Ir ao conteúdo
  • Cadastre-se
Hercules Lima Coelho Junior

Como eliminar vírus de computador

Recommended Posts

Olá, peço por gentileza ajuda para limpar meu computador. Montei recentemente esse computador com peças usadas de outras máquinas e noto um comportamento lento e bugs aleatórios.  Passei o malwarebytes e deu uma limpada básica, mas tenho certeza que ha mais vírus para eliminar.   

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Hercules Lima Coelho Junior

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.
 

ETAPA 3


Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.nicolascoolman.com/download/zhpcleaner/


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 11/06/18
Hora da análise: 20:37
Arquivo de registro: 5e7ff946-6dd0-11e8-b64d-001e8c0c8016.json
Administrador: Sim

-Informação do software-
Versão: 3.5.1.2522
Versão de componentes: 1.0.374
Versão do pacote de definições: 1.0.5442
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: Cliente-PC\Cliente

-Resumo da análise-
Tipo de análise: Análise Customizada
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 247620
Ameaças detectadas: 80
Ameaças em quarentena: 77
Tempo decorrido: 2 hr, 7 min, 19 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 1
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarentena, [209], [-1],0.0.0

Valor de registro: 1
PUP.Optional.Wajam, HKU\S-1-5-21-4209925806-650222567-1087137950-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [209], [-1],0.0.0

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 2
PUP.Optional.Wajam, C:\Program Files\WaInterEnhance\WaInterEnhance Internet Enhancer, Quarentena, [209], [180347],1.0.5442
PUP.Optional.Wajam, C:\Program Files\WaInterEnhance, Quarentena, [209], [180347],1.0.5442

Arquivo: 76
PUP.Optional.Wajam, C:\Program Files\WaInterEnhance\WaInterEnhance Internet Enhancer\makecert.exe, Quarentena, [209], [180347],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WIN7_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WIN7_X86\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WLH_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WLH_X86\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WNET_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WNET_X86\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WXP_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DRIVERS\WXP_X86\REGISTRYDEFRAGBOOTTIME.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\ASCDOWNLOAD.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\ASCINIT.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\AUTOSWEEP.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\AUTOCARE.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\ASCUPGRADE.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DISKDEFRAG.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\DISPLAY.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\REPORT.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\REPROCESS.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\AUTOUPDATE.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\RESCUECENTER.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\REGISTER.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\OFCOMMON.DLL, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\MONITORDISK.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\WIZARD.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\ADVANCED SYSTEMCARE 8\PERFORMUPDATE.EXE, Excluir ao reiniciar, [4502], [396386],1.0.5442
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES\IOBIT\SURFING PROTECTION\BROWERPROTECT\ASCPLUGIN_PROTECTION.DLL, Quarentena, [4502], [396386],1.0.5442
Generic.Malware/Suspicious, C:\USERS\CLIENTE\APPDATA\ROAMING\Microsoft\Windows\Recent\zoek.lnk, Nenhuma ação do usuário, [0], [392686],1.0.5442
Generic.Malware/Suspicious, D:\DOWNLOADS\ZOEK.ZIP, Nenhuma ação do usuário, [0], [392686],1.0.5442
Generic.Malware/Suspicious, C:\USERS\CLIENTE\CLIENTE-PC\BTHUDTASK.EXE, Quarentena, [0], [392686],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATECATTVYIL, Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATECAXCH01R, Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATECAZL3GQN, Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[10], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[11], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[1], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[2], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[3], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[4], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[5], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[6], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[7], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[8], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WAJAM_UPDATE[9], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.Wajam, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1QHE2Z3R\WIE_2.21.2.31[1].EXE, Quarentena, [209], [8795],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATECAK091TZ, Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATECAWBHSHR, Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[11], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[10], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[1], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[2], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[3], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[4], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[5], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[6], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[7], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[8], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DS553VW\WAJAM_UPDATE[9], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[10], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[1], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[3], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[4], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[5], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[6], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[7], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[8], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QPK12OKN\WAJAM_UPDATE[9], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[10], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[1], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[2], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[3], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[4], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[5], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[6], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[7], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[8], Quarentena, [13698], [275200],1.0.5442
PUP.Optional.InstallI, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S3T8WAY0\WAJAM_UPDATE[9], Quarentena, [13698], [275200],1.0.5442

