Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Hercules Lima Coelho Junior

Como eliminar vírus de computador

Recommended Posts

Olá, peço por gentileza ajuda para limpar meu computador. Montei recentemente esse computador com peças usadas de outras máquinas e noto um comportamento lento e bugs aleatórios.  Passei o malwarebytes e deu uma limpada básica, mas tenho certeza que ha mais vírus para eliminar.   

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Hercules Lima Coelho Junior

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.
 

ETAPA 3


Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.nicolascoolman.com/download/zhpcleaner/


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 11/06/18
Hora da análise: 20:37
Arquivo de registro: 5e7ff946-6dd0-11e8-b64d-001e8c0c8016.json
Administrador: Sim

-Informação do software-
Versão: 3.5.1.2522
Versão de componentes: 1.0.374
Versão do pacote de definições: 1.0.5442
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: Cliente-PC\Cliente

-Resumo da análise-
Tipo de análise: Análise Customizada
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 247620
Ameaças detectadas: 80
Ameaças em quarentena: 77
Tempo decorrido: 2 hr, 7 min, 19 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 1
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarentena, [209], [-1],0.0.0

Valor de registro: 1
PUP.Optional.Wajam, HKU\S-1-5-21-4209925806-650222567-1087137950-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [209], [-1],0.0.0

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 2
PUP.Optional.Wajam, C:\Program Files\WaInterEnhance\WaInterEnhance Internet Enhancer, Quarentena, [209], [180347],1.0.5442
PUP.Optional.Wajam, C:\Program Files\WaInterEnhance, Quarentena, [209], [180347],1.0.5442

Arquivo: 76
PUP.Optional.Wajam, C:\Program Files\WaInterEnhance\WaInterEnhance Internet Enhancer\makecert.exe, Quarentena, [209], [180347],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WIN7_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WIN7_X86\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WLH_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WLH_X86\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WNET_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WNET_X86\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WXP_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WXP_X86\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\ASCDOWNLOAD.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\ASCINIT.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\AUTOSWEEP.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\AUTOCARE.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\ASCUPGRADE.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DISKDEFRAG.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DISPLAY.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\REPORT.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\REPROCESS.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\AUTOUPDATE.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\RESCUECENTER.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\REGISTER.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\OFCOMMON.DLL, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\MONITORDISK.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\WIZARD.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\PERFORMUPDATE.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\SURFING PROTECTION\BROWERPROTECT\ASCPLUGIN_PROTECTION.DLL, Quarentena, [4502], [396386],1.0.5442
Generic.Malware/Suspicious, C:\USERS\CLIENTE\APPDATA\ROAMING\Microsoft\Windows\Recent\zoek.lnk, Nenhuma ação do usuário, [0], [392686],1.0.5442
Generic.Malware/Suspicious, D:\DOWNLOADS\ZOEK.ZIP, Nenhuma ação do usuário, [0], [392686],1.0.5442
Generic.Malware/Suspicious, C:\USERS\CLIENTE\CLIENTE-PC\BTHUDTASK.EXE, Quarentena, [0], [392686],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATECATTVYIL, Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATECAXCH01R, Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATECAZL3GQN, Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[10], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[11], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[1], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[2], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[3], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[4], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[5], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[6], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[7], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[8], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[9], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.Wajam, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WIE_2.21.2.31[1].EXE, Quarentena, [209], [8795],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATECAK091TZ, Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATECAWBHSHR, Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[11], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[10], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[1], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[2], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[3], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[4], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[5], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[6], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[7], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[8], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[9], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[10], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[1], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[3], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[4], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[5], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[6], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[7], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[8], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[9], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[10], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[1], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[2], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[3], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[4], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[5], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[6], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[7], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[8], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[9], Quarentena, [13698], [275200],1.0.5442

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

 

 

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-07.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-11-2018
# Duration: 00:00:23
# OS:       Windows 7 Home Premium
# Cleaned:  331
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\IObit\Advanced SystemCare V8
Deleted       C:\Program Files\Common Files\IObit\Advanced SystemCare V8
Deleted       C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted       C:\Users\Cliente\AppData\LocalLow\IObit\Advanced SystemCare V8
Deleted       C:\Users\Cliente\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted       C:\ProgramData\IObit\ASCDownloader
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
Deleted       C:\Program Files\predm
Deleted       C:\Program Files\globalUpdate

