Jump to content
1sefirot1

Computador lento depois de clicar em alguns links suspeitos.

Recommended Posts

Boa tarde turma!

Primeiramente olá aos moderadores e parabéns a todos! Sou usuário do forum "Remoção de Malwares" à décadas, e o trabalho feito aqui é fora de série! 

Bom, faz muito tempo que nao faço uma análise de logs, e o notebook vem estado muito lento após eu ter clicado em alguns links suspeitos enquanto procurava alguns torrents p baixar.

 

Gostaria de deixar o log limpinho por favor, seguem os relatorios:

 

Addition.txt: https://www.cjoint.com/c/LDops5YQRg4

FRST.txt: https://www.cjoint.com/c/LDopt4nDq84

Share this post


Link to post
Share on other sites

/!\ Boa Noite! Gsbad /!\

 

Copie estas informações que estão no spoiler, para o Bloco de Notas.

Salve-o ao desktop, com o nome fixlist.

 

 

Closeprocesses:
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
S3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [38768 2021-05-05] (Avast Software s.r.o. -> Avast Software)
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ca-5868-11eb-a20e-a4bb6d6cde80} - "F:\setup.exe"
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ea-5868-11eb-a20e-a4bb6d6cde80} - "G:\Launcher.exe"
FirewallRules: [TCP Query User{EDD34FE8-FE5B-4EB1-BC0A-2F92A4D579CE}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{1B378227-FA43-4417-BEDA-4A24F9DF6714}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [{B4245339-EC78-46C9-ABF0-53053438013C}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [{14EFBD45-A904-49AC-A438-00FDDE3BF7A0}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{44564E68-EBD2-4DDB-A3F7-3F388ADCE9FF}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{2ED338B5-B27D-42D0-B924-4248C03D39B1}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo
FirewallRules: [{3D49692B-00C0-440E-900F-7BDA5F68FB59}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{C50C87E0-E284-4326-BCED-DE61FAECAA1B}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{BBB0435B-BCDC-462F-A332-CD8DDB6D375E}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{45EC089A-E35B-4EF8-9753-8554F708AEB9}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\ProgramData\Application Data:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Application Data:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [5490]
Hosts:
Emptytemp:

Reboot:

 

Abra a FRST e clique "Corrigir" e aguarde a finalização do scan.

Poste o relatório! (Fixlog.txt)

 

[]s
 

Share this post


Link to post
Share on other sites
12 horas atrás, DigRam disse:

/!\ Boa Noite! Gsbad /!\

 

Copie estas informações que estão no spoiler, para o Bloco de Notas.

Salve-o ao desktop, com o nome fixlist.

 

  Mostrar conteúdo oculto

Closeprocesses:
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
S3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [38768 2021-05-05] (Avast Software s.r.o. -> Avast Software)
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ca-5868-11eb-a20e-a4bb6d6cde80} - "F:\setup.exe"
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ea-5868-11eb-a20e-a4bb6d6cde80} - "G:\Launcher.exe"
FirewallRules: [TCP Query User{EDD34FE8-FE5B-4EB1-BC0A-2F92A4D579CE}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{1B378227-FA43-4417-BEDA-4A24F9DF6714}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [{B4245339-EC78-46C9-ABF0-53053438013C}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [{14EFBD45-A904-49AC-A438-00FDDE3BF7A0}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{44564E68-EBD2-4DDB-A3F7-3F388ADCE9FF}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{2ED338B5-B27D-42D0-B924-4248C03D39B1}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo
FirewallRules: [{3D49692B-00C0-440E-900F-7BDA5F68FB59}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{C50C87E0-E284-4326-BCED-DE61FAECAA1B}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{BBB0435B-BCDC-462F-A332-CD8DDB6D375E}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{45EC089A-E35B-4EF8-9753-8554F708AEB9}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\ProgramData\Application Data:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Application Data:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [5490]
Hosts:
Emptytemp:

Reboot:

 

Abra a FRST e clique "Corrigir" e aguarde a finalização do scan.