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

 

 

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-07.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-11-2018
# Duration: 00:00:23
# OS:       Windows 7 Home Premium
# Cleaned:  331
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\IObit\Advanced SystemCare V8
Deleted       C:\Program Files\Common Files\IObit\Advanced SystemCare V8
Deleted       C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted       C:\Users\Cliente\AppData\LocalLow\IObit\Advanced SystemCare V8
Deleted       C:\Users\Cliente\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted       C:\ProgramData\IObit\ASCDownloader
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
Deleted       C:\Program Files\predm
Deleted       C:\Program Files\globalUpdate

***** [ Files ] *****

Deleted       C:\Users\Cliente\Desktop\MiPony.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFECE44A-B812-47EE-B91B-F302E6199}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF7EE338-2C71-42C7-BB2D-36A5334CF9D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE8E9952-1858-43B8-B62E-88E51E747854}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD4032BD-E5A2-4343-B039-5DC778D1D6CF}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC7A6846-96D7-4C7F-8581-8E67EFFDB9C3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC77F687-E0BE-4FBC-B2E5-DACCDA6A458C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB6AE133-B27E-4EEC-AAC1-17E147B51F5B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB496961-D15F-41E4-A132-DF9B1629B1A4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB0DB1C7-98E5-4BE1-8FB2-9FBA6923C7B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FADA6F73-92A8-411C-BC78-2465FE9E647}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9F7C2F3-FD8B-4281-B4A3-96C19DC71694}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F94C7A34-730B-43CC-8FC3-700F4288E13}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9330C44-ED85-40B2-863C-4F8FB5C6B26}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F846B6E4-21EC-40CD-AA24-C90F4A062BE}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F818EE15-68BD-4774-AF39-82596E4C30}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7C1C87F-6120-4410-B2EC-5142CE2C92E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F69ADE01-5EA8-4529-BB95-3FC22BCEFFE3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F65117C4-26D4-41F5-BE69-3C41DB7C938A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F491C587-6A62-4801-8056-6ED5E4511D28}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2A53BBD-8224-4EB4-A366-26B0A15E6151}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F21CE924-4307-4477-B84E-BCA5223BAB95}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1C57430-281F-4A75-A3B2-59E3B61B4DA0}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1B91325-C3FC-4D8A-A26D-86EE2DE15562}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F143609-208C-467C-B398-1EC59A8BE756}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF95129F-8F7B-43E3-A6F2-12D82D15E96}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDC42C23-C23-4CB3-8758-764533A64731}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED27EFEF-E2CD-4D6B-BA16-C8F8D5339069}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC568AFE-684E-46E5-B643-CCBF9B2F220}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA087B6-B3FB-4AB7-A397-E74A17A42646}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8D80A8F-106E-4754-A25-FC4EDFD93C2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E48F37F2-42C4-4512-A6E-49A0C8412CA4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C08C2A-2D55-481B-8A3B-ED4D68D92AC8}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E20EAE9-D084-485D-9528-A21FEFB9343F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E052843F-51DB-4E7B-B92F-B94F8896204C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFEFEECE-DAD7-43CE-A5BD-72787B233D5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF90310F-3C9E-4563-9AEA-48CC7D55D558}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE8458CF-14CD-4DB4-B06A-4FB7F329C6D2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE71E237-8746-4A08-A5A6-D66B2EECE9DC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD8A113-BE61-48A2-A197-DE7258FED49F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD636A31-EE63-40BD-8E28-F621BCA75C39}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC4156B1-A3FF-4905-9726-E972B1D86A7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBF71AD0-8515-4D57-B853-DCF9BBE0D283}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBD19704-1FB7-49C5-8EFD-40E75B8E310}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA6B499D-9D2F-443B-BBE5-211FBA25B56}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9F85062-AC2B-42DA-89C9-1D3C71139071}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9A3636D-E442-4F0C-B97A-E44DD279F9A2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D82EC18A-16BF-4719-AC11-62C3E76A523}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7ACE66B-CD6B-47AD-866B-26FBDD7B28D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D751645A-CCFB-4C0F-A0D3-9638A37C7869}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5483940-32E4-46E4-823A-C8C9A636FC88}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D518D8B5-7C9B-4AB9-B892-C6EA4076567}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D331B88C-BDD5-49E3-9D69-4DA584D9F0C5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D18B8C27-2276-4B29-9AA0-E9B6349969C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CEFF1989-41DD-455F-9C9F-EB2C62C5A