Ir ao conteúdo
  • Cadastre-se
Akai

Notebook lento - Muitos processos abertos - Já removi 2 Trojans

Posts recomendados

Olá, primeiramente já gostaria de agradecer pela atenção, sou extramente leigo e preciso de uma ajuda.

Eu já havia pedido ajuda em um outro fórum do qual acesso mas não obtive respostas então agradeceria a ajuda de alguém aqui do Clube do Hardware.

Bom pra começar no desespero pela lentidão e travamentos acabei por passar alguns programas entre eles SpyHunter, Malwarebytes e CCleaner.

Os programas spyhunter e mawarebytes não acharam mais nada, gostaria de saber como proceder, já estou seguro? preciso formatar o computador?

O notebook está menos lento mas ainda ha muitos processos abertos.

Foram encontrados 3 "virus"(?) um trojan algo chamado cryptowall e mais um que não me recordo (agora sei que foi um erro não ter salvo os nomes).

Reiniciei o sistema mas logo antes do desligamento apareceu rapidamente um erro que quase não tive tempo de ler mas anoite o nome assim como o pouco que me lembro sobre a mensagem, algo como:

"SVHOST.EXE; O sistema detectou uma saturação de um buffer de pilha..."

 

(A um longo tempo, por meses na realidade venho tendo problemas como o áudio no HDMI da minha TV que para de funcionar sempre que desligo o notebook, já tentei de tudo nada funciona, então o que eu faço é desinstalar e reinstalar os drivers de áudio da TV toda vez que isso acontece e então volta ao normal, além disso algumas vezes fica oscilando desconectando da internet a cabo dsl e conectando na wifi vice e versa mas acho que isso pode remeter apenas a minha rede mesmo, não tenho pressa em corrigir estes problemas estou citando apenas por não saber se existe uma conexão)

 

Colocarei também os logs de outros programas que me requiriram no outro fórum.

Valeu.

 

 

 

mawarebytes.txt FRST.txt hijackthis.log Addition.txt ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Akai

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Preciso de novos logs. Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.
 

ETAPA 3


Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.majorgeeks.com/files/details/zhpcleaner.html


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

  • Obrigado 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, obrigado pelo feedback Elias Pereira e me desculpe o delay na minha resposta, os scans levaram um bom tempo, desinstalei o utorrent e acredito que os resquícios do kmspico que haviam ficado após a remoção do mesmo pelo Mawarebytes foram erradicados pelo pelo ZHPCleaner.

MBAM Log 

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 19/09/2019
Hora da análise: 01:36
Arquivo de registro: 1c9e5060-da97-11e9-8a02-80ee73bc6d07.json

-Informação do software-
Versão: 3.8.3.2965
Versão de componentes: 1.0.613
Versão do pacote de definições: 1.0.12549
Licença: Premium

-Informação do sistema-
Sistema operacional: Windows 10 (Build 17763.737)
CPU: x64
Sistema de arquivos: NTFS
Usuário: RED-NOT01W\leexr

-Resumo da análise-
Tipo de análise: Análise Customizada
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 376775
Ameaças detectadas: 19
Ameaças em quarentena: 19
Tempo decorrido: 8 hr, 34 min, 57 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 19
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\IMAGEFORMATS\QICO4.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\QTCORE4.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\CITRIO_EXT.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\DLNLIB.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\LIBCURL.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\MSVCP100.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\LIBEAY32.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\MSVCR100.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\PYWINTYPES34.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\LIBTORRENT.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\PYTHON34.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\SSLEAY32.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\ZLIB1.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\QTGUI4.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\DCAGNHPBNGGMBIHNDFKKHFJOJGBAAEDO\1.2.40_0\BINARIES\WIN\YOUTUBE-DL.EXE, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\HJINFLOCGJPJIHBGDLIPILMJLBKJKMAK\0.6.7_0\BINARIES\WIN\LIBEAY32.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\HJINFLOCGJPJIHBGDLIPILMJLBKJKMAK\0.6.7_0\BINARIES\WIN\MSVCR90.DLL, Quarentena, [537], [635491],1.0.12549
PUP.Optional.Catalina, C:\USERS\LEEXR\APPDATA\LOCAL\CATALINAGROUP\CITRIO\USER DATA\DEFAULT\EXTENSIONS\HJINFLOCGJPJIHBGDLIPILMJLBKJKMAK\0.6.7_0\BINARIES\WIN\SSLEAY32.DLL, Quarentena, [537], [635491],1.0.12549
Generic.Malware/Suspicious, C:\USERS\LEEXR\ONEDRIVE\DOCUMENTOS\DARKEST DUNGEON - CODEX\CODEX-DARKEST.DUNGEON.THE.COLOR.OF.MADNESS.UPDATE.BUILD.24787\UPDATE\SETUP.EXE, Quarentena, [0], [392686],1.0.12549

