Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Luiz Felipe Amaral Corrêa

problemas na maquina popups abrindo descontroladamente com propagandas

Recommended Posts

Postado (editado)

bom tarde, estou com problemas no meu computador, segui os passos de vcs e gerou o link abaixo:

https://www.cjoint.com/c/hgeo2npadef

existe pop ups abrindo descontroladamente com propagandas, vejo lentidão da minha maquina. 

gostaria da ajuda de vcs e desde já agradeço

za-scan.txt

JRT.txt

relatorio pc AdwCleaner[C03].txt

relatorio pc.txt

Editado por Luiz Felipe Amaral Corrêa
anexar relatórios

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Luiz Felipe Amaral Corrêa

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Necessito de novos logs. Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.
 

ETAPA 3


Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.nicolascoolman.com/download/zhpcleaner/


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

<!DOCTYPE html>
<HTML>
<HEAD>
<meta charset="UTF-8" />
<h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">NEWS</h1>
<A HREF="https://nicolascoolman.eu/2018/07/18/un-nouvel-algorithme-doptimisation-cree-par-des-chercheurs-de-harvard/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/07/Harvard_University.png"TITLE=Un algorithme d'optimisation créé par des chercheurs Harvard width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/14/pup-optional-fakefirefox/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/Firefox-Quantum-Browser-Zone-Antimalware.png"TITLE=FakeFirefox, Application Potentiellement Indésirable (PUP/LPI). width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/11/le-patch-tuesday-de-microsoft-fixe-53-failles-de-securite/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/03/microsoft-patch-today.png"TITLE=Le Patch Tuesday de Microsoft fixe 53 failles de sécurité. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/07/pup-optional-powzip/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/PUP-LPI-Logiciel-Optionel-Indésirable-Zone-Antimalware-ZAM.jpg"TITLE=Powzip, Logiciel Potentiellement Indésirable(PUP/LPI) width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/04/sup-driverpack/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/07/DriverPack-Zone-Antimalware.jpg"TITLE=Driverpack, Logiciel Potentiellement Superflu width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/04/sites-officiels-des-telechargements-de-logiciels/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/Information-Sécurité-Nicolas-Coolman.jpg"TITLE=Sites officiels des téléchargements de logiciels. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/02/exatis-et-la-fuite-de-340-millions-de-donnees-personnelles" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/07/ForcePoint_Zone-Antimalware.png"TITLE=Exactis et la fuite de 340 millions de données personnelles. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/29/decouverte-dune-technique-dinjection-de-propagate/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/Information-Sécurité-Nicolas-Coolman.jpg"TITLE=Découverte d’une Technique d’injection de PROPagate. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/28/disponibilite-de-microsoft-windows-10-insider/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/06/windows_10_insider_preview_zone_antimalware.png"TITLE=Disponibilité de Microsoft Windows 10 Insider. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/23/espionnage-de-webcams-cameras-et-moniteurs-non-securises/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/05/Camera-Canon-Zone-Antimalware.jpg"TITLE=Espionnage de webcams, caméras et moniteurs non sécurisés. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/20/virustotal-monitor-un-service-pour-traquer-les-faux-positifs/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/06/VirusTotalMonitor-Zone-Antimalware.png"TITLE=VirusTotal Monitor, un service pour traquer les faux positifs. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/18/invisimole-un-spyware-de-webcam-actif-depuis-2013/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/eset-multi-device-security-zone-antimalware-ZAM.png"TITLE=InvisiMole, Un spyware de Webcam actif depuis 2013. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/17/europol-demantele-lun-des-plus-anciens-groupes-de-pirates-internet/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/06/Europol-Zone-Antimalware.png"TITLE=Europol démantèle un groupe de pirates Internet width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/13/une-faille-dans-cortana-permet-de-changer-les-mots-de-passe-des-pc/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/06/Cortana-windows-zone-antimalware.jpg"TITLE=Un faille dans Cortana Smart Assistant width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/12/adware-icloader/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/Adware-Logiciel-Publicitaire-Zone-Antimalware-ZAM.jpg"TITLE=SpeedyCar, Logiciel Publicitaire (Adware) width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/11/pup-optional-fassistant/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/PUP-LPI-Logiciel-Optionel-Indésirable-Zone-Antimalware-ZAM.jpg"TITLE=Fasst, Logiciel Potentiellement Indésirable(PUP/LPI) width=200 height=200</A>
<A></A><h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">ZHPCleaner Report</h1></HEAD>
<BODY>
<PRE>
<SCRIPT LANGUAGE="Javascript">
document.writeln("~ ZHPCleaner v2018.7.25.153 by Nicolas Coolman (2018/07/25)");
document.writeln("~ Run by amara (Administrator)  (25/07/2018 10:35:08)");
document.writeln("~ Web: https://www.nicolascoolman.com");
document.writeln("~ Blog: https://nicolascoolman.eu/");
document.writeln("~ Facebook : https://www.facebook.com/nicolascoolman1");
document.writeln("~ State version : Version OK");
document.writeln("~ Certificate ZHPCleaner: Legal");
document.writeln("~ Type : Repair");
document.writeln("~ Report : C:\\Users\\amara\\Desktop\\ZHPCleaner.txt");
document.writeln("~ Quarantine : C:\\Users\\amara\\AppData\\Roaming\\ZHP\\ZHPCleaner_Reg.txt");
document.writeln("~ UAC : Activate");
document.writeln("~ Boot Mode : Normal (Normal boot)");
document.writeln("Windows 10 Home Single Language, 64-bit  (Build 17134)");
document.writeln("");
document.writeln("<b>---\\  Alternate Data Stream (ADS). (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (ADS)");
document.writeln("");
document.writeln("<b>---\\  Services (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (Service)");
document.writeln("");
document.writeln("<b>---\\  Browser internet (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (Browser)");
document.writeln("");
document.writeln("<b>---\\  Hosts file (1)</b>");
document.writeln("~ The hosts file is legitimate (63)");
document.writeln("");
document.writeln("<b>---\\  Scheduled automatic tasks. (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (Task)");
document.writeln("");
document.writeln("<b>---\\  Explorer ( File, Folder) (4)</b>");
document.writeln("MOVED file: C:\\Windows\\SECOH-QAD.dll    =>HackTool.KMSpico".fontcolor("#f20d47"));
document.writeln("MOVED file: C:\\Users\\amara\\Desktop\\officeee\\Office 2016 Online\\Office 2016  KMS Activator Ultimate v1.2\\Office 2016  KMS Activator Ultimate v1.2\\AutoPico.exe [@ByELDI - AutoPico]  =>Hacktool.Office".fontcolor("#f20d47"));
document.writeln("MOVED folder: C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\extensions\\langpack-pt-BR@firefox.mozilla.org  =>Adware.Babylon".fontcolor("#f20d47"));
document.writeln("MOVED folder: C:\\ProgramData\\Microsoft Toolkit  =>HackTool.AutoKMS".fontcolor("#f20d47"));
document.writeln("");
document.writeln("<b>---\\  Registry ( Key, Value, Data) (4)</b>");
document.writeln("DELETED key*: HKLM\\SYSTEM\\CurrentControlSet\\Services\\iobit_monitor_server [\\C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\drivers\\Monitor_win10_x64.sys (Not File)]  =>.SUP.AdvancedSystemCare".fontcolor("#0d1df4"));
document.writeln("DELETED key*: HKCU\\Software\\undefined []  =>.SUP.Downloader".fontcolor("#0d1df4"));
document.writeln("DELETED value: HKLM\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\firewallRules\\\\{8F0F3364-9298-4937-A077-DF28A2676623} [C:\\Users\\amara\\Desktop\\officeee\\Office 2016 Online\\Office 2016  KMS Activator Ultimate v1.2\\Office 2016  KMS Activator Ultimate v1.2\\AutoPico.exe]  =>Hacktool.Office".fontcolor("#f20d47"));
document.writeln("DELETED value: HKLM\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\firewallRules\\\\{BAEF5059-12AA-4D17-8D9C-C98DDC2122E5} [C:\\Users\\amara\\Desktop\\officeee\\Office 2016 Online\\Office 2016  KMS Activator Ultimate v1.2\\Office 2016  KMS Activator Ultimate v1.2\\AutoPico.exe]  =>Hacktool.Office".fontcolor("#f20d47"));
document.writeln("");
document.writeln("<b>---\\  Summary of the elements found (6)</b>");
document.writeln("https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico");
document.writeln("https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Hacktool.Office");