647}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CEB37FF6-43C2-485E-8DFF-5F402046E879}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB81BE97-9724-4B84-AE71-4F7B62577EDF}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB301580-A262-4355-AA2B-E926B05E265}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB11C0CE-A0D2-42F1-ABFB-2AFB2A403A49}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAF9F44-95DA-4781-8CDA-966B7FD4B836}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CADEE9A0-9D19-4A6E-948-3F22835A3719}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA2FB6E2-2971-4F45-B5BD-B857C22367BA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9F09FFA-C1AE-4D20-B1A3-D186D2FBECFC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9E4CCE9-236A-49BC-91E3-89FD8FC2158}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C93F6EE6-6D0D-4409-95F0-6413EDE7764}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8D3D319-A484-4E0D-99BC-89B788C8E4E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C837896F-4AFC-4E95-A622-E9B0F6843D18}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6F067A7-3D8E-4B9B-B284-97F6779D697}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3EA9807-1FAB-4DF9-B588-CFBAEC9216E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C260F349-659A-4CDE-8BD3-62D22240776C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C05538C0-5636-4FD6-98A8-C2F91546B8B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF0DE853-A476-4A0F-B583-6DC215EF6A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE9EC826-E9D3-4463-98A6-14FD71B8039}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE87596C-3F6B-44A0-86CB-6C1A854DC13E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDB47DB4-3AA2-42B2-9C86-BA24EEB3E46}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD76FB0D-CD56-4385-BD25-F5FEA6DBF21B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD2351B2-184-4684-9AA3-BB7E194D7D73}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC5DD535-C416-48A4-BB18-685D4ED0AE60}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA44771D-382F-4433-A4DF-AD1C2D78691}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B90EF560-FBB4-4B2F-AF10-D1726B3E33F7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B84F2073-C57F-48E2-80B4-ECAECFB87EEB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4EAE81B-27F7-4A9B-8272-8F6449AE076}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4DDEFC4-A373-4726-BB10-2A5954D060DB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3B8FB30-9CD6-4ED0-828C-91D583D1A388}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B24FCEF8-2E2E-47CC-BE43-2683AEC18CEE}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B23DDC4A-4285-4791-8C7A-B230BDA63B2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1D7A36C-DA6B-4A27-939-CE9BC5F190FC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1003F8C-8F9B-4A99-8B54-C59032C9E0B5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF3D3274-A012-4E21-905D-2A5CD15AAA2F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF27858D-8EE8-4A14-9E56-DC4370B18F0}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE0B2F27-633D-4D2D-8551-9FE8ED8C86AC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD53B2B0-5F8A-440A-9191-B832C544ADC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACEAE771-A9EA-43B0-A92E-835C177BBF7A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC66F771-FED2-4212-9D96-F6256EE33840}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABE2E96C-8A4B-417C-A672-8DC9A33F593}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9CEC5B5-8D9D-4D59-A5D4-B38391FFD90}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7D18B1A-5C7-4800-AEA0-C11DA182A835}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7AD6DB2-6FD0-4AE4-A29B-1F7ABF5E343}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6D481A4-6318-40B5-969-E49C8AF8AD6D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5B7F6BC-A4B6-4175-819D-5ED71BC22E2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A56113B4-BF54-4D15-8D13-3DBE359B3868}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A530B57E-6309-4338-AEE0-C1C9404E49A5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1BA66F9-E4B0-4BE2-96F0-DB2FB48DF2DB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A09D8799-AC20-46FB-89BD-BDAD878140C2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F707AE0-90D-46C5-954C-3E7D40DAB00}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9EB12E11-BF64-497D-8D50-A4B09022CEBE}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E9CC2DE-6C8E-4713-9970-77D65E526D4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DD060D-F7FE-442E-831C-67B83648592}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D9C3-214D-4D0D-AFDF-C563D5726A68}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D5A8446-D16-4106-9ACD-EBBA9240AD4C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CCB17BD-652C-403A-879B-A21960766099}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C557EA0-2A47-4237-8E25-F3F1347258E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C21923F-6F1F-4F98-B1EA-EDB678982EF}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BF7A15C-5E9-4968-8524-DD6A7BBB6CA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98D73068-CC68-4253-BC54-15A152177BB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{980FF028-2C4-4814-923C-84A5525061E0}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97BE1F83-869A-4549-B031-F2B1BA97A1}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{977DB34D-A577-416A-B436-A1E5387728C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96D6A15C-C526-40EA-93E4-37CBA09FE2BC