    Component SVRTcli.exe version 2.6.1
2017-07-06 01:19:07.437    Component control.dll version 2.6.1
2017-07-06 01:19:07.437    Component SVRTservice.exe version 2.6.1
2017-07-06 01:19:07.437    Component engine\osdp.dll version 1.44.1.2286
2017-07-06 01:19:07.437    Component engine\veex.dll version 3.68.6.2286
2017-07-06 01:19:07.437    Component engine\savi.dll version 9.0.7.2286
2017-07-06 01:19:07.438    Component rkdisk.dll version 1.5.31.1
2017-07-06 01:19:07.438    Version info:    Product version    2.6.1
2017-07-06 01:19:07.438    Version info:    Detection engine    3.68.6
2017-07-06 01:19:07.438    Version info:    Detection data    5.40
2017-07-06 01:19:07.438    Version info:    Build date    30/05/2017
2017-07-06 01:19:07.438    Version info:    Data files added    313
2017-07-06 01:19:07.438    Version info:    Last successful update    05/07/2017 22:18:55

2017-07-06 01:47:06.592    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\1\Registrypatch.exe
2017-07-06 01:47:06.602    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\1\Registrypatch.exe
2017-07-06 01:47:09.575    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\2\Registrypatch.exe
2017-07-06 01:47:09.575    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\2\Registrypatch.exe
2017-07-06 01:51:57.839    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe
2017-07-06 01:55:56.435    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe
2017-07-06 01:58:29.559    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\4PKCUNJOVT\HEQR3MPPU.exe
2017-07-06 01:58:29.965    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\4PKCUNJOVT\uninstaller.exe
2017-07-06 01:58:30.201    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\694ASJ82FT\694ASJ82F.exe
2017-07-06 01:58:30.354    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\694ASJ82FT\uninstaller.exe
2017-07-06 01:58:33.730    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe
2017-07-06 01:58:40.125    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe
2017-07-06 01:58:40.429    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\RLR47SCMCK\RLR47SCMC.exe
2017-07-06 01:58:40.640    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\RLR47SCMCK\uninstaller.exe
2017-07-06 01:58:41.362    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\0skpobfw0eo\7F1D7.exe
2017-07-06 02:18:56.331    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\7K2E40Q4DR\413UK2YQ5.exe
2017-07-06 02:18:56.352    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:18:56.352    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:18:56.352    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:00.898    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\7K2E40Q4DR\uninstaller.exe
2017-07-06 02:19:00.898    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:00.899    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:00.899    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:05.057    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\D5K6CW0LI8\K98SCZW5C.exe
2017-07-06 02:19:05.057    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:05.057    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:05.058    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:09.097    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\D5K6CW0LI8\uninstaller.exe
2017-07-06 02:19:09.097    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:09.097    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:09.097    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:41.568    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\ZBeAlTQs36\updengine.exe
2017-07-06 02:19:41.569    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:41.569    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:41.569    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:49.790    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\0vegnqyiip3\0tcets4rqji.exe
2017-07-06 02:19:49.791    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:49.791    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:49.791    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:54.123    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj\pkghddf0hlo.exe
2017-07-06 02:19:54.123    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:54.123    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:54.123    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:01.415    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe
2017-07-06 02:20:01.416    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:01.416    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:01.416    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:05.557    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\nar5sit5k5e\g535xe2lo02.exe
2017-07-06 02:20:05.558    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:05.558    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:05.558    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:09.669    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\pzaonjy5alj\g5zb2q2gx3a.exe
2017-07-06 02:20:09.669    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:09.669    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:09.669    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:39.695    >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\y22qjezlqop\cz1qwc0wjes.exe
2017-07-06 02:20:39.695    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:39.695    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:39.695    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:40.060    Could not open C:\pagefile.sys
2017-07-06 02:29:21.735    Could not open C:\swapfile.sys
2017-07-06 02:29:25.847    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:29:25.848    Could not open C:\System Volume Information\{6678098f-5fd2-11e7-9e82-b499bafded39}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:29:25.848    Could not open C:\System Volume Information\{801a60fd-6106-11e7-9e85-b499bafded39}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:29:25.849    Could not open C:\System Volume Information\{d9d768aa-61b0-11e7-9e88-b499bafded39}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:31:02.153    Could not open C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Current Session
2017-07-06 02:31:02.153    Could not open C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2017-07-06 02:52:17.392    Could not open C:\WINDOWS\System32\config\BBI
2017-07-06 02:52:17.646    Could not open C:\WINDOWS\System32\config\RegBack\DEFAULT
2017-07-06 02:52:17.657    Could not open C:\WINDOWS\System32\config\RegBack\SAM
2017-07-06 02:52:17.659    Could not open C:\WINDOWS\System32\config\RegBack\SECURITY
2017-07-06 02:52:17.676    Could not open C:\WINDOWS\System32\config\RegBack\SOFTWARE
2017-07-06 02:52:17.686    Could not open C:\WINDOWS\System32\config\RegBack\SYSTEM
2017-07-06 03:17:29.196    Could not open LOGICAL:0003:00000000
2017-07-06 03:17:29.198    Could not open D:\
2017-07-06 03:20:39.356    The following items will be cleaned up:
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
2017-07-06 03:20:39.356    Mal/Generic-S
 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Tarde! Aldemir Pinheiro _\

 

Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\ <<

 

Vemos que as detecções do engenho da Sophos,ficaram restritas a pasta "Quarantine" da FRST.