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

 

AdwCleaner (O Software pediu reinicialização da maquina após isso haviam 3 arquivos de log, como não sei quais são necessários estarei colocando todos começando pelo "Clean")

(Clean)

 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-04-2019
# Database: 2019-09-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-19-2019
# Duration: 00:00:21
# OS:       Windows 10 Home Single Language
# Cleaned:  16
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\IOBIT\Driver Booster
Deleted       C:\ProgramData\IOBIT\Driver Booster
Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\Users\leexr\AppData\Local\CatalinaGroup
Deleted       C:\Users\leexr\AppData\Roaming\IOBIT\Driver Booster
Deleted       C:\Users\leexr\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted       C:\Windows\SysWOW64\sh4native.exe
Deleted       C:\spyhunter.fix

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\SPYHUNTER4STARTUP

***** [ Registry ] *****

Deleted       HKCU\Software\CatalinaGroup
Deleted       HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55B5E47B-662D-4E76-A678-A92F0B5E0F44} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup
Deleted       HKLM\Software\Wow6432Node\EnigmaSoftwareGroup
Deleted       HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [15681 octets] - [19/09/2019 12:12:09]
AdwCleaner[S00].txt - [2682 octets] - [19/09/2019 12:13:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

AdwCleaner

(Scan)

 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-04-2019
# Database: 2019-09-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-19-2019
# Duration: 00:00:31
# OS:       Windows 10 Home Single Language
# Scanned:  35634
# Detected: 16


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\leexr\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.DriverBooster      C:\Program Files (x86)\IOBIT\Driver Booster
PUP.Optional.DriverBooster      C:\ProgramData\IOBIT\Driver Booster
PUP.Optional.DriverBooster      C:\Users\leexr\AppData\Roaming\IOBIT\Driver Booster
PUP.Optional.Shopper            C:\Users\leexr\AppData\Local\CatalinaGroup

***** [ Files ] *****

PUP.Optional.SpyHunter          C:\Windows\SysWOW64\sh4native.exe
PUP.Optional.SpyHunter          C:\spyhunter.fix

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.SpyHunter          C:\Windows\System32\Tasks\SPYHUNTER4STARTUP

***** [ Registry ] *****

PUP.Optional.DriverBooster      HKLM\Software\Wow6432Node\IObit\Driver Booster
PUP.Optional.DriverBooster      HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
PUP.Optional.Shopper            HKCU\Software\CatalinaGroup
PUP.Optional.SpyHunter          HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe
PUP.Optional.SpyHunter          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55B5E47B-662D-4E76-A678-A92F0B5E0F44} 
PUP.Optional.SpyHunter          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup
PUP.Optional.SpyHunter          HKLM\Software\Wow6432Node\EnigmaSoftwareGroup

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner_Debug.log - [7469 octets] - [19/09/2019 12:12:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

AdwCleaner

(Debug)

 

