Ir ao conteúdo
  • Cadastre-se
Luiz Felipe Amaral Corrêa

problemas na maquina popups abrindo descontroladamente com propagandas

Recommended Posts

bom tarde, estou com problemas no meu computador, segui os passos de vcs e gerou o link abaixo:

https://www.cjoint.com/c/hgeo2npadef

existe pop ups abrindo descontroladamente com propagandas, vejo lentidão da minha maquina. 

gostaria da ajuda de vcs e desde já agradeço

za-scan.txt

JRT.txt

relatorio pc AdwCleaner[C03].txt

relatorio pc.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Luiz Felipe Amaral Corrêa

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Necessito de novos logs. Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.
 

ETAPA 3


Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.nicolascoolman.com/download/zhpcleaner/


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

<!DOCTYPE html>
<HTML>
<HEAD>
<meta charset="UTF-8" />
<h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">NEWS</h1>
<A HREF="https://nicolascoolman.eu/2018/07/18/un-nouvel-algorithme-doptimisation-cree-par-des-chercheurs-de-harvard/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/07/Harvard_University.png"TITLE=Un algorithme d'optimisation créé par des chercheurs Harvard width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/14/pup-optional-fakefirefox/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/Firefox-Quantum-Browser-Zone-Antimalware.png"TITLE=FakeFirefox, Application Potentiellement Indésirable (PUP/LPI). width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/11/le-patch-tuesday-de-microsoft-fixe-53-failles-de-securite/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/03/microsoft-patch-today.png"TITLE=Le Patch Tuesday de Microsoft fixe 53 failles de sécurité. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/07/pup-optional-powzip/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/PUP-LPI-Logiciel-Optionel-Indésirable-Zone-Antimalware-ZAM.jpg"TITLE=Powzip, Logiciel Potentiellement Indésirable(PUP/LPI) width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/04/sup-driverpack/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/07/DriverPack-Zone-Antimalware.jpg"TITLE=Driverpack, Logiciel Potentiellement Superflu width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/04/sites-officiels-des-telechargements-de-logiciels/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/Information-Sécurité-Nicolas-Coolman.jpg"TITLE=Sites officiels des téléchargements de logiciels. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/07/02/exatis-et-la-fuite-de-340-millions-de-donnees-personnelles" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/07/ForcePoint_Zone-Antimalware.png"TITLE=Exactis et la fuite de 340 millions de données personnelles. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/29/decouverte-dune-technique-dinjection-de-propagate/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/Information-Sécurité-Nicolas-Coolman.jpg"TITLE=Découverte d’une Technique d’injection de PROPagate. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/28/disponibilite-de-microsoft-windows-10-insider/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/06/windows_10_insider_preview_zone_antimalware.png"TITLE=Disponibilité de Microsoft Windows 10 Insider. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/23/espionnage-de-webcams-cameras-et-moniteurs-non-securises/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/05/Camera-Canon-Zone-Antimalware.jpg"TITLE=Espionnage de webcams, caméras et moniteurs non sécurisés. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/20/virustotal-monitor-un-service-pour-traquer-les-faux-positifs/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/06/VirusTotalMonitor-Zone-Antimalware.png"TITLE=VirusTotal Monitor, un service pour traquer les faux positifs. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/18/invisimole-un-spyware-de-webcam-actif-depuis-2013/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/eset-multi-device-security-zone-antimalware-ZAM.png"TITLE=InvisiMole, Un spyware de Webcam actif depuis 2013. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/17/europol-demantele-lun-des-plus-anciens-groupes-de-pirates-internet/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/06/Europol-Zone-Antimalware.png"TITLE=Europol démantèle un groupe de pirates Internet width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/13/une-faille-dans-cortana-permet-de-changer-les-mots-de-passe-des-pc/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/06/Cortana-windows-zone-antimalware.jpg"TITLE=Un faille dans Cortana Smart Assistant width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/12/adware-icloader/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/Adware-Logiciel-Publicitaire-Zone-Antimalware-ZAM.jpg"TITLE=SpeedyCar, Logiciel Publicitaire (Adware) width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2018/06/11/pup-optional-fassistant/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/PUP-LPI-Logiciel-Optionel-Indésirable-Zone-Antimalware-ZAM.jpg"TITLE=Fasst, Logiciel Potentiellement Indésirable(PUP/LPI) width=200 height=200</A>