document.writeln("https://nicolascoolman.eu/2017/03/03/adware-babylon/  =>Adware.Babylon");
document.writeln("https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS");
document.writeln("https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/  =>.SUP.AdvancedSystemCare");
document.writeln("https://nicolascoolman.eu/2017/12/22/sup-downloader/  =>.SUP.Downloader");
document.writeln("");
document.writeln("<b>---\\  Other deletions. (7)</b>");
document.writeln("~ Registry Keys Tracing deleted (7)");
document.writeln("~ Remove the old reports ZHPCleaner. (0)");
document.writeln("");
document.writeln("<b>---\\ Result of repair</b>");
document.writeln("~ Repair carried out successfully");
document.writeln("");
document.writeln("<b>---\\ Statistics</b>");
document.writeln("~ Items scanned : 1142");
document.writeln("~ Items found : 0");
document.writeln("~ Items cancelled : 0");
document.writeln("~ Items options : 0/7");
document.writeln("~ Space saving (bytes) : 0");
document.writeln("~ End of clean in 00h00mn10s");
document.writeln("");
document.writeln("<b>---\\  Reports (2)</b>");
document.writeln("ZHPCleaner--25072018-10_33_06.txt");
document.writeln("ZHPCleaner-[R]-25072018-10_35_18.txt");
</SCRIPT>
</PRE>
<h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">Items cleaned by ZHPCleaner</h1>
<br><A HREF="https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/02/KMSpico-zone-antimalware.jpg"TITLE=HackTool.KMSpico width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/04/assistance-forum-nicolas-coolman-e1508246338263.jpg"TITLE=Hacktool.Office width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2017/03/03/adware-babylon/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/03/babylon-toolbar-zhpcleaner-e1488892632818.png"TITLE=Adware.Babylon width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/02/KMSpico-zone-antimalware.jpg"TITLE=HackTool.AutoKMS width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/02/Advanced-SystemCare-Zone-Antimalware.jpg"TITLE=.SUP.AdvancedSystemCare width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2017/12/22/sup-downloader/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/03/Superflu-Logiciel-Publicitaire-Zone-Antimalware-ZAM.jpg"TITLE=.SUP.Downloader width=200 height=200</A>
<A></A><h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">Information about modules</h1><A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/20/zhpdiag-module-g0-gcsp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/google-chrome-navigateur-anti-malware-zone.jpg"TITLE=G0 Google Chrome Page de démarrage width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/02/zhpdiag-module-g2-gce/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/google-chrome-store-zone-antimalware-nicolas-coolman.png"TITLE=G2 Google Chrome Extension width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/10/zhpdiag-module-m2-mfep/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/DoNotTrakMe-Mozilla-Firefox-Extensions-Zone-Antimalware.png"TITLE=M2 Mozilla Firefox Extension width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/26/zhpdiag-module-p2-fpn/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/extension_de_Mozilla_zone-antimalware.png"TITLE=P2 Mozilla Firefox Extension  width=100 height=100</A>
<A HREF="https://www.nicolascoolman.com/fr//r5-internet-explorer-proxy-management-iepm/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/04/proxy-server.jpg"TITLE=R5 Proxy Management width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/23/zhpdiag-module-o1-ush/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/hosts_dns_O1_ZHPDiag.png"TITLE=O1 Redirection du fichier Hosts width=100 height=100</A>
<A HREF="https://www.nicolascoolman.com/fr//o2-browser-helper-objects-de-navigateur/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/IoT-internet-des-objets-anti-malware-zone.png"TITLE=O2 Browser Helper Objects de navigateur width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/26/zhpdiag-module-o3-barre-doutils-de-navigateurs/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/09/Toolbars-Anti-Malware-Zone.png"TITLE=O3 Internet Explorer Toolbars width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/02/zhpdiag-module-o4-adar/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/zhpdiag-module-O4-clé-run-zone-antimalware.png"TITLE=O4 Applications démarrées par le système  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/27/zhpdiag-module-o4-global-startup/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/zhpdiag-module-O4-clé-run-zone-antimalware.png"TITLE=O4G