2019-09-19 15:12:09 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-09-19 15:12:11 :  <INFO>      [MBInstaller] Checking Iris
2019-09-19 15:12:11 :  <INFO>      [IRIS] Making request
2019-09-19 15:12:12 :  <INFO>      [Telemetry] Sending hello
ication updates
2019-09-19 15:12:13 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-19 15:12:13 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-19 15:12:13 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-19 15:12:13 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-19 15:12:13 :  <INFO>      [SslCert] Certificate EffectiveDate:  "seg out 2 00:00:00 2017 GMT"
2019-09-19 15:12:13 :  <INFO>      [SslCert] Certificate ExpirationDate:  "ter out 6 12:00:00 2020 GMT"
2019-09-19 15:12:13 :  <INFO>      [SslCert] ALPN: None
2019-09-19 15:12:13 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-19 15:12:13 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-19 15:12:13 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-19 15:12:13 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-19 15:12:13 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-19 15:12:13 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-19 15:12:13 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-19 15:12:13 :  <INFO>      [SslCert] Certificate EffectiveDate:  "seg out 2 00:00:00 2017 GMT"
2019-09-19 15:12:13 :  <INFO>      [SslCert] Certificate ExpirationDate:  "ter out 6 12:00:00 2020 GMT"
2019-09-19 15:12:13 :  <INFO>      [SslCert] ALPN: None
2019-09-19 15:12:13 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-19 15:12:13 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-19 15:12:13 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-19 15:12:13 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-09-19 15:12:13 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-19 15:12:13 :  <INFO>      [IRIS] Failed
2019-09-19 15:12:45 :  <INFO>      [Button clicked] EULA agreed
2019-09-19 15:13:05 :  <INFO>      [Button clicked] Scan
2019-09-19 15:13:05 :  <INFO>      [Scan] Started
2019-09-19 15:13:05 :  <INFO>      [Database] Downloading database
2019-09-19 15:13:06 :  <INFO>      [Database] Checking integrity
2019-09-19 15:13:06 :  <INFO>      [Database] Found  2600  families
2019-09-19 15:13:06 :  <INFO>      [Database] Database v "2019-09-18.1"
2019-09-19 15:13:07 :  <INFO>      [Loading paths] Local paths loaded
2019-09-19 15:13:07 :  <INFO>      [Loading paths] Chrome paths loaded
2019-09-19 15:13:07 :  <INFO>      [Loading paths] User Keys loaded
2019-09-19 15:13:07 :  <INFO>      [Module initialized]  "File"
2019-09-19 15:13:07 :  <INFO>      [Module initialized]  "Folder"
2019-09-19 15:13:07 :  <INFO>      [Module initialized]  "RegistryKey"
2019-09-19 15:13:07 :  <INFO>      [Module initialized]  "RegistryValue"
2019-09-19 15:13:08 :  <INFO>      [Module initialized]  "TaskName"
2019-09-19 15:13:08 :  <INFO>      [Module initialized]  "Service"
2019-09-19 15:13:08 :  <INFO>      [Module initialized]  "Winlogon"
2019-09-19 15:13:13 :  <INFO>      [Module initialized]  "URL"
2019-09-19 15:13:13 :  <INFO>      [Module initialized]  "RegAppInit"
2019-09-19 15:13:13 :  <INFO>      [Module initialized]  "RegClasses"
2019-09-19 15:13:13 :  <INFO>      [Module initialized]  "DNS"
2019-09-19 15:13:13 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-09-19 15:13:13 :  <INFO>      [Module initialized]  "RegGuid"
2019-09-19 15:13:13 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-09-19 15:13:13 :  <INFO>      [Module initialized]  "RegOther"
2019-09-19 15:13:13 :  <INFO>      [Module initialized]  "RegProductID"
2019-09-19 15:13:13 :  <INFO>      [Module initialized]  "RegSoftware"
2019-09-19 15:13:13 :  <INFO>      [Module initialized]  "RegStartup"
2019-09-19 15:13:14 :  <INFO>      [Module initialized]  "WMI"
2019-09-19 15:13:14 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-09-19 15:13:14 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-09-19 15:13:14 :  <INFO>      [Module initialize] Scan Browser
2019-09-19 15:13:15 :  <INFO>      [Module initialize] Scan Browser FF
2019-09-19 15:13:15 :  <INFO>      [Module initialize] FF start pages loaded