Manualmente,vá até a esta pasta e delete seu conteúdo!

 

HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect

>

> Informações ao Registro que estão associadas as entradas quarentenadas.

 

Citar

 

As detecções apontam esta subchave ou valor ligado ao Mal/Generic-S

Citar

Virtual Internet Explorer (IE) vem com um conjunto de configurações padrão que são adequados para a maioria das circunstâncias; no entanto, editando o arquivo de definição de camada (ldf) usado para criar o aplicativo virtual é possível personalizar o IE para atender às necessidades específicas do cliente. Este artigo descreve como editar o ldf para personalizar o IE para atender às necessidades específicas do cliente.

Pelo visto,as entradas estão ligadas ao Virtual Internet Explorer (IE).

 

> Baixe: < 2wZxkvW.jpg > ( ... by Malwarebytes.org )

> Ou aqui! < JRT.exe >
> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...

Executar_Administrador.jpg

> Tendo dificuldades,pode executá-lo em Modo de Segurança com Rede.

KRBKDhB8.jpg

> Aguarde a conclusão e poste o relatório. ( JRT.txt )
 

[Abs]


 

1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá DigRam boa noite

Desculpa DigRam  Mal/Generic-S   eu não consigo encontrar

Não entendi muito bem, desculpa minha ignorância:  devo deletar a pasta quarentine do FRST é isso ?!  se não for, por favor  me dê um passo a passo, me oriente melhor. 

 

Não entendi quase nada, não entendi o que fazer com:

 

HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect 

 

referente a:

https://www.symantec.com/connect/articles/how-customize-virtual-internet-explorer-settings

não sei o que dizer, a respeito do seu trabalho para resolver problemas de quem você presta sereviço, é admiravel. requer muito estudo, esforço, mesmo sendo para resolver um problema individualmente de pessoa ou cliente para desinfecção. admirável. Que você seja bem recompensado por isso. Obrigado!

 

Não esquecendo também, Obrigado por expor o artigo. grato! assim ficamos sabendo o pq de as vezes poder ocorrer alguma demora para você retornar a responder, pois muito vai depender do grau de dificuldade de estudo, a respeito da desinfecção de certo vírus:  como acha-lo e para onde foi instalado e se alojou. assim fica claro pra nós, não pré-julga-los (especialista em remoção de malwares). 

 

continuando:

sobre o JRT sei marromeno o que fazer rsrs : seguir as orientações acima

 

a respeito da minha duvida não esqueça de responder por favor ou desenhar. Certo?!

té logo:thumbsup:

 

 

 

 

 

 

 

 

 

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Noite! Aldemir Pinheiro _\

 

Análise de logs não é tarefa fácil e requer longos períodos de preparação,que tive com jgarcia. Este foi instrutor do Linha Defensiva e Membro renomado aqui do iMasters.

Quanto a limpeza da pasta Quarantine,fiz referência ao seu conteúdo.

E as informações ao Registro,removerei posteriormente,por meio de script a ZA-Scan. Esta ferramenta será pedida após o relatório da JRT.

 

[Abs]

1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam

9 horas atrás, DigRam disse:

/_ Boa Noite! Aldemir Pinheiro _\

 

Análise de logs não é tarefa fácil e requer longos períodos de preparação. que tive com jgarcia.

 

 

realmente!

9 horas atrás, DigRam disse:
9 horas atrás, DigRam disse:

jgarcia. Este foi instrutor do Linha Defensiva e Membro renomado aqui do iMasters.

 

poxa que bacana em DigRam

 

 

 

 

aliás o que aconteceu com o linha defensiva? (não me refiro ao forum) eu os acompanhava, havia boas materias referente a segurança da informação lembro-me da divulgação duma  palestra para quem podesse estar presente numa conferencia dum norte-americano aqui no brasil no brasil para falar a respeito de segurança (sobre Edward Snowden e +) show de bola velho, materias excelentes. foi aí que comecei seguir o jornalista Glenn Greenwald em diante.  mas parece que na metade de 2015 o site do linha defensiva  deixou de dar continuidade ao seu conteúdo. uma pena.