***** [ Files ] *****

Deleted       C:\Users\Cliente\Desktop\MiPony.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFECE44A-B812-47EE-B91B-F302E6199}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF7EE338-2C71-42C7-BB2D-36A5334CF9D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE8E9952-1858-43B8-B62E-88E51E747854}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD4032BD-E5A2-4343-B039-5DC778D1D6CF}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC7A6846-96D7-4C7F-8581-8E67EFFDB9C3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC77F687-E0BE-4FBC-B2E5-DACCDA6A458C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB6AE133-B27E-4EEC-AAC1-17E147B51F5B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB496961-D15F-41E4-A132-DF9B1629B1A4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB0DB1C7-98E5-4BE1-8FB2-9FBA6923C7B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FADA6F73-92A8-411C-BC78-2465FE9E647}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9F7C2F3-FD8B-4281-B4A3-96C19DC71694}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F94C7A34-730B-43CC-8FC3-700F4288E13}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9330C44-ED85-40B2-863C-4F8FB5C6B26}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F846B6E4-21EC-40CD-AA24-C90F4A062BE}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F818EE15-68BD-4774-AF39-82596E4C30}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7C1C87F-6120-4410-B2EC-5142CE2C92E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F69ADE01-5EA8-4529-BB95-3FC22BCEFFE3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F65117C4-26D4-41F5-BE69-3C41DB7C938A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F491C587-6A62-4801-8056-6ED5E4511D28}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2A53BBD-8224-4EB4-A366-26B0A15E6151}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F21CE924-4307-4477-B84E-BCA5223BAB95}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1C57430-281F-4A75-A3B2-59E3B61B4DA0}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1B91325-C3FC-4D8A-A26D-86EE2DE15562}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F143609-208C-467C-B398-1EC59A8BE756}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF95129F-8F7B-43E3-A6F2-12D82D15E96}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDC42C23-C23-4CB3-8758-764533A64731}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED27EFEF-E2CD-4D6B-BA16-C8F8D5339069}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC568AFE-684E-46E5-B643-CCBF9B2F220}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA087B6-B3FB-4AB7-A397-E74A17A42646}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8D80A8F-106E-4754-A25-FC4EDFD93C2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E48F37F2-42C4-4512-A6E-49A0C8412CA4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C08C2A-2D55-481B-8A3B-ED4D68D92AC8}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E20EAE9-D084-485D-9528-A21FEFB9343F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E052843F-51DB-4E7B-B92F-B94F8896204C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFEFEECE-DAD7-43CE-A5BD-72787B233D5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF90310F-3C9E-4563-9AEA-48CC7D55D558}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE8458CF-14CD-4DB4-B06A-4FB7F329C6D2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE71E237-8746-4A08-A5A6-D66B2EECE9DC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD8A113-BE61-48A2-A197-DE7258FED49F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD636A31-EE63-40BD-8E28-F621BCA75C39}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC4156B1-A3FF-4905-9726-E972B1D86A7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBF71AD0-8515-4D57-B853-DCF9BBE0D283}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBD19704-1FB7-49C5-8EFD-40E75B8E310}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA6B499D-9D2F-443B-BBE5-211FBA25B56}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9F85062-AC2B-42DA-89C9-1D3C71139071}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9A3636D-E442-4F0C-B97A-E44DD279F9A2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D82EC18A-16BF-4719-AC11-62C3E76A523}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7ACE66B-CD6B-47AD-866B-26FBDD7B28D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D751645A-CCFB-4C0F-A0D3-9638A37C7869}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5483940-32E4-46E4-823A-C8C9A636FC88}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D518D8B5-7C9B-4AB9-B892-C6EA4076567}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D331B88C-BDD5-49E3-9D69-4DA584D9F0C5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D18B8C27-2276-4B29-9AA0-E9B6349969C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CEFF1989-41DD-455F-9C9F-EB2C62C5A647}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CEB37FF6-43C2-485E-8DFF-5F402046E879}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB81BE97-9724-4B84-AE71-4F7B62577EDF}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB301580-A262-4355-AA2B-E926B05E265}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB11C0CE-A0D2-42F1-ABFB-2AFB2A403A49}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAF9F44-95DA-4781-8CDA-966B7FD4B836}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CADEE9A0-9D19-4A6E-948-3F22835A3719}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA2FB6E2-2971-4F45-B5BD-B857C22367BA