2019-09-19 15:13:15 :  <INFO>      [Module initialize] FF search providers loaded
2019-09-19 15:13:15 :  <INFO>      [Module initialize] FF plugin list loaded
2019-09-19 15:13:15 :  <INFO>      [Scan] Exclusions loaded
2019-09-19 15:13:24 :  <INFO>      [Scan] Item detected:  "PUP.Optional.AdvancedSystemCare" ,  "C:\\Users\\leexr\\AppData\\Roaming\\IObit\\Advanced SystemCare" [ "Folder" ]
2019-09-19 15:13:24 :  <INFO>      [Scan] Item detected:  "PUP.Optional.AdvancedSystemCare" ,  "C:\\ProgramData\\IObit\\Advanced SystemCare" [ "Folder" ]
2019-09-19 15:13:24 :  <INFO>      [Scan] Item detected:  "PUP.Optional.SpyHunter" ,  "C:\\spyhunter.fix" [ "File" ]
2019-09-19 15:13:24 :  <INFO>      [Scan] Item detected:  "PUP.Optional.SpyHunter" ,  "C:\\Windows\\SysWOW64\\sh4native.exe" [ "File" ]
2019-09-19 15:13:24 :  <INFO>      [Scan] Item detected:  "PUP.Optional.SpyHunter" ,  "C:\\Windows\\System32\\Tasks\\SPYHUNTER4STARTUP" [ "Task" ]
2019-09-19 15:13:24 :  <INFO>      [Scan] Item detected:  "localScan" ,  "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\SpyHunter4Startup" [ "Registry" ]
2019-09-19 15:13:24 :  <INFO>      [Scan] Item detected:  "PUP.Optional.SpyHunter" ,  "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\SpyHunter4Startup" [ "Registry" ]
2019-09-19 15:13:24 :  <INFO>      [Scan] Item detected:  "PUP.Optional.SpyHunter" ,  "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{55B5E47B-662D-4E76-A678-A92F0B5E0F44}\u0000" [ "Registry" ]
2019-09-19 15:13:24 :  <INFO>      [Scan] Item detected:  "PUP.Optional.SpyHunter" ,  "HKLM\\SOFTWARE\\Microsoft\\RADAR\\HeapLeakDetection\\DiagnosedApplications\\SpyHunter4.exe" [ "Registry" ]
2019-09-19 15:13:24 :  <INFO>      [Scan] Item detected:  "PUP.Optional.SpyHunter" ,  "HKLM\\Software\\Wow6432Node\\EnigmaSoftwareGroup" [ "Registry" ]
2019-09-19 15:13:25 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Shopper" ,  "C:\\Users\\leexr\\AppData\\Local\\CatalinaGroup" [ "Folder" ]
2019-09-19 15:13:25 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Shopper" ,  "HKCU\\Software\\CatalinaGroup" [ "Registry" ]
2019-09-19 15:13:26 :  <INFO>      [Scan] Item detected:  "PUP.Optional.DriverBooster" ,  "C:\\Users\\leexr\\AppData\\Roaming\\IOBIT\\Driver Booster" [ "Folder" ]
2019-09-19 15:13:26 :  <INFO>      [Scan] Item detected:  "PUP.Optional.DriverBooster" ,  "C:\\Program Files (x86)\\IOBIT\\Driver Booster" [ "Folder" ]
2019-09-19 15:13:26 :  <INFO>      [Scan] Item detected:  "PUP.Optional.DriverBooster" ,  "C:\\ProgramData\\IOBIT\\Driver Booster" [ "Folder" ]
2019-09-19 15:13:26 :  <INFO>      [Scan] Item detected:  "PUP.Optional.DriverBooster" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Driver Booster_is1" [ "Registry" ]
2019-09-19 15:13:26 :  <INFO>      [Scan] Item detected:  "PUP.Optional.DriverBooster" ,  "HKLM\\Software\\Wow6432Node\\IObit\\Driver Booster" [ "Registry" ]
2019-09-19 15:13:37 :  <INFO>      [Telemetry] Sending to Influx
2019-09-19 15:13:39 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-19 15:13:39 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-19 15:13:39 :  <INFO>      [SslCert] Locality Name ()
2019-09-19 15:13:39 :  <INFO>      [SslCert] Organization ()
2019-09-19 15:13:39 :  <INFO>      [SslCert] Certificate EffectiveDate:  "dom ago 18 10:50:38 2019 GMT"
2019-09-19 15:13:39 :  <INFO>      [SslCert] Certificate ExpirationDate:  "sáb nov 16 10:50:38 2019 GMT"
2019-09-19 15:13:39 :  <INFO>      [SslCert] ALPN: Yes
2019-09-19 15:13:39 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-19 15:13:39 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-19 15:13:39 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-19 15:13:39 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-19 15:13:39 :  <INFO>      [Telemetry] Sending to DSE
2019-09-19 15:13:40 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-19 15:13:40 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-19 15:13:40 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-19 15:13:40 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-19 15:13:40 :  <INFO>      [SslCert] Certificate EffectiveDate:  "qui fev 22 00:00:00 2018 GMT"
2019-09-19 15:13:40 :  <INFO>      [SslCert] Certificate ExpirationDate:  "qua abr 22 12:00:00 2020 GMT"