<A></A><h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">ZHPCleaner Report</h1></HEAD>
<BODY>
<PRE>
<SCRIPT LANGUAGE="Javascript">
document.writeln("~ ZHPCleaner v2018.7.25.153 by Nicolas Coolman (2018/07/25)");
document.writeln("~ Run by amara (Administrator)  (25/07/2018 10:35:08)");
document.writeln("~ Web: https://www.nicolascoolman.com");
document.writeln("~ Blog: https://nicolascoolman.eu/");
document.writeln("~ Facebook : https://www.facebook.com/nicolascoolman1");
document.writeln("~ State version : Version OK");
document.writeln("~ Certificate ZHPCleaner: Legal");
document.writeln("~ Type : Repair");
document.writeln("~ Report : C:\\Users\\amara\\Desktop\\ZHPCleaner.txt");
document.writeln("~ Quarantine : C:\\Users\\amara\\AppData\\Roaming\\ZHP\\ZHPCleaner_Reg.txt");
document.writeln("~ UAC : Activate");
document.writeln("~ Boot Mode : Normal (Normal boot)");
document.writeln("Windows 10 Home Single Language, 64-bit  (Build 17134)");
document.writeln("");
document.writeln("<b>---\\  Alternate Data Stream (ADS). (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (ADS)");
document.writeln("");
document.writeln("<b>---\\  Services (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (Service)");
document.writeln("");
document.writeln("<b>---\\  Browser internet (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (Browser)");
document.writeln("");
document.writeln("<b>---\\  Hosts file (1)</b>");
document.writeln("~ The hosts file is legitimate (63)");
document.writeln("");
document.writeln("<b>---\\  Scheduled automatic tasks. (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (Task)");
document.writeln("");
document.writeln("<b>---\\  Explorer ( File, Folder) (4)</b>");
document.writeln("MOVED file: C:\\Windows\\SECOH-QAD.dll    =>HackTool.KMSpico".fontcolor("#f20d47"));
document.writeln("MOVED file: C:\\Users\\amara\\Desktop\\officeee\\Office 2016 Online\\Office 2016  KMS Activator Ultimate v1.2\\Office 2016  KMS Activator Ultimate v1.2\\AutoPico.exe [@ByELDI - AutoPico]  =>Hacktool.Office".fontcolor("#f20d47"));
document.writeln("MOVED folder: C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\extensions\\langpack-pt-BR@firefox.mozilla.org  =>Adware.Babylon".fontcolor("#f20d47"));
document.writeln("MOVED folder: C:\\ProgramData\\Microsoft Toolkit  =>HackTool.AutoKMS".fontcolor("#f20d47"));
document.writeln("");
document.writeln("<b>---\\  Registry ( Key, Value, Data) (4)</b>");
document.writeln("DELETED key*: HKLM\\SYSTEM\\CurrentControlSet\\Services\\iobit_monitor_server [\\C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\drivers\\Monitor_win10_x64.sys (Not File)]  =>.SUP.AdvancedSystemCare".fontcolor("#0d1df4"));
document.writeln("DELETED key*: HKCU\\Software\\undefined []  =>.SUP.Downloader".fontcolor("#0d1df4"));
document.writeln("DELETED value: HKLM\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\firewallRules\\\\{8F0F3364-9298-4937-A077-DF28A2676623} [C:\\Users\\amara\\Desktop\\officeee\\Office 2016 Online\\Office 2016  KMS Activator Ultimate v1.2\\Office 2016  KMS Activator Ultimate v1.2\\AutoPico.exe]  =>Hacktool.Office".fontcolor("#f20d47"));
document.writeln("DELETED value: HKLM\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\firewallRules\\\\{BAEF5059-12AA-4D17-8D9C-C98DDC2122E5} [C:\\Users\\amara\\Desktop\\officeee\\Office 2016 Online\\Office 2016  KMS Activator Ultimate v1.2\\Office 2016  KMS Activator Ultimate v1.2\\AutoPico.exe]  =>Hacktool.Office".fontcolor("#f20d47"));
document.writeln("");
document.writeln("<b>---\\  Summary of the elements found (6)</b>");
document.writeln("https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico");
document.writeln("https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Hacktool.Office");
document.writeln("https://nicolascoolman.eu/2017/03/03/adware-babylon/  =>Adware.Babylon");