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9F09FFA-C1AE-4D20-B1A3-D186D2FBECFC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9E4CCE9-236A-49BC-91E3-89FD8FC2158}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C93F6EE6-6D0D-4409-95F0-6413EDE7764}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8D3D319-A484-4E0D-99BC-89B788C8E4E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C837896F-4AFC-4E95-A622-E9B0F6843D18}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6F067A7-3D8E-4B9B-B284-97F6779D697}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3EA9807-1FAB-4DF9-B588-CFBAEC9216E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C260F349-659A-4CDE-8BD3-62D22240776C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C05538C0-5636-4FD6-98A8-C2F91546B8B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF0DE853-A476-4A0F-B583-6DC215EF6A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE9EC826-E9D3-4463-98A6-14FD71B8039}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE87596C-3F6B-44A0-86CB-6C1A854DC13E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDB47DB4-3AA2-42B2-9C86-BA24EEB3E46}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD76FB0D-CD56-4385-BD25-F5FEA6DBF21B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD2351B2-184-4684-9AA3-BB7E194D7D73}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC5DD535-C416-48A4-BB18-685D4ED0AE60}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA44771D-382F-4433-A4DF-AD1C2D78691}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B90EF560-FBB4-4B2F-AF10-D1726B3E33F7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B84F2073-C57F-48E2-80B4-ECAECFB87EEB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4EAE81B-27F7-4A9B-8272-8F6449AE076}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4DDEFC4-A373-4726-BB10-2A5954D060DB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3B8FB30-9CD6-4ED0-828C-91D583D1A388}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B24FCEF8-2E2E-47CC-BE43-2683AEC18CEE}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B23DDC4A-4285-4791-8C7A-B230BDA63B2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1D7A36C-DA6B-4A27-939-CE9BC5F190FC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1003F8C-8F9B-4A99-8B54-C59032C9E0B5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF3D3274-A012-4E21-905D-2A5CD15AAA2F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF27858D-8EE8-4A14-9E56-DC4370B18F0}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE0B2F27-633D-4D2D-8551-9FE8ED8C86AC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD53B2B0-5F8A-440A-9191-B832C544ADC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACEAE771-A9EA-43B0-A92E-835C177BBF7A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC66F771-FED2-4212-9D96-F6256EE33840}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABE2E96C-8A4B-417C-A672-8DC9A33F593}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9CEC5B5-8D9D-4D59-A5D4-B38391FFD90}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7D18B1A-5C7-4800-AEA0-C11DA182A835}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7AD6DB2-6FD0-4AE4-A29B-1F7ABF5E343}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6D481A4-6318-40B5-969-E49C8AF8AD6D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5B7F6BC-A4B6-4175-819D-5ED71BC22E2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A56113B4-BF54-4D15-8D13-3DBE359B3868}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A530B57E-6309-4338-AEE0-C1C9404E49A5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1BA66F9-E4B0-4BE2-96F0-DB2FB48DF2DB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A09D8799-AC20-46FB-89BD-BDAD878140C2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F707AE0-90D-46C5-954C-3E7D40DAB00}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9EB12E11-BF64-497D-8D50-A4B09022CEBE}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E9CC2DE-6C8E-4713-9970-77D65E526D4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DD060D-F7FE-442E-831C-67B83648592}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D9C3-214D-4D0D-AFDF-C563D5726A68}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D5A8446-D16-4106-9ACD-EBBA9240AD4C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CCB17BD-652C-403A-879B-A21960766099}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C557EA0-2A47-4237-8E25-F3F1347258E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C21923F-6F1F-4F98-B1EA-EDB678982EF}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BF7A15C-5E9-4968-8524-DD6A7BBB6CA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98D73068-CC68-4253-BC54-15A152177BB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{980FF028-2C4-4814-923C-84A5525061E0}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97BE1F83-869A-4549-B031-F2B1BA97A1}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{977DB34D-A577-416A-B436-A1E5387728C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96D6A15C-C526-40EA-93E4-37CBA09FE2BC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95201C3-AEF1-47CE-8620-6219206BE7D1}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{926B4074-F241-4566-80C-D7761E3BE773}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{925A703C-91AA-48DF-A8EF-36E3982A8BD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E0FF73-ECC4-4F6C-A410-B43D24D78031}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90780A59-4329-4732-A53E-C35F825DD272}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