Raccourcis Global Startup width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/19/zhpdiag-module-o10-lsp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/winsock-module-o10-zhpdiag.png"TITLE=O10 Winsock hijacker  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/19/zhpdiag-module-o17-mdad/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/DNS-Server-module-o17-zhpdiag.png"TITLE=O17 Modification Adresse/Domaine DNS width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/05/zhpdiag-module-o18-papp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/protocoles-zhpdiag-module-o18-zone-antimalware.png"TITLE=O18 Protocoles Additionnels width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/30/zhpdiag-module-o22-sharedtaskscheduler-sts/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/sharedtaskscheduler-zhpdiag-module-o22-zone-antimalware.png"TITLE=O22 Clé Registre SharedTaskScheduler  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/20/zhpdiag-module-o23-smnd/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/services-windows-zhpdiag-module-o23.png"TITLE=O23 Services NT non Microsoft width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/27/zhpdiag-module-o34-bootexecute-bex/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/session-manager-zhpdiag-zone-antimalware.png"TITLE=O34 BootExecute  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/18/zhpdiag-module-o38-apt/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/windows10-taches-planifiées-module-o38-zhpdiag.png"TITLE=O38 Tâches planifiées Automatique width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/18/zhpdiag-module-o40-asic/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/activesetup-installed-components-asic-o40-zhpdiag.png"TITLE=O40 ActiveSetup Installed Components width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/01/zhpdiag-module-o42-loin/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/logiciels-applications-windows-ZAM-ZHPDiag3.png"TITLE=O42 Logiciels installés width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/12/zhpdiag-module-o43-cfd/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/windows10-laptop.png"TITLE=O43 Contenu des dossiers Programes width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/22/zhpdiag-module-o45-lfp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/prefetch-ram-windows.png"TITLE=O45 Derniers fichiers Prefetcher width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/22/zhpdiag-module-o46-seh/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/Shell-Execute-hook2.png"TITLE=O46 ShellExecuteHooks width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/03/24/module-zhpdiag-o50/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/03/ifeo-image-file-execution-options-zhpdiag-o50.png"TITLE=O50 Image File Execution Options width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/31/zhpdiag-module-o53-smsr/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/msconfig-microsoft-zone-antimalware-nicolascoolman.png"TITLE=O53 ShareTools MSconfig StartupReg width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/21/zhpdiag-module-o58-sdl/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/Pilotes-module-058-zhpdiag.png"TITLE=O58 Pilotes du Système width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/21/zhpdiag-module-o68-smi/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/windows-registre-start-menu-inernet.png"TITLE=O68 Start Menu Internet width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/04/zhpdiag-module-o69-sbi/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/searchscopes-registre-module-o69-zone-antimalware.png"TITLE=O69 Search Browser Infection width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/24/zhpdiag-module-o83-sss/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/svchosts-services-zhpdiag-o83.jpg"TITLE=O83 Services démarrés par Svchost width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/24/zhpdiag-module-o87-fael/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/FirewallRules-zhpdiag-o87.jpg"TITLE=O87 Firewall Activ Exception List width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/ads-alternate-data-stream/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/01/ADS-NTFS.png"TITLE=O108 Raccourcis de menu contextuels width=100 height=100</A>
<A></A><h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">ZHPCleaner report End</h1></BODY>
</HTML>
 