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95201C3-AEF1-47CE-8620-6219206BE7D1}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{926B4074-F241-4566-80C-D7761E3BE773}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{925A703C-91AA-48DF-A8EF-36E3982A8BD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E0FF73-ECC4-4F6C-A410-B43D24D78031}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90780A59-4329-4732-A53E-C35F825DD272}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EA2408B-AE3B-47F8-9E1E-13FE4123DEF2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DDD9BC5-E5F9-44EE-AA80-ED35598F6412}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AF7F09F-27E8-426A-8F61-A1D3D8605148}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AF44D07-2CE7-46CF-8E57-919ED152C23}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AD2B685-8D67-476A-92C3-3291D9292E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AA54FC5-50E-4AE2-AAF7-F3FB6369D1}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88FEC3FA-53DC-428E-B162-D9AD8CCCB7DA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88F9EF2D-B25F-41AA-A235-B8F2AD25BF3C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8820AAC9-2486-4653-B64C-ED891F8CE7D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878A16D1-933B-4FBE-9E7-A81E29C114C4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{863B702A-A5A0-46A3-8F1F-C7616767CE7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{845132FE-17D-4FA8-85D5-CC9E6A47BD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84461930-275B-4573-9E98-4F268BFD8EF}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{835CCBB9-8BEB-41D1-85BB-3EAC321A7B32}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82C9A520-5AD0-43AD-8EE8-D0F42D194927}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8257132A-5095-49C5-88F0-4E629EC77E2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82568E72-879A-4EA4-A5EE-E6243080AD8C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{821DD4AB-DA2F-49AE-A7C6-4503496CEDD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81A68AEE-C2B8-4E4C-9E11-F7E4E0A1E66C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{804B5B2-353F-45EA-8323-AB6CD2DB342E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8032D6BE-DCA9-48C9-BC40-AB2E9897F7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E62CA59-3CC2-494C-A68B-376AA0B6A2F5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DBC517C-B804-4E49-89F2-A61FB161AD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C36B9E3-94C6-4AD8-A14B-6E2CCF1D8EE}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C164A8A-BFA6-4637-BF4F-D12C8F3C8352}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A876C0F-114C-4ED0-8ADF-778BCE6E4356}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A200F4A-D6BB-46D3-8C96-788BDCD4BAE3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78A40412-D23D-4F30-ACF1-5D12BB6F50}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{785D79B6-25EB-4183-8781-DE26B2A1FA21}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77C4CE83-77FC-4D45-92E7-7DDB4BF1FFA0}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{770077D8-1709-4334-B10-E9B2317760C5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76926B6C-776D-4C4E-B3DC-A98C300A9CD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75AD674A-8F5B-41EA-831C-F5ADA68CA1D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75A9424-CD25-4389-81CB-F090D8D55D9C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74141BCC-E994-4BF1-8C4B-1A89DCAC248A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71E0F8CE-6731-4EB3-8FB2-F08C5E9BD98E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71693C87-DF03-49D7-B5AE-BB28C1EB343A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71307373-8EA1-4BF1-B192-694C5122AC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{702BD9D3-8EB4-4450-8965-1BE8618297D1}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FCC377C-99C-4ECC-8F8B-6D668DD98525}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E3005DF-68A7-4B00-B6C2-C2FF9375E3D3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CFF70A7-A8F9-4CEE-99EE-A011CB35E4D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CE9A943-78D-478C-A6FA-FACAF8867A64}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C8386A2-80CD-4EC9-832C-EFE1AD2FE4B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AEC1E58-79E8-4F5B-A9A0-CB817F9791B4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AC3E5D6-DD91-4F52-8295-76E975F8787D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68FAABEF-A38A-4B29-8162-42B387FA1FD5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67BCAB3B-D3AE-4CB2-AC7A-BE61A335390}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{671A751C-FA41-4E80-868B-C3C67D44B41}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6652F3FF-F818-417B-ABC9-E5FD4D742A2D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{662F5CD3-30F6-4DC4-AE6A-A64C285E2AD5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65EAFF77-4D87-479E-906A-E14EC812141D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65E962D2-2174-4EE1-B11E-EB203D237EC6}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{657302A3-D20C-4AB5-908A-CB86DCB7B6E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6570CA11-22EC-4706-9B86-F0512C82E4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{654BCB7-3067-47A4-BC7D-BEAB5538AE2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64F3AA88-82D4-4ED8-B3A-532DF58332B6}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{643ECBD9-BB34-4E95-974D-9FA951826D7C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{638A68D7-E4C-464B-