EA2408B-AE3B-47F8-9E1E-13FE4123DEF2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DDD9BC5-E5F9-44EE-AA80-ED35598F6412}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AF7F09F-27E8-426A-8F61-A1D3D8605148}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AF44D07-2CE7-46CF-8E57-919ED152C23}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AD2B685-8D67-476A-92C3-3291D9292E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AA54FC5-50E-4AE2-AAF7-F3FB6369D1}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88FEC3FA-53DC-428E-B162-D9AD8CCCB7DA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88F9EF2D-B25F-41AA-A235-B8F2AD25BF3C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8820AAC9-2486-4653-B64C-ED891F8CE7D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878A16D1-933B-4FBE-9E7-A81E29C114C4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{863B702A-A5A0-46A3-8F1F-C7616767CE7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{845132FE-17D-4FA8-85D5-CC9E6A47BD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84461930-275B-4573-9E98-4F268BFD8EF}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{835CCBB9-8BEB-41D1-85BB-3EAC321A7B32}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82C9A520-5AD0-43AD-8EE8-D0F42D194927}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8257132A-5095-49C5-88F0-4E629EC77E2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82568E72-879A-4EA4-A5EE-E6243080AD8C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{821DD4AB-DA2F-49AE-A7C6-4503496CEDD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81A68AEE-C2B8-4E4C-9E11-F7E4E0A1E66C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{804B5B2-353F-45EA-8323-AB6CD2DB342E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8032D6BE-DCA9-48C9-BC40-AB2E9897F7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E62CA59-3CC2-494C-A68B-376AA0B6A2F5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DBC517C-B804-4E49-89F2-A61FB161AD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C36B9E3-94C6-4AD8-A14B-6E2CCF1D8EE}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C164A8A-BFA6-4637-BF4F-D12C8F3C8352}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A876C0F-114C-4ED0-8ADF-778BCE6E4356}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A200F4A-D6BB-46D3-8C96-788BDCD4BAE3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78A40412-D23D-4F30-ACF1-5D12BB6F50}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{785D79B6-25EB-4183-8781-DE26B2A1FA21}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77C4CE83-77FC-4D45-92E7-7DDB4BF1FFA0}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{770077D8-1709-4334-B10-E9B2317760C5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76926B6C-776D-4C4E-B3DC-A98C300A9CD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75AD674A-8F5B-41EA-831C-F5ADA68CA1D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75A9424-CD25-4389-81CB-F090D8D55D9C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74141BCC-E994-4BF1-8C4B-1A89DCAC248A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71E0F8CE-6731-4EB3-8FB2-F08C5E9BD98E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71693C87-DF03-49D7-B5AE-BB28C1EB343A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71307373-8EA1-4BF1-B192-694C5122AC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{702BD9D3-8EB4-4450-8965-1BE8618297D1}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FCC377C-99C-4ECC-8F8B-6D668DD98525}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E3005DF-68A7-4B00-B6C2-C2FF9375E3D3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CFF70A7-A8F9-4CEE-99EE-A011CB35E4D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CE9A943-78D-478C-A6FA-FACAF8867A64}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C8386A2-80CD-4EC9-832C-EFE1AD2FE4B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AEC1E58-79E8-4F5B-A9A0-CB817F9791B4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AC3E5D6-DD91-4F52-8295-76E975F8787D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68FAABEF-A38A-4B29-8162-42B387FA1FD5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67BCAB3B-D3AE-4CB2-AC7A-BE61A335390}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{671A751C-FA41-4E80-868B-C3C67D44B41}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6652F3FF-F818-417B-ABC9-E5FD4D742A2D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{662F5CD3-30F6-4DC4-AE6A-A64C285E2AD5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65EAFF77-4D87-479E-906A-E14EC812141D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65E962D2-2174-4EE1-B11E-EB203D237EC6}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{657302A3-D20C-4AB5-908A-CB86DCB7B6E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6570CA11-22EC-4706-9B86-F0512C82E4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{654BCB7-3067-47A4-BC7D-BEAB5538AE2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64F3AA88-82D4-4ED8-B3A-532DF58332B6}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{643ECBD9-BB34-4E95-974D-9FA951826D7C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{638A68D7-E4C-464B-A589-99C8D86DCF2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{633B3E9A-4D0F-4B42-87B-FE2EC639BCC4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6316A40-78E8-4616-BEFE-F34F4B3E20A3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62A45D1C-2342-4884-A691-C3569972076}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