Poste o relatório! (Fixlog.txt)

 

[]s
 

 

Bom dia @DigRam

 

Segue o relatório Fixlog.txt:

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 22-04-2022
Executado por gsbad (26-04-2022 08:26:57) Run:1
Executando a partir de C:\Users\gsbad\Desktop
Perfis Carregados: gsbad
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
Closeprocesses:
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
S3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [38768 2021-05-05] (Avast Software s.r.o. -> Avast Software)
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ca-5868-11eb-a20e-a4bb6d6cde80} - "F:\setup.exe"
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ea-5868-11eb-a20e-a4bb6d6cde80} - "G:\Launcher.exe"
FirewallRules: [TCP Query User{EDD34FE8-FE5B-4EB1-BC0A-2F92A4D579CE}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{1B378227-FA43-4417-BEDA-4A24F9DF6714}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [{B4245339-EC78-46C9-ABF0-53053438013C}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [{14EFBD45-A904-49AC-A438-00FDDE3BF7A0}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{44564E68-EBD2-4DDB-A3F7-3F388ADCE9FF}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{2ED338B5-B27D-42D0-B924-4248C03D39B1}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo
FirewallRules: [{3D49692B-00C0-440E-900F-7BDA5F68FB59}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{C50C87E0-E284-4326-BCED-DE61FAECAA1B}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{BBB0435B-BCDC-462F-A332-CD8DDB6D375E}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{45EC089A-E35B-4EF8-9753-8554F708AEB9}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\ProgramData\Application Data:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Application Data:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [5490]
Hosts:
Emptytemp:
Reboot:
*****************

Processos fechados com sucesso.
HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => valor restaurado com sucesso
C:\WINDOWS\system32\GroupPolicy\Machine => movido com sucesso
C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido com sucesso
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => movido com sucesso
C:\ProgramData\NTUSER.pol => movido com sucesso
HKLM\System\CurrentControlSet\Services\aswWintun => removido (a) com sucesso.
aswWintun => o serviço removido (a) com sucesso.
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2927f9ca-5868-11eb-a20e-a4bb6d6cde80} => removido (a) com sucesso.
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2927f9ea-5868-11eb-a20e-a4bb6d6cde80} => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EDD34FE8-FE5B-4EB1-BC0A-2F92A4D579CE}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1B378227-FA43-4417-BEDA-4A24F9DF6714}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4245339-EC78-46C9-ABF0-53053438013C}" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14EFBD45-A904-49AC-A438-00FDDE3BF7A0}" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{44564E68-EBD2-4DDB-A3F7-3F388ADCE9FF}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2ED338B5-B27D-42D0-B924-4248C03D39B1}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D49692B-00C0-440E-900F-7BDA5F68FB59}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C50C87E0-E284-4326-BCED-DE61FAECAA1B}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBB0435B-BCDC-462F-A332-CD8DDB6D375E}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{45EC089A-E35B-4EF8-9753-8554F708AEB9}" => não encontrado (a)
C:\ProgramData => ":chnpbmzkyg" ADS removido (a) com sucesso.
C:\ProgramData => ":YXVtLmh6aQ" ADS removido (a) com sucesso.
C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.
"C:\Users\All Users" => ":chnpbmzkyg" ADS não encontrado (a).
"C:\Users\All Users" => ":YXVtLmh6aQ" ADS não encontrado (a).
"C:\Users\Todos os Usuários" => ":chnpbmzkyg" ADS não encontrado (a).
"C:\Users\Todos os Usuários" => ":YXVtLmh6aQ" ADS não encontrado (a).
"C:\ProgramData\Application Data" => ":chnpbmzkyg" ADS não encontrado (a).
"C:\ProgramData\Application Data" => ":YXVtLmh6aQ" ADS não encontrado (a).
"C:\ProgramData\Dados de Aplicativos" => ":chnpbmzkyg" ADS não encontrado (a).
"C:\ProgramData\Dados de Aplicativos" => ":YXVtLmh6aQ" ADS não encontrado (a).
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 366092028 B
Java, Flash, Steam htmlcache => 451412321 B
Windows/system/drivers => 14816845 B
Edge => 9216 B
Chrome => 2428912016 B
Brave => 763762413 B
Firefox => 209477399 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7274 B
NetworkService => 1460816 B
gsbad => 91672209 B