document.writeln("https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS");
document.writeln("https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/  =>.SUP.AdvancedSystemCare");
document.writeln("https://nicolascoolman.eu/2017/12/22/sup-downloader/  =>.SUP.Downloader");
document.writeln("");
document.writeln("<b>---\\  Other deletions. (7)</b>");
document.writeln("~ Registry Keys Tracing deleted (7)");
document.writeln("~ Remove the old reports ZHPCleaner. (0)");
document.writeln("");
document.writeln("<b>---\\ Result of repair</b>");
document.writeln("~ Repair carried out successfully");
document.writeln("");
document.writeln("<b>---\\ Statistics</b>");
document.writeln("~ Items scanned : 1142");
document.writeln("~ Items found : 0");
document.writeln("~ Items cancelled : 0");
document.writeln("~ Items options : 0/7");
document.writeln("~ Space saving (bytes) : 0");
document.writeln("~ End of clean in 00h00mn10s");
document.writeln("");
document.writeln("<b>---\\  Reports (2)</b>");
document.writeln("ZHPCleaner--25072018-10_33_06.txt");
document.writeln("ZHPCleaner-[R]-25072018-10_35_18.txt");
</SCRIPT>
</PRE>
<h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">Items cleaned by ZHPCleaner</h1>
<br><A HREF="https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/02/KMSpico-zone-antimalware.jpg"TITLE=HackTool.KMSpico width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/04/assistance-forum-nicolas-coolman-e1508246338263.jpg"TITLE=Hacktool.Office width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2017/03/03/adware-babylon/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/03/babylon-toolbar-zhpcleaner-e1488892632818.png"TITLE=Adware.Babylon width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/02/KMSpico-zone-antimalware.jpg"TITLE=HackTool.AutoKMS width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/02/Advanced-SystemCare-Zone-Antimalware.jpg"TITLE=.SUP.AdvancedSystemCare width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2017/12/22/sup-downloader/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/03/Superflu-Logiciel-Publicitaire-Zone-Antimalware-ZAM.jpg"TITLE=.SUP.Downloader width=200 height=200</A>
<A></A><h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">Information about modules</h1><A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/20/zhpdiag-module-g0-gcsp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/google-chrome-navigateur-anti-malware-zone.jpg"TITLE=G0 Google Chrome Page de démarrage width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/02/zhpdiag-module-g2-gce/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/google-chrome-store-zone-antimalware-nicolas-coolman.png"TITLE=G2 Google Chrome Extension width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/10/zhpdiag-module-m2-mfep/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/DoNotTrakMe-Mozilla-Firefox-Extensions-Zone-Antimalware.png"TITLE=M2 Mozilla Firefox Extension width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/26/zhpdiag-module-p2-fpn/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/extension_de_Mozilla_zone-antimalware.png"TITLE=P2 Mozilla Firefox Extension  width=100 height=100</A>
<A HREF="https://www.nicolascoolman.com/fr//r5-internet-explorer-proxy-management-iepm/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/04/proxy-server.jpg"TITLE=R5 Proxy Management width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/23/zhpdiag-module-o1-ush/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/hosts_dns_O1_ZHPDiag.png"TITLE=O1 Redirection du fichier Hosts width=100 height=100</A>
<A HREF="https://www.nicolascoolman.com/fr//o2-browser-helper-objects-de-navigateur/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/IoT-internet-des-objets-anti-malware-zone.png"TITLE=O2 Browser Helper Objects de navigateur width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/26/zhpdiag-module-o3-barre-doutils-de-navigateurs/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/09/Toolbars-Anti-Malware-Zone.png"TITLE=O3 Internet Explorer Toolbars width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/02/zhpdiag-module-o4-adar/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/zhpdiag-module-O4-clé-run-zone-antimalware.png"TITLE=O4 Applications démarrées par le système  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/27/zhpdiag-module-o4-global-startup/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/zhpdiag-module-O4-clé-run-zone-antimalware.png"TITLE=O4G