E9EADD3-DED7-4FD4-B942-B4C968A7FC5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E199FCB-7F9C-4BBE-800-349E94AB43B7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D39935C-5FCF-447E-AA63-E7D52B645F6F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BF0BE2D-7AA5-49FE-992B-C4BF496C1D4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AD3D15E-25B6-4CD1-A4C6-29B276A42AA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59F5A4B5-897B-4972-8F63-55A137C6ADA8}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59E11550-55DE-4296-8196-936EA907578}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5986CB99-769-4DB4-AF37-DEE67B275DC7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5921167E-20E6-4EAA-A9A3-569C9DE0C154}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57C3CC8C-AE08-42A7-B8D0-7385CBCF5753}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5701D7B6-FAAF-4D82-BB6-4D35E371DC72}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56BB947-FF02-400B-88A-9DB7CA83F110}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{569945A-3C0-43F3-A960-ADF5D82E74AA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56720B9-1BF3-430C-AB92-F321F5CB9B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55D91B3F-80FB-486C-A04-E2E37636B39}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{551C93C9-4D54-4EB7-89EA-F5AC6543D38F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{521DEFA6-A79F-4F35-B4AF-1AFE4EC7ACC1}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50C93958-7CD0-4DBA-B379-97D8C1CA755A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FEFBEFF-E83-45CE-BB67-41EBA1BF4B36}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FB04010-5DC8-4A6D-911E-CA8389FEF8B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F971FE9-B3FE-4430-BAC0-BFA842276157}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EBDDDC6-2752-404B-A8DE-431F2C49888}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A56033A-340F-4D56-8FDB-BB91177C723}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48C60B8E-6DAA-4323-A514-F0FADC6B389F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{488F5640-277E-45BB-A8FC-69A0AC8D61C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44E2F02B-A9DD-42A8-A08B-E74BF269E65}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{443D2ECD-47C5-466E-B129-48CCC149EC4E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4323275-E924-482A-98B3-EA7D7A52F5E9}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41091958-1A34-4550-B89E-9F3AB34F3B2C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40AFE0C8-60E-41C0-8D95-9CA522BBFD0}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4070F485-F1FF-43DF-AACC-427664EC2F5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E0302CF-AF9D-4D9C-A737-91A6A758926}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DFDC56F-8F8-4F8F-B7A6-20F3FB5976DB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D4645EC-FDAE-4EE8-AEAE-14C483F2421}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CE06BCB-9E95-4CE4-8297-F9A81AA65D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BD7FBDD-E152-4D33-8665-5AC45C287CCD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B485D82-BF73-4313-A35D-3530D8555B7B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ABAF851-5804-4301-A5A7-A75218ABDAF}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38A238B0-EBED-475A-818D-FF11512C6327}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38550D60-9457-445F-9F37-A3702F3173E6}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3718DBA-6506-4A6E-ADD0-706118A4123E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36C1687-94F4-4386-BBBA-2F0EF1448A4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36691D92-4626-49EF-B023-547D3EC8D123}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35C685B0-7E41-4ABA-8566-F7A96B3D1CC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33A3116E-5185-4A51-AE2-2AADA4CEBB51}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31603910-11F5-41BC-9F67-735B9CCA2811}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31494784-6486-4406-9D9-66533BED2D2B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30C6F0DA-FCF6-4856-9127-455272627559}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EB7B161-8A5-4740-B3F4-B3ECA69542E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BEC5A78-B487-4187-BE71-F1A4F775CD7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BBE736B-D036-4522-97F1-6A82C085459B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A8AC90B-70FE-4F47-8924-60E1C07E57A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A796E22-358E-427B-AB58-8FA9DFF5F59B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A174DA3-C7D8-4372-AB57-5C1216AB851B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27A90012-437-4503-A0B-9838A496813B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{265BD5B4-A907-45FC-B5C-671371EBF1C3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2577094B-B63-46A1-98B2-5F5F9D5CED8D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{254FB69F-F0DD-4F63-BBC7-C68CE33B341}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24BCB4E7-7658-4693-82E2-A9D59CC6C1E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23C6694-6712-447A-BFD-3BB28C728F7A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{239657F4-E4B7-4A87-87E7-EFEFD8CD39E7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{230BAFFB-4E38-4F70-85C-CC34218592E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