RecycleBin => 0 B
EmptyTemp: => 4 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 08:32:02 ====

Share this post


Link to post
Share on other sites

/!\ Bom Dia! Gsbad /!\

 

> Baixe: < ZHPCleaner > < 6LcRokv.jpg ... de Nicolas Coolman >

> Ou |Aqui!| << Mirror!

 

Citar


> Caso tenha algum impedimento ao download,assista este tutorial que foi postado no YouTube,para desativar o Windows SmartScreen.

 

> Estando na página,clique 7ukwnm8.jpg

 

> Salve-a ao desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<

 

nDQ00tR.jpg

 

> Ao abrir esta tela,evite clicar em Update ou Atualização,para não ser direcionado ao ZHPBrowser.
> Ps: Feche a mensagem ao clicar no "X".

 

6MKUYyzn.jpg

 

> Com a ferramenta aberta,clique em Scanner.

 

ljOOETD.jpg

 

> Aguarde a conclusão!

 

9g2LW3p.jpg

 

> Ao concluir,clique Repair.

 

88z05Yv.jpg

 

> Ps: Ignore possíveis alertas quanto à sua configuração de rede. (DNS)
> Clique Sim >> Sim!

 

CWxMrxRA.jpg

 

> Surgirão guias que estarão em vermelho,indicando problemas a serem reparados.
> Clique Repair.

 

fN86PG8.jpg

 

> Ao concluir,clique Report.
> Poste o log de reparo: ~ Type : Reparo

 

Citar

file:///C:/Users/xxx../AppData/Roaming/ZHP/ZHPCleaner.html


Ps: Ao clicar "Report",você obterá o relatório,dentre outras informações,em formato HTML.
file:///C:/Users/xxx.../AppData/Roaming/ZHP/ZHPCleaner.txt


Este será seu relatório direto,obtido ao modificar na barra de endereços,de (.html) para (.txt).
Basta selecionar (ctrl + A),copiar (ctrl + C) e colar ao seu Post ou Bloco de Notas. (ctrl + V)

 

dcE3kmT.jpg


Hospede o relatório em Hébergement de fichiers, Security-x.fr.

 

[]s

Share this post


Link to post
Share on other sites

/!\ Boa Noite! Gsbad /!\

 

A lentidão ainda lhe incomoda?

 

> Baixe: < KpRm > ( ... by Kernel Panic )

 

> Clique Download e salve-o ao desktop, como local de destino.

> Na tela,marque:

 

Apagar ferramentas
Deletar pontos de restauração
Criar um ponto de restauração

 

> Eliminar quarentena: Eliminar agora

 

> Clique Executar e aguarde!

> Ao finalizar,clique OK!

 

[]s
 

Share this post


Link to post
Share on other sites

Bom dia @DigRam! A lentidão ja deu uma melhorada, mas o meu google crome ainda esta iniciando com uma aba "ww7.clickseguro.com" q acredito ser algum malware, segue o relatorio:

 

Citar

# Run at 29/04/2022 11:18:54
# KpRm (Kernel-panik) version 2.9.3
# Website https://kernel-panik.me/tool/kprm/
# Run by gsbad from C:\Users\gsbad\Desktop
# Computer Name: GSDELL
# OS: Windows 10 X64 (19043) 
# Number of passes: 1

- Checked options -

    ~ Delete Tools
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines

- Delete Tools -


  ## FRST
     [OK] C:\Users\gsbad\Desktop\Fixlog.txt deleted
     [OK] C:\Users\gsbad\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\gsbad\Desktop\FRST64.exe deleted
     [OK] C:\FRST deleted