A589-99C8D86DCF2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{633B3E9A-4D0F-4B42-87B-FE2EC639BCC4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6316A40-78E8-4616-BEFE-F34F4B3E20A3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62A45D1C-2342-4884-A691-C3569972076}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E9EADD3-DED7-4FD4-B942-B4C968A7FC5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E199FCB-7F9C-4BBE-800-349E94AB43B7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D39935C-5FCF-447E-AA63-E7D52B645F6F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BF0BE2D-7AA5-49FE-992B-C4BF496C1D4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AD3D15E-25B6-4CD1-A4C6-29B276A42AA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59F5A4B5-897B-4972-8F63-55A137C6ADA8}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59E11550-55DE-4296-8196-936EA907578}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5986CB99-769-4DB4-AF37-DEE67B275DC7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5921167E-20E6-4EAA-A9A3-569C9DE0C154}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57C3CC8C-AE08-42A7-B8D0-7385CBCF5753}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5701D7B6-FAAF-4D82-BB6-4D35E371DC72}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56BB947-FF02-400B-88A-9DB7CA83F110}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{569945A-3C0-43F3-A960-ADF5D82E74AA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56720B9-1BF3-430C-AB92-F321F5CB9B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55D91B3F-80FB-486C-A04-E2E37636B39}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{551C93C9-4D54-4EB7-89EA-F5AC6543D38F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{521DEFA6-A79F-4F35-B4AF-1AFE4EC7ACC1}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50C93958-7CD0-4DBA-B379-97D8C1CA755A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FEFBEFF-E83-45CE-BB67-41EBA1BF4B36}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FB04010-5DC8-4A6D-911E-CA8389FEF8B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F971FE9-B3FE-4430-BAC0-BFA842276157}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EBDDDC6-2752-404B-A8DE-431F2C49888}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A56033A-340F-4D56-8FDB-BB91177C723}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48C60B8E-6DAA-4323-A514-F0FADC6B389F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{488F5640-277E-45BB-A8FC-69A0AC8D61C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44E2F02B-A9DD-42A8-A08B-E74BF269E65}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{443D2ECD-47C5-466E-B129-48CCC149EC4E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4323275-E924-482A-98B3-EA7D7A52F5E9}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41091958-1A34-4550-B89E-9F3AB34F3B2C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40AFE0C8-60E-41C0-8D95-9CA522BBFD0}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4070F485-F1FF-43DF-AACC-427664EC2F5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E0302CF-AF9D-4D9C-A737-91A6A758926}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DFDC56F-8F8-4F8F-B7A6-20F3FB5976DB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D4645EC-FDAE-4EE8-AEAE-14C483F2421}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CE06BCB-9E95-4CE4-8297-F9A81AA65D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BD7FBDD-E152-4D33-8665-5AC45C287CCD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B485D82-BF73-4313-A35D-3530D8555B7B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ABAF851-5804-4301-A5A7-A75218ABDAF}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38A238B0-EBED-475A-818D-FF11512C6327}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38550D60-9457-445F-9F37-A3702F3173E6}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3718DBA-6506-4A6E-ADD0-706118A4123E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36C1687-94F4-4386-BBBA-2F0EF1448A4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36691D92-4626-49EF-B023-547D3EC8D123}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35C685B0-7E41-4ABA-8566-F7A96B3D1CC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33A3116E-5185-4A51-AE2-2AADA4CEBB51}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31603910-11F5-41BC-9F67-735B9CCA2811}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31494784-6486-4406-9D9-66533BED2D2B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30C6F0DA-FCF6-4856-9127-455272627559}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EB7B161-8A5-4740-B3F4-B3ECA69542E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BEC5A78-B487-4187-BE71-F1A4F775CD7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BBE736B-D036-4522-97F1-6A82C085459B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A8AC90B-70FE-4F47-8924-60E1C07E57A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A796E22-358E-427B-AB58-8FA9DFF5F59B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A174DA3-C7D8-4372-AB57-5C1216AB851B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27A90012-437-4503-A0B-9838A496813B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{265BD5B4-A907-45FC-B5C-671371EBF1C3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2577094B-B63-46A1-98B2-5F5F9D5CED8D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{254FB69F-F0DD-4F63-BBC7-C68CE33B341}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24BCB4E7-7658-4693-82E2-A9D59CC6C1E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23C6694-6712-447A-BFD-3BB28C728F7A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{239657F4-E4B7-4A