22115737-38AF-4E8D-BFA9-F4EDACCA56A2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{209D25F6-6A44-493B-8B60-2948E318CE2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2073EAD7-5CF4-4CC3-BD19-E9B6067B192}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2003F8A4-A6DD-40D7-A8B1-304670C1BFA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FAE06AC-294F-4146-B947-113667C343A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F7AE358-4E7A-488A-8C17-8675E366866F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EAD2FC2-6818-4A8D-9BF7-947F9C11ED5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C78FB2C-59C5-4659-8C67-B6F71E5B3767}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C65D6CF-5636-4CE9-AFA4-ADA91F6171F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C3BF27F-FC66-4F22-9157-149FBC7DAF21}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ADCCBAF-B301-4C95-A59D-CE85684DF6D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18363BD8-6201-4551-ADF3-A82B596627D4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{182F9155-9F06-4B21-B9C2-90A11151D2C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1714FA9C-402A-40BA-B7AF-215F4C52AE2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{151A86FB-A9B4-4862-8A8-A298D98547C5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{146A4BDF-8B1B-4BB7-92CE-A222FAC681D5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1393E72-F74D-40AC-BAC4-422D1559C66F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{127ADD27-2BE8-4A4B-93EB-44B3D32F3A7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1224204D-5CF4-4537-902D-54B792E021BB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10112798-989C-4484-A525-50F117D6B75}
Deleted       HKLM\Software\IObit\RealTimeProtector
Deleted       HKLM\Software\IOBIT\ASC
Deleted       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted       HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted       HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted       HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKLM\Software\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted       HKLM\Software\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted       HKLM\Software\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted       HKLM\Software\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted       HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted       HKLM\Software\Conduit
Deleted       HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted       HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted       HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
Deleted       HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Deleted       HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4A0C-9753-B57B9AE272CC}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4E3685BA-8DC3-4141-84BC-B920A0350469}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{12388571-4030-4878-BB52-DBA191EC954D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B6B8D3C1-1AED-4673-8999-EA7ECBFC5382}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{29CADD91-CB6F-4097-9B89-1AC826E7A653}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{ABB04749-F6E2-4077-938C-D94AC5BEE856}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6767E6AB-B3C5-4F9B-BD60-C6406E677039}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B89A1B45-E57A-4E09-8408-270417F37739}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C2227602-1D56-45A1-AC73-00026EF1D661}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8561311E-AA28-4C97-9BB0-949C43F4269D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{922F855D-3443-4CAD-A8A5-B2498F493035}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C93AF7EC-25F4-4F1F-AF18-B11E65CCB012}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3A70A91F-FD06-49D1-B79F-DCB0CC77B4D4}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{07E1CFB5-6BCA-4A99-8A43-A715F8137198}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9DD15E63-7E7D-4752-BD4A-EA6C9603B515}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7327BCC2-5C9A-4E87-B2A6-788EA8EFEE9E}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FE78DD4B-589A-4CD3-9C82-706DE1C52FF9}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{61B286F2-76DF-499E-8F78-4886876E8404}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BCD54FCA-37EF-4798-B19E-C8C4A3CB233F}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B17A70D9-E2F2-4E01-963D-D44F094BAA6B}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{22845139-B03E-47E3-9E6B-69D906548603}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{406850E3-EEC5-49C2-A3D4-1EF4202CD507}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{40255D7A-7B08-4890-AA3E-81EF5CCE9B83}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F0A9091A-16D5-41A0-80BB-52340BDA88F4}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8A90311E-BE4C-4E8B-B8C1-361FE7AD7467}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0684813E-03EF-4ACD-BFCF-22DC6359D198}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FEABE618-8D69-47DF-BD01-FCAFD03499F5}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D56A93EE-E312-4F74-841F-F3F80648BFE0}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6E837777-72D0-49FA-BDD7-51AFA220BDE7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bobrowser.com
Deleted       HKLM\Software\Microsoft\Internet Explorer\Main|Start Page