2019-09-19 15:13:40 :  <INFO>      [SslCert] ALPN: Yes
2019-09-19 15:13:40 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-19 15:13:40 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-19 15:13:40 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-19 15:13:40 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-19 15:13:40 :  <INFO>      [Scan] Finished
2019-09-19 15:14:16 :  <INFO>      [Button clicked] Clean & repair
2019-09-19 15:14:23 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-09-19 15:14:23 :  <INFO>      [Cleaning] Started
2019-09-19 15:14:23 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-09-19 15:14:23 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-09-19 15:14:23 :  <WARNING>   [Cleaning] Unable to Open process -  "Registry"   0
2019-09-19 15:14:23 :  <WARNING>   [Cleaning] Unable to Open process -  "Memory Compression"   0
2019-09-19 15:14:23 :  <WARNING>   [Cleaning] Unable to Open process -  "SgrmBroker.exe"   0
2019-09-19 15:14:23 :  <WARNING>   [Cleaning] Unable to Open process -  "SecurityHealthService.exe"   0
2019-09-19 15:14:24 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20190919.121423"
2019-09-19 15:14:24 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.AdvancedSystemCare" ,  "C:\\Users\\leexr\\AppData\\Roaming\\IObit\\Advanced SystemCare" [ "Folder" ]
2019-09-19 15:14:25 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.AdvancedSystemCare" ,  "C:\\Users\\leexr\\AppData\\Roaming\\IObit\\Advanced SystemCare" [ "Folder" ]
2019-09-19 15:14:25 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.AdvancedSystemCare" ,  "C:\\ProgramData\\IObit\\Advanced SystemCare" [ "Folder" ]
2019-09-19 15:14:25 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.AdvancedSystemCare" ,  "C:\\ProgramData\\IObit\\Advanced SystemCare" [ "Folder" ]
2019-09-19 15:14:25 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.SpyHunter" ,  "C:\\spyhunter.fix" [ "File" ]
2019-09-19 15:14:26 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.SpyHunter" ,  "C:\\spyhunter.fix" [ "File" ]
2019-09-19 15:14:26 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.SpyHunter" ,  "C:\\Windows\\SysWOW64\\sh4native.exe" [ "File" ]
2019-09-19 15:14:26 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.SpyHunter" ,  "C:\\Windows\\SysWOW64\\sh4native.exe" [ "File" ]
2019-09-19 15:14:26 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.SpyHunter" ,  "C:\\Windows\\System32\\Tasks\\SPYHUNTER4STARTUP" [ "Task" ]
2019-09-19 15:14:26 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.SpyHunter" ,  "C:\\Windows\\System32\\Tasks\\SPYHUNTER4STARTUP" [ "Task" ]
2019-09-19 15:14:26 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.SpyHunter" ,  "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\SpyHunter4Startup" [ "Registry" ]
2019-09-19 15:14:27 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.SpyHunter" ,  "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\SpyHunter4Startup" [ "Registry" ]
2019-09-19 15:14:27 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.SpyHunter" ,  "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{55B5E47B-662D-4E76-A678-A92F0B5E0F44}\u0000" [ "Registry" ]
2019-09-19 15:14:27 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.SpyHunter" ,  "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{55B5E47B-662D-4E76-A678-A92F0B5E0F44}\u0000" [ "Registry" ]
2019-09-19 15:14:27 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.SpyHunter" ,  "HKLM\\SOFTWARE\\Microsoft\\RADAR\\HeapLeakDetection\\DiagnosedApplications\\SpyHunter4.exe" [ "Registry" ]
2019-09-19 15:14:27 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.SpyHunter" ,  "HKLM\\SOFTWARE\\Microsoft\\RADAR\\HeapLeakDetection\\DiagnosedApplications\\SpyHunter4.exe" [ "Registry" ]
2019-09-19 15:14:27 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.SpyHunter" ,  "HKLM\\Software\\Wow6432Node\\EnigmaSoftwareGroup" [ "Registry" ]
2019-09-19 15:14:28 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.SpyHunter" ,  "HKLM\\Software\\Wow6432Node\\EnigmaSoftwareGroup" [ "Registry" ]
2019-09-19 15:14:28 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Shopper" ,  "C:\\Users\\leexr\\AppData\\Local\\CatalinaGroup" [ "Folder" ]