87-87E7-EFEFD8CD39E7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{230BAFFB-4E38-4F70-85C-CC34218592E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22115737-38AF-4E8D-BFA9-F4EDACCA56A2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{209D25F6-6A44-493B-8B60-2948E318CE2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2073EAD7-5CF4-4CC3-BD19-E9B6067B192}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2003F8A4-A6DD-40D7-A8B1-304670C1BFA}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FAE06AC-294F-4146-B947-113667C343A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F7AE358-4E7A-488A-8C17-8675E366866F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EAD2FC2-6818-4A8D-9BF7-947F9C11ED5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C78FB2C-59C5-4659-8C67-B6F71E5B3767}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C65D6CF-5636-4CE9-AFA4-ADA91F6171F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C3BF27F-FC66-4F22-9157-149FBC7DAF21}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ADCCBAF-B301-4C95-A59D-CE85684DF6D}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18363BD8-6201-4551-ADF3-A82B596627D4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{182F9155-9F06-4B21-B9C2-90A11151D2C}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1714FA9C-402A-40BA-B7AF-215F4C52AE2}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{151A86FB-A9B4-4862-8A8-A298D98547C5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{146A4BDF-8B1B-4BB7-92CE-A222FAC681D5}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1393E72-F74D-40AC-BAC4-422D1559C66F}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{127ADD27-2BE8-4A4B-93EB-44B3D32F3A7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1224204D-5CF4-4537-902D-54B792E021BB}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10112798-989C-4484-A525-50F117D6B75}
Deleted       HKLM\Software\IObit\RealTimeProtector
Deleted       HKLM\Software\IOBIT\ASC
Deleted       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted       HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted       HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted       HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKLM\Software\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted       HKLM\Software\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted       HKLM\Software\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted       HKLM\Software\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted       HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted       HKLM\Software\Conduit
Deleted       HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted       HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted       HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
Deleted       HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Deleted       HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4A0C-9753-B57B9AE272CC}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4E3685BA-8DC3-4141-84BC-B920A0350469}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{12388571-4030-4878-BB52-DBA191EC954D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B6B8D3C1-1AED-4673-8999-EA7ECBFC5382}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{29CADD91-CB6F-4097-9B89-1AC826E7A653}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{ABB04749-F6E2-4077-938C-D94AC5BEE856}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6767E6AB-B3C5-4F9B-BD60-C6406E677039}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B89A1B45-E57A-4E09-8408-270417F37739}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C2227602-1D56-45A1-AC73-00026EF1D661}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8561311E-AA28-4C97-9BB0-949C43F4269D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{922F855D-3443-4CAD-A8A5-B2498F493035}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C93AF7EC-25F4-4F1F-AF18-B11E65CCB012}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3A70A91F-FD06-49D1-B79F-DCB0CC77B4D4}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{07E1CFB5-6BCA-4A99-8A43-A715F8137198}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9DD15E63-7E7D-4752-BD4A-EA6C9603B515}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7327BCC2-5C9A-4E87-B2A6-788EA8EFEE9E}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FE78DD4B-589A-4CD3-9C82-706DE1C52FF9}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{61B286F2-76DF-499E-8F78-4886876E8404}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BCD54FCA-37EF-4798-B19E-C8C4A3CB233F}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B17A70D9-E2F2-4E01-963D-D44F094BAA6B}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{22845139-B03E-47E3-9E6B-69D906548603}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{406850E3-EEC5-49C2-A3D4-1EF4202CD507}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{40255D7A-7B08-4890-AA3E-81EF5CCE9B83}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F0A9091A-16D5-41A0-80BB-52340BDA88F4}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8A90311E-BE4C-4E8B-B8C1-361FE7AD7467}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0684813E-03EF-4ACD-BFCF-22DC6359D198}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FEABE618-8D69-47DF-BD01-FCAFD03499F5}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D56A93EE-E312-4F74-841F-F3F80648BFE0}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6E837777-72D0-49FA-BDD7-51AFA220BDE7}
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bobrowser.com
Deleted       HKLM\Software\Microsoft\Internet Explorer\Main|Start Page