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask Brasil

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [46877 octets] - [11/06/2018 23:50:29]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 

/----------------------------------------------------------------------------------------------------------------

 

~ ZHPCleaner v2018.6.10.133 by Nicolas Coolman (2018/06/10)
~ Run by Cliente (Administrator)  (12/06/2018 08:56:24)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : D:\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Cliente\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (1)
DELETED data: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad : Port=49301 <-Loopback>]  =>Hijacker.Proxy


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (1)
DELETED task: [AutoKMS] [C:\Windows\Tasks\AutoKMS.job (Not File) ]  =>HackTool.AutoKMS


---\\  Explorer ( File, Folder) (12)
MOVED file: D:\Desktop\µTorrent.lnk  [Bad : C:\Users\Cliente\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVED file: C:\Windows\Tasks\AutoKMS.job    =>HackTool.AutoKMS
MOVED file: C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633    =>Adware.CrossRider
MOVED file: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage    =>.SUP.Superfish
MOVED file: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bobrowser.com_0.localstorage    =>Adware.BoBrowser
MOVED file: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage    =>.SUP.Superfish
MOVED file: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
MOVED file: C:\ProgramData\ntuser.pol    =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}  =>PUP.Optional.Generic
MOVED folder: C:\Windows\AutoKMS  =>HackTool.AutoKMS
MOVED folder: C:\ProgramData\Application Data\IObit\ASCDownloader  =>.SUP.AdvancedSystemCare
MOVED folder: C:\ProgramData\IObit\ASCDownloader  =>.SUP.AdvancedSystemCare


---\\  Registry ( Key, Value, Data) (7)
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net [8]  =>.SUP.AkamaiHD
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\digihelp.info [183]  =>PUP.Optional.DigiHelp
DELETED key*: HKLM\SOFTWARE\ErrorLists-crcodedownloader []  =>Adware.CrossRider
DELETED value: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\\DigiHelp.BOAS.exe [8888]  =>PUP.Optional.DigiHelp
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{D9464AD7-D53D-4A30-9BF5-E1C747D68BF9}C:\users\cliente\appdata\local\akamai\netsession_win.exe [C:\users\cliente\appdata\local\akamai\netsession_win.exe]  =>.SUP.AkamaiHD
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{3582748F-7E19-4DC0-8630-3A36306F370A}C:\users\cliente\appdata\local\akamai\netsession_win.exe [C:\users\cliente\appdata\local\akamai\netsession_win.exe]  =>.SUP.AkamaiHD


---\\  Summary of the elements found (11)
https://nicolascoolman.eu/2017/04/03/hijacker-proxy/  =>Hijacker.Proxy
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/  =>Adware.CrossRider
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Superfish
https://nicolascoolman.eu/2017/10/31/adware-bobrowser/  =>Adware.BoBrowser
https://www.anti-malware.top/2016/04/28/pup-optional-multiplug/  =>PUP.Optional.Multiplug
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Generic
https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/  =>.SUP.AdvancedSystemCare
https://nicolascoolman.eu/2017/12/26/sup-akamaihd/  =>.SUP.AkamaiHD
https://www.anti-malware.top/2016/05/01/pup-optional-digihelp/  =>PUP.Optional.DigiHelp


---\\  Other deletions. (5)
~ Registry Keys Tracing deleted (5)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 383
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h00mn22s

---\\  Reports (2)
ZHPCleaner--12062018-00_21_11.txt
ZHPCleaner-[R]-12062018-08_56_46.txt
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Hercules Lima Coelho Junior

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x86) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Quando a janela da Eula aparecer, clique em Accept.
  • Selecione a aba SCAN
  • Clique em START SCAN
  • Aguarde ate que o scan termine...
  • Clique no botão OPEN REPORT
  • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
  • Clique em OK e feche o RogueKiller.


Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

RogueKiller V12.12.23.0 [Jun 18 2018] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Cliente [Administrador]
Started from : D:\Desktop\RogueKiller_portable32.exe
Modo : Escanear -- Data : 06/18/2018 23:06:32 (Duration : 00:33:58)

¤¤¤ Processos : 1 ¤¤¤
[Test.EICAR] BavSvc.exe(1972) -- C:\Program Files\Baidu-Security-2014-4.4.4.82805\Baidu Antivirus\BavSvc.exe[7] -> Encontrado

¤¤¤ Registro : 9 ¤¤¤
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock | (default) : {0A93904A-BB1E-4a0c-9753-B57B9AE272CC}  -> Encontrado
[Suspicious.Path] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | 2af00358 : "C:\ProgramData\6b407430\cqee7w3qe7.exe" [x] -> Encontrado
[Suspicious.Path] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | 2af00358 : "C:\ProgramData\6b407430\cqee7w3qe7.exe" [x] -> Encontrado
[PUM.SearchPage] HKEY_USERS\S-1-5-21-4209925806-650222567-1087137950-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Encontrado
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3A10BC0C-1DAD-44AB-A19A-7A9C3BA4D42F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Encontrado
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2D7F3265-80D2-4B4B-AA4B-8763C8B22B99} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Encontrado
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3A10BC0C-1DAD-44AB-A19A-7A9C3BA4D42F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Encontrado
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2D7F3265-80D2-4B4B-AA4B-8763C8B22B99} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Encontrado
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 4 ¤¤¤
[PUP.uTorrentAds][Arquivo] C:\Users\Cliente\AppData\Roaming\uTorrent\updates\3.5.3_44428\utorrentie.exe -> Encontrado
[PUP.Gen1][Arquivo] C:\$Recycle.Bin\S-1-5-21-4209925806-650222567-1087137950-1000\$R71G1TG.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418434579&from=amt&uid=SAMSUNGXHD161HJ_S15LJ50PA19545 -> Encontrado
[PUP.Gen1][Arquivo] C:\$Recycle.Bin\S-1-5-21-4209925806-650222567-1087137950-1000\$R85CMKC.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418434579&from=amt&uid=SAMSUNGXHD161HJ_S15LJ50PA19545 -> Encontrado
[Test.EICAR][Arquivo] C:\Program Files\Baidu-Security-2014-4.4.4.82805\Baidu Antivirus\BavFi.dll -> Encontrado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD161HJ ATA Device +++++
--- User ---
[MBR] 9d071d0521dedb6636cb3daabcec6c58
[BSP] d37c5fad6d07e9179d21aff948ad0dc3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 49851 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 102301920 | Size: 102673 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: MAXTOR STM380215AS ATA Device +++++
--- User ---
[MBR] 8265b75b91ce8d95bae8078a2f2f5501
[BSP] 86b58a29eaab1ab3a0bb60ed5e18ab0a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 19 | Size: 76317 MB
User = LL1 ... OK
User = LL2 ... OK

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Hercules Lima Coelho Junior

 

Feche todos os programas

  • Execute RogueKiller.exe.
    ** Usuários do Windows Vista, 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png
  • Quando a Eula aparecer, clique em Accept.
  • Selecione a aba SCAN e clique em START SCAN
  • Aguarde ate que o scan termine.
  • >>>>>>> Navegue entre as abas e marque todas as entradas encontradas <<<<<<<
  • Clique em REMOVE SELECTED
  • Aguarde ate que o programa termine de deletar as infecções.
  • Clique no botão OPEN REPORT e depois em EXPORT TXT
  • Salve como report.txt na sua Área de Trabalho

Abra o arquivo report.txt salvo no sua Área de Trabalho, copie e cole todo o conteudo na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário






Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×