2019-09-19 15:14:40 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Shopper" ,  "C:\\Users\\leexr\\AppData\\Local\\CatalinaGroup" [ "Folder" ]
2019-09-19 15:14:40 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Shopper" ,  "HKCU\\Software\\CatalinaGroup" [ "Registry" ]
2019-09-19 15:14:40 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Shopper" ,  "HKCU\\Software\\CatalinaGroup" [ "Registry" ]
2019-09-19 15:14:40 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.DriverBooster" ,  "C:\\Users\\leexr\\AppData\\Roaming\\IOBIT\\Driver Booster" [ "Folder" ]
2019-09-19 15:14:41 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.DriverBooster" ,  "C:\\Users\\leexr\\AppData\\Roaming\\IOBIT\\Driver Booster" [ "Folder" ]
2019-09-19 15:14:41 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.DriverBooster" ,  "C:\\Program Files (x86)\\IOBIT\\Driver Booster" [ "Folder" ]
2019-09-19 15:14:42 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.DriverBooster" ,  "C:\\Program Files (x86)\\IOBIT\\Driver Booster" [ "Folder" ]
2019-09-19 15:14:42 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.DriverBooster" ,  "C:\\ProgramData\\IOBIT\\Driver Booster" [ "Folder" ]
2019-09-19 15:14:42 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.DriverBooster" ,  "C:\\ProgramData\\IOBIT\\Driver Booster" [ "Folder" ]
2019-09-19 15:14:42 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.DriverBooster" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Driver Booster_is1" [ "Registry" ]
2019-09-19 15:14:42 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.DriverBooster" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Driver Booster_is1" [ "Registry" ]
2019-09-19 15:14:42 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.DriverBooster" ,  "HKLM\\Software\\Wow6432Node\\IObit\\Driver Booster" [ "Registry" ]
2019-09-19 15:14:42 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.DriverBooster" ,  "HKLM\\Software\\Wow6432Node\\IObit\\Driver Booster" [ "Registry" ]
2019-09-19 15:14:42 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-09-19 15:14:45 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-09-19 15:14:45 :  <INFO>      [Telemetry] Sending to Influx
2019-09-19 15:14:46 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-19 15:14:46 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-19 15:14:46 :  <INFO>      [SslCert] Locality Name ()
2019-09-19 15:14:46 :  <INFO>      [SslCert] Organization ()
2019-09-19 15:14:46 :  <INFO>      [SslCert] Certificate EffectiveDate:  "dom ago 18 10:50:38 2019 GMT"
2019-09-19 15:14:46 :  <INFO>      [SslCert] Certificate ExpirationDate:  "sáb nov 16 10:50:38 2019 GMT"
2019-09-19 15:14:46 :  <INFO>      [SslCert] ALPN: Yes
2019-09-19 15:14:46 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-19 15:14:46 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-19 15:14:46 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-19 15:14:46 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-19 15:14:46 :  <INFO>      [Telemetry] Sending to DSE
2019-09-19 15:14:47 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-19 15:14:47 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-19 15:14:47 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-19 15:14:47 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-19 15:14:47 :  <INFO>      [SslCert] Certificate EffectiveDate:  "qui fev 22 00:00:00 2018 GMT"
2019-09-19 15:14:47 :  <INFO>      [SslCert] Certificate ExpirationDate:  "qua abr 22 12:00:00 2020 GMT"
2019-09-19 15:14:47 :  <INFO>      [SslCert] ALPN: Yes
2019-09-19 15:14:47 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-19 15:14:47 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-19 15:14:47 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-19 15:14:47 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-19 15:14:47 :  <INFO>      [Cleaning] Finished
2019-09-19 15:14:53 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-09-19 15:14:55 :  <INFO>      [Application] Closing AdwCleaner
2019-09-19 15:18:06 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-09-19 15:18:46 :  <INFO>      [MBInstaller] Checking Iris
2019-