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask Brasil

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [46877 octets] - [11/06/2018 23:50:29]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 

/----------------------------------------------------------------------------------------------------------------

 

~ ZHPCleaner v2018.6.10.133 by Nicolas Coolman (2018/06/10)
~ Run by Cliente (Administrator)  (12/06/2018 08:56:24)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : D:\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Cliente\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (1)
DELETED data: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad : Port=49301 <-Loopback>]  =>Hijacker.Proxy


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (1)
DELETED task: [AutoKMS] [C:\Windows\Tasks\AutoKMS.job (Not File) ]  =>HackTool.AutoKMS


---\\  Explorer ( File, Folder) (12)
MOVED file: D:\Desktop\µTorrent.lnk  [Bad : C:\Users\Cliente\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVED file: C:\Windows\Tasks\AutoKMS.job    =>HackTool.AutoKMS
MOVED file: C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633    =>Adware.CrossRider
MOVED file: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage    =>.SUP.Superfish
MOVED file: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bobrowser.com_0.localstorage    =>Adware.BoBrowser
MOVED file: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage    =>.SUP.Superfish
MOVED file: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
MOVED file: C:\ProgramData\ntuser.pol    =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}  =>PUP.Optional.Generic
MOVED folder: C:\Windows\AutoKMS  =>HackTool.AutoKMS
MOVED folder: C:\ProgramData\Application Data\IObit\ASCDownloader  =>.SUP.AdvancedSystemCare
MOVED folder: C:\ProgramData\IObit\ASCDownloader  =>.SUP.AdvancedSystemCare


---\\  Registry ( Key, Value, Data) (7)
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net [8]  =>.SUP.AkamaiHD
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\digihelp.info [183]  =>PUP.Optional.DigiHelp
DELETED key*: HKLM\SOFTWARE\ErrorLists-crcodedownloader []  =>Adware.CrossRider
DELETED value: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\\DigiHelp.BOAS.exe [8888]  =>PUP.Optional.DigiHelp
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{D9464AD7-D53D-4A30-9BF5-E1C747D68BF9}C:\users\cliente\appdata\local\akamai\netsession_win.exe [C:\users\cliente\appdata\local\akamai\netsession_win.exe]  =>.SUP.AkamaiHD
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{3582748F-7E19-4DC0-8630-3A36306F370A}C:\users\cliente\appdata\local\akamai\netsession_win.exe [C:\users\cliente\appdata\local\akamai\netsession_win.exe]  =>.SUP.AkamaiHD


---\\  Summary of the elements found (11)
https://nicolascoolman.eu/2017/04/03/hijacker-proxy/  =>Hijacker.Proxy
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/  =>Adware.CrossRider
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Superfish
https://nicolascoolman.eu/2017/10/31/adware-bobrowser/  =>Adware.BoBrowser
https://www.anti-malware.top/2016/04/28/pup-optional-multiplug/  =>PUP.Optional.Multiplug
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Generic
https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/  =>.SUP.AdvancedSystemCare
https://nicolascoolman.eu/2017/12/26/sup-akamaihd/  =>.SUP.AkamaiHD
https://www.anti-malware.top/2016/05/01/pup-optional-digihelp/  =>PUP.Optional.DigiHelp


---\\  Other deletions. (5)
~ Registry Keys Tracing deleted (5)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 383
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h00mn22s

---\\  Reports (2)
ZHPCleaner--12062018-00_21_11.txt
ZHPCleaner-[R]-12062018-08_56_46.txt
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Hercules Lima Coelho Junior

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x86) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Quando a janela da Eula aparecer, clique em Accept.
  • Selecione a aba SCAN
  • Clique em START SCAN
  • Aguarde ate que o scan termine...
  • Clique no botão OPEN REPORT
  • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
  • Clique em OK e feche o RogueKiller.


Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

RogueKiller V12.12.23.0 [Jun 18 2018] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Cliente [Administrador]
Started from : D:\Desktop\RogueKiller_portable32.exe
Modo : Escanear -- Data : 06/18/2018 23:06:32 (Duration : 00:33:58)

¤¤¤ Processos : 1 ¤¤¤
[Test.EICAR] BavSvc.exe(1972) -- C:\Program Files\Baidu-Security-2014-4.4.4.82805\Baidu Antivirus\BavSvc.exe[7] -> Encontrado

¤¤¤ Registro : 9 ¤¤¤
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock | (default) : {0A93904A-BB1E-4a0c-9753-B57B9AE272CC}  -> Encontrado
[Suspicious.Path] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | 2af00358 : "C:\ProgramData\6b407430\cqee7w3qe7.exe" [x] -> Encontrado
[Suspicious.Path] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | 2af00358 : "C:\ProgramData\6b407430\cqee7w3qe7.exe" [x] -> Encontrado
[PUM.SearchPage] HKEY_USERS\S-1-5-21-4209925806-650222567-1087137950-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Encontrado
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3A10BC0C-1DAD-44AB-A19A-7A9C3BA4D42F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Encontrado
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2D7F3265-80D2-4B4B-AA4B-8763C8B22B99} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Encontrado
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3A10BC0C-1DAD-44AB-A19A-7A9C3BA4D42F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Encontrado
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2D7F3265-80D2-4B4B-AA4B-8763C8B22B99} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\NexonEU\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Encontrado
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 4 ¤¤¤
[PUP.uTorrentAds][Arquivo] C:\Users\Cliente\AppData\Roaming\uTorrent\updates\3.5.3_44428\utorrentie.exe -> Encontrado
[PUP.Gen1][Arquivo] C:\$Recycle.Bin\S-1-5-21-4209925806-650222567-1087137950-1000\$R71G1TG.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418434579&from=amt&uid=SAMSUNGXHD161HJ_S15LJ50PA19545 -> Encontrado
[PUP.Gen1][Arquivo] C:\$Recycle.Bin\S-1-5-21-4209925806-650222567-1087137950-1000\$R85CMKC.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418434579&from=amt&uid=SAMSUNGXHD161HJ_S15LJ50PA19545 -> Encontrado
[Test.EICAR][Arquivo] C:\Program Files\Baidu-Security-2014-4.4.4.82805\Baidu Antivirus\BavFi.dll -> Encontrado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD161HJ ATA Device +++++
--- User ---
[MBR] 9d071d0521dedb6636cb3daabcec6c58
[BSP] d37c5fad6d07e9179d21aff948ad0dc3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 49851 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 102301920 | Size: 102673 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: MAXTOR STM380215AS ATA Device +++++
--- User ---
[MBR] 8265b75b91ce8d95bae8078a2f2f5501
[BSP] 86b58a29eaab1ab3a0bb60ed5e18ab0a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 19 | Size: 76317 MB
User = LL1 ... OK
User = LL2 ... OK

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Hercules Lima Coelho Junior

 

Feche todos os programas

  • Execute RogueKiller.exe.
    ** Usuários do Windows Vista, 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png
  • Quando a Eula aparecer, clique em Accept.
  • Selecione a aba SCAN e clique em START SCAN
  • Aguarde ate que o scan termine.
  • >>>>>>> Navegue entre as abas e marque todas as entradas encontradas <<<<<<<
  • Clique em REMOVE SELECTED
  • Aguarde ate que o programa termine de deletar as infecções.
  • Clique no botão OPEN REPORT e depois em EXPORT TXT
  • Salve como report.txt na sua Área de Trabalho

Abra o arquivo report.txt salvo no sua Área de Trabalho, copie e cole todo o conteudo na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×