 

sobre a pasta quarentine vcê fez referencia ao seu conteúdo, eu subentendi que você me informava a respeito do procedimento. 

então não fiz nada não deletei deixei como está.

 

log JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64 
Ran by Hakaz7 (Administrator) on 07/07/2017 at  7:49:39,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/07/2017 at  7:52:37,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Postado (editado)

/_ Boa Tarde! Aldemir Pinheiro_\

 

O site LD passou por reformulações nestes últimos anos,pelo que pude constatar. Mas o Fórum continua com boa qualidade no atendimento aos seus Membros.

 

big-logo-stig-viewer.73e9471b7500cf82b2e

 

Visitando stigviewer.com,encontramos mais informações ao valor/parâmetro que a Sophos detectou,como Mal/Generic-S.

 

Citar

Este parâmetro avisa o usuário de que a entrada do formulário está sendo redirecionada para outro site da Web. Como o formulário pode conter dados confidenciais, o usuário deve ser avisado de que os dados não estão sendo direcionados para o site que o usuário estava usando. Isso permite que o usuário tome uma decisão se os dados no formulário forem apropriados para inclusão no novo site da Web.

 

Eis a função do valor nas entradas detectadas pela Sophos e que devem ter a REG_DWORD igual a 1,ao parâmetro WarnOnPostRedirect.

 

http://imgur.com/a/TMFi9

 

Abra o Editor do Registro e navegue até as sucessivas chaves,onde ao chegar a Internet Settings,verifique se encontra o valor na dword igual a 1. Caso encontre diferente de 1,pode modificar!

 

[HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

WarnOnPostRedirect=Dword:00000001

 

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]

WarnOnPostRedirect=Dword:00000001

 

[]s

Editado por DigRam
1

Compartilhar este post


Link para o post
Compartilhar em outros sites

oi DigRam, boa tarde

 

desejo comprar o livro dum autor chamado renato cesar bini 

este livro está disponivel a venda somente no seu site oficial 

só tem um problema 

o site pede para instalar plug-in do adobe flash player 

que desejo muito adquirir 

não sei se é confiável

e não entendo pq alguns sites pedem esses plug-in 

o site é de 2009 talvez seja pq é independente e esteja desatualizado. 

melhor não fazer login em nenhuma rede social há procura-lo pessoalmente via facebook já que como citado por você: 

meus dados confidenciais de usuário pode ser redirecionadas a outros sites da web 

tentarei seguir suas recomendações e logo,  como também vou tentar encontrar no youtube par saber como abrir

o editor de registro e dar continuidade  no prosseguimento por  tentativa e erro de informações do google.

aliás posso fazer pergunta nesta sala recomendado por você?

essa é a hora que eu estou mais precisando pois eu ainda não fiz nenhuma nem a visitei.

 

 

Em 30/06/2017 at 22:39, DigRam disse:

http://www.hardware.com.br/comunidade/area/seguranca-debates-duvidas-dicas-etc.59/

 

> Quanto a pergunta sobre a sala em questão,recomendo o acesso ao GdH neste link àcima. Se o Komm lhe atender,suas chances de êxito serão elevadas.

 

 

 

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Crie uma nova conta em nossa comunidade. É fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora

  • Próximos Eventos

  • Conteúdo Similar

    • Por Alerio de Brito Silva
      Boa Noite! Há algum tempo quando baixava uns arquivos fui direcionado para sites e devo ter instalado algum programa e/ou extensão no meu computador. Quando inicio o computador aparece rapidamente um prompt de comando que parece executar algo. A partir desse tempo o computador ficou muito lento.
       
      Addition.txt: http://www.cjoint.com/c/GGsbneP2RtN
      FRST.txt: http://www.cjoint.com/c/GGsboi7vavN
    • Por Mário Monteiro
      Bom dia, acredito que cliquei em algum banner malicioso pois o computador vem apresentando mau funcionamento
       
       A internet nele cai de repente sendo necessário reiniciar para funcionar novamente e as vezes é preciso forçar o desligamento pois o menu do windows para de funcionar também.
       
      FRST
       
      Addition
       
      No Aguardo
       
      Obrigado
    • Por darthandre
      Olá iMasters,
       
      Meu computador tem apresentado lentidão para navegar na internet e também problema no DNS.
       
      Fiz uma alteração manual no Internet Protocol Version 4 no Preferred DNS Server com a sequência 8.8.8.8 e no Alterned 4.4.4.4 que faz ele funcionar em algumas redes e em outras não.
       
      Gostaria de pedir ajuda para resolver este problema.
       
      Os links dos relatórios são estes:
       
      http://www.cjoint.com/c/GDDrCVwORHE
      http://www.cjoint.com/c/GDDrUhQaHWE
       
      Agradeço desde já pela ajuda.