 

adicionado 1 minuto depois

@Elias Pereira

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 24/07/18
Hora da análise: 21:36
Arquivo de registro: bc7389ca-8fa2-11e8-ad7b-fc4596f4819f.json
Administrador: Sim

-Informação do software-
Versão: 3.5.1.2522
Versão de componentes: 1.0.391
Versão do pacote de definições: 1.0.6051
Licença: Gratuita

-Informação do sistema-
Sistema operacional: Windows 10 (Build 17134.165)
CPU: x64
Sistema de arquivos: NTFS
Usuário: LAPTOP-CJINI3BF\amara

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 379273
Ameaças detectadas: 121
Ameaças em quarentena: 121
Tempo decorrido: 12 hr, 9 min, 51 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 3
PUP.Optional.SecuredSearch.Generic, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ilnidodcffjfecahcfiihlhiohnaobic, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ilnidodcffjfecahcfiihlhiohnaobic, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, HKU\S-1-5-21-687873160-1385884518-3794506740-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ilnidodcffjfecahcfiihlhiohnaobic, Quarentena, [14339], [443103],1.0.6051

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 20
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\fonts\websafe-awesome, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\fonts, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\content-script, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\sync-worker, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\background, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\options, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\skin\icons, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\guard, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\_metadata, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\vendor, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\fonts, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\skin, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\USERS\AMARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ILNIDODCFFJFECAHCFIIHLHIOHNAOBIC, Quarentena, [14339], [443103],1.0.6051

Arquivo: 98
PUP.Optional.SecuredSearch.Generic, C:\USERS\AMARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\USERS\AMARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\USERS\AMARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ILNIDODCFFJFECAHCFIIHLHIOHNAOBIC\10.1.0.65_0\MANIFEST.JSON, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\fonts\HelveticaNeue-Thin.otf, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\fonts\neue-bold.woff, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\fonts\neue.woff, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\128.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\16.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\19.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\32.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\38.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\48.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\close.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\favicon.ico, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\arrow.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\bolt.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\bytefence-logo-transparent.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\dropdown-button-off.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\dropdown-button.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\icon-red.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\icon.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\searchIcon.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\undo.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\01d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\01n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\02d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\02n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\03d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\03n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\04d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\04n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\09d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\09n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\10d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\10n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\11d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\11n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\13d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\13n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\50d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\50n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\bing.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\bing_large.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\bluesky-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\brush.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\bt.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\clock.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\cloud.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\cupcake-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\desk-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\doodle.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\down.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\eyeglass.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\google.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\google_large.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\hero-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\just-the-box.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\mountain-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\pointer2.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sea-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\settings.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\tile-bg.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\yahoo.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\yahoo.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\yahoo_large.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\bundle.v0.0.1.min.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\fonts\websafe-awesome\websafe-awesome.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\fonts\websafe-awesome\websafe-awesome.woff2, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\background\index.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\content-script\animation-event.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\content-script\index.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\content-script\search.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\guard\index.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\guard\index.html, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\guard\index.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\options\index.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\options\index.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\options\options.html, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\sync-worker\index.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\skin\icons\16.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\vendor\md5.min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\vendor\react-dom.min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\vendor\react-with-addons.min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\vendor\underscore-min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\_metadata\verified_contents.json, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\background.html, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\background.v0.0.1.min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\client.v0.0.1.min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\common.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\e_.json, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\index.html, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\popupTab2.html, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\popupTab2.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\responseConfig.json, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.ASK, C:\USERS\AMARA\DESKTOP\300\TRAMPOS\FLYER VIDEO\ATUBE_CATCHER.EXE, Quarentena, [2], [398182],1.0.6051

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

adicionado 1 minuto depois

@Elias Pereira

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-25.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-25-2018
# Duration: 00:00:59
# OS:       Windows 10 Home Single Language
# Scanned:  41737
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [8422 octets] - [04/07/2018 14:52:09]
AdwCleaner[C00].txt - [7190 octets] - [04/07/2018 14:55:19]
AdwCleaner[S01].txt - [1461 octets] - [04/07/2018 15:05:43]
AdwCleaner[C01].txt - [1609 octets] - [04/07/2018 15:21:43]
AdwCleaner[S02].txt - [1502 octets] - [04/07/2018 15:29:25]
AdwCleaner[S03].txt - [1583 octets] - [04/07/2018 15:58:40]
AdwCleaner[C03].txt - [1749 octets] - [04/07/2018 15:58:55]
AdwCleaner[S04].txt - [1705 octets] - [19/07/2018 20:55:03]
AdwCleaner[C04].txt - [1871 octets] - [19/07/2018 20:55:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S05].txt ##########
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Luiz Felipe Amaral Corrêa

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x64) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Quando a janela da Eula aparecer, clique em Accept.
  • Selecione a aba SCAN
  • Clique em START SCAN
  • Aguarde ate que o scan termine...
  • Clique no botão OPEN REPORT
  • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
  • Clique em OK e feche o RogueKiller.


Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário






Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×