  ## TDSSKiller
     [OK] C:\TDSSKiller.3.1.0.28_18.07.2021_16.29.44_log.txt deleted
     [OK] C:\TDSSKiller.3.1.0.28_18.07.2021_16.41.38_log.txt deleted

  ## ZHP Tools
     [OK] C:\Users\gsbad\AppData\Local\ZHP deleted
     [OK] HKCU\SOFTWARE\ZHP deleted

  ## ZHPCleaner
     [OK] C:\Users\gsbad\Desktop\ZHPCleaner (R).txt deleted
     [OK] C:\Users\gsbad\Desktop\ZHPCleaner (S).txt deleted
     [OK] C:\Users\gsbad\Desktop\ZHPCleaner.exe deleted
     [OK] C:\Users\gsbad\Desktop\ZHPCleaner.lnk deleted

- Other Lines -


  ## Quarantines never deleted
    ~ C:\Users\gsbad\AppData\Roaming\ZHP (ZHP)

- Clear Restore Points -

      No system recovery points were found

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ RP named KpRm created at 04/29/2022 14:18:57

-- KPRM finished in 14.49s --

 

Share this post


Link to post
Share on other sites

/!\ Boa Noite! Gsbad /!\

 

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

> Ou daqui: < AdwCleaner > << Link!
> Ao acessar,clique em "Download Now".

> Salve-o ao desktop!
> Desabilite seu antivírus!

 

< Executar_Administrador.jpg >

 

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

> Clique "Definições". 

 

XZTQ4T3.jpg

 

> Estando em "Definições",deixe as configurações conforme este banner.

 

bk0BviF.jpg

 

> Ps: Dê início ao scan,clicando em "Verificar Agora". 
> Ao concluir,clique "Limpar e Reparar".
> Na mensagem,clique "Limpar e Reiniciar".
> Ao concluir,clique "Ver Ficheiro de Registos".    
> Copie e poste o relatório! (Mode: Clean)/(AdwCleaner[C00])

 

[]s

Share this post


Link to post
Share on other sites

Bom dia @DigRam!

 

Citar

# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build:    03-23-2022
# Database: 2022-04-27.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-30-2022
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  11
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\.bgl
Deleted       HKCU\Software\Conduit
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKLM\Software\Wow6432Node\Conduit
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

Deleted       cknghehebaconkajgiobncfleofebcog

***** [ Chromium URLs ] *****

Deleted       Iminent

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings

*************************

AdwCleaner[S00].txt - [2378 octets] - [30/04/2022 08:01:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 

Share this post


Link to post
Share on other sites

/!\ Bom Dia! Gsbad /!\

 

***** [ Chromium (and derivatives) ] *****

Deleted       cknghehebaconkajgiobncfleofebcog

***** [ Chromium URLs ] *****

Deleted       Iminent
>
>

Em relação ao Chrome, a ferramenta detectou uma extensão maliciosa e o Iminent.
Ps: Isto teve influência na remoção do clickseguro.com?

 

[]s
 

Share this post


Link to post
Share on other sites

/!\ Bom Dia! Gsbad /!\


> Abra seu navegador Google Chrome e na barra de endereços, digite: chrome:policy 

> Aperte Enter!


WZ5ji3I.jpg


> Clique no botão "Atualizar políticas".
> Feche o Chrome e abra-o novamente!

 

rCm4x9z.jpg


> Siga este Tutorial que foi publicado no YouTube.

 

https://www.youtube.com/watch?v=YO9ADS0AQ-0

 

> Não resolvendo, você pode tentar estas soluções abaixo.

> Vá em "Personalizar e controlar o Google Chrome" >> Configurações.
> Estando em Configurações, acesse "Pesquisar".
> Clique: "Gerenciar mecanismos de pesquisa..."
> Indo em "Configurações padrão de pesquisa".
> Caso encontre, exclua algum mecanismo que ache suspeito.

> Informe!

 

[]s

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

Ao usar o fórum, você concorda com nossos Terms of Use.