Raccourcis Global Startup width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/19/zhpdiag-module-o10-lsp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/winsock-module-o10-zhpdiag.png"TITLE=O10 Winsock hijacker  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/19/zhpdiag-module-o17-mdad/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/DNS-Server-module-o17-zhpdiag.png"TITLE=O17 Modification Adresse/Domaine DNS width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/05/zhpdiag-module-o18-papp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/protocoles-zhpdiag-module-o18-zone-antimalware.png"TITLE=O18 Protocoles Additionnels width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/30/zhpdiag-module-o22-sharedtaskscheduler-sts/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/sharedtaskscheduler-zhpdiag-module-o22-zone-antimalware.png"TITLE=O22 Clé Registre SharedTaskScheduler  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/20/zhpdiag-module-o23-smnd/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/services-windows-zhpdiag-module-o23.png"TITLE=O23 Services NT non Microsoft width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/27/zhpdiag-module-o34-bootexecute-bex/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/session-manager-zhpdiag-zone-antimalware.png"TITLE=O34 BootExecute  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/18/zhpdiag-module-o38-apt/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/windows10-taches-planifiées-module-o38-zhpdiag.png"TITLE=O38 Tâches planifiées Automatique width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/18/zhpdiag-module-o40-asic/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/activesetup-installed-components-asic-o40-zhpdiag.png"TITLE=O40 ActiveSetup Installed Components width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/01/zhpdiag-module-o42-loin/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/logiciels-applications-windows-ZAM-ZHPDiag3.png"TITLE=O42 Logiciels installés width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/12/zhpdiag-module-o43-cfd/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/windows10-laptop.png"TITLE=O43 Contenu des dossiers Programes width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/22/zhpdiag-module-o45-lfp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/prefetch-ram-windows.png"TITLE=O45 Derniers fichiers Prefetcher width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/22/zhpdiag-module-o46-seh/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/Shell-Execute-hook2.png"TITLE=O46 ShellExecuteHooks width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/03/24/module-zhpdiag-o50/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/03/ifeo-image-file-execution-options-zhpdiag-o50.png"TITLE=O50 Image File Execution Options width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/31/zhpdiag-module-o53-smsr/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/msconfig-microsoft-zone-antimalware-nicolascoolman.png"TITLE=O53 ShareTools MSconfig StartupReg width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/21/zhpdiag-module-o58-sdl/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/Pilotes-module-058-zhpdiag.png"TITLE=O58 Pilotes du Système width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/21/zhpdiag-module-o68-smi/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/windows-registre-start-menu-inernet.png"TITLE=O68 Start Menu Internet width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/04/zhpdiag-module-o69-sbi/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/searchscopes-registre-module-o69-zone-antimalware.png"TITLE=O69 Search Browser Infection width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/24/zhpdiag-module-o83-sss/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/svchosts-services-zhpdiag-o83.jpg"TITLE=O83 Services démarrés par Svchost width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/24/zhpdiag-module-o87-fael/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/FirewallRules-zhpdiag-o87.jpg"TITLE=O87 Firewall Activ Exception List width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/ads-alternate-data-stream/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/01/ADS-NTFS.png"TITLE=O108 Raccourcis de menu contextuels width=100 height=100</A>
<A></A><h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">ZHPCleaner report End</h1></BODY>
</HTML>
 

 

adicionado 1 minuto depois

@Elias Pereira

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 24/07/18
Hora da análise: 21:36
Arquivo de registro: bc7389ca-8fa2-11e8-ad7b-fc4596f4819f.json
Administrador: Sim

-Informação do software-
Versão: 3.5.1.2522
Versão de componentes: 1.0.391
Versão do pacote de definições: 1.0.6051
Licença: Gratuita

-Informação do sistema-
Sistema operacional: Windows 10 (Build 17134.165)
CPU: x64
Sistema de arquivos: NTFS
Usuário: LAPTOP-CJINI3BF\amara

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 379273
Ameaças detectadas: 121
Ameaças em quarentena: 121
Tempo decorrido: 12 hr, 9 min, 51 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 3
PUP.Optional.SecuredSearch.Generic, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ilnidodcffjfecahcfiihlhiohnaobic, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ilnidodcffjfecahcfiihlhiohnaobic, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, HKU\S-1-5-21-687873160-1385884518-3794506740-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ilnidodcffjfecahcfiihlhiohnaobic, Quarentena, [14339], [443103],1.0.6051

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 20
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\fonts\websafe-awesome, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\fonts, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\content-script, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\sync-worker, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\background, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\options, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\skin\icons, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\guard, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\_metadata, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\vendor, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\fonts, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\skin, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\USERS\AMARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ILNIDODCFFJFECAHCFIIHLHIOHNAOBIC, Quarentena, [14339], [443103],1.0.6051

Arquivo: 98
PUP.Optional.SecuredSearch.Generic, C:\USERS\AMARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\USERS\AMARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\USERS\AMARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ILNIDODCFFJFECAHCFIIHLHIOHNAOBIC\10.1.0.65_0\MANIFEST.JSON, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\fonts\HelveticaNeue-Thin.otf, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\fonts\neue-bold.woff, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\fonts\neue.woff, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\128.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\16.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\19.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\32.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\38.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\48.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\close.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\icons\favicon.ico, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\arrow.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\bolt.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\bytefence-logo-transparent.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\dropdown-button-off.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\dropdown-button.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\icon-red.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\icon.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\searchIcon.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sse\undo.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\01d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\01n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\02d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\02n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\03d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\03n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\04d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\04n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\09d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\09n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\10d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\10n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\11d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\11n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\13d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\13n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\50d.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\weather\50n.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\bing.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\bing_large.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\bluesky-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\brush.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\bt.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\clock.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\cloud.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\cupcake-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\desk-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\doodle.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\down.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\eyeglass.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\google.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\google_large.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\hero-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\just-the-box.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\mountain-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\pointer2.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\sea-bg.jpg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\settings.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\tile-bg.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\yahoo.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\yahoo.svg, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\images\yahoo_large.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\content\bundle.v0.0.1.min.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\fonts\websafe-awesome\websafe-awesome.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\fonts\websafe-awesome\websafe-awesome.woff2, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\background\index.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\content-script\animation-event.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\content-script\index.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\content-script\search.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\guard\index.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\guard\index.html, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\guard\index.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\options\index.css, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\options\index.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\options\options.html, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\lib\sync-worker\index.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\skin\icons\16.png, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\vendor\md5.min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\vendor\react-dom.min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\vendor\react-with-addons.min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\vendor\underscore-min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\_metadata\verified_contents.json, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\background.html, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\background.v0.0.1.min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\client.v0.0.1.min.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\common.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\e_.json, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\index.html, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\popupTab2.html, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\popupTab2.js, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.SecuredSearch.Generic, C:\Users\amara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.0.65_0\responseConfig.json, Quarentena, [14339], [443103],1.0.6051
PUP.Optional.ASK, C:\USERS\AMARA\DESKTOP\300\TRAMPOS\FLYER VIDEO\ATUBE_CATCHER.EXE, Quarentena, [2], [398182],1.0.6051

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

adicionado 1 minuto depois

@Elias Pereira

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-25.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-25-2018
# Duration: 00:00:59
# OS:       Windows 10 Home Single Language
# Scanned:  41737
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [8422 octets] - [04/07/2018 14:52:09]
AdwCleaner[C00].txt - [7190 octets] - [04/07/2018 14:55:19]
AdwCleaner[S01].txt - [1461 octets] - [04/07/2018 15:05:43]
AdwCleaner[C01].txt - [1609 octets] - [04/07/2018 15:21:43]
AdwCleaner[S02].txt - [1502 octets] - [04/07/2018 15:29:25]
AdwCleaner[S03].txt - [1583 octets] - [04/07/2018 15:58:40]
AdwCleaner[C03].txt - [1749 octets] - [04/07/2018 15:58:55]
AdwCleaner[S04].txt - [1705 octets] - [19/07/2018 20:55:03]
AdwCleaner[C04].txt - [1871 octets] - [19/07/2018 20:55:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S05].txt ##########
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Luiz Felipe Amaral Corrêa

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x64) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Quando a janela da Eula aparecer, clique em Accept.
  • Selecione a aba SCAN
  • Clique em START SCAN
  • Aguarde ate que o scan termine...
  • Clique no botão OPEN REPORT
  • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
  • Clique em OK e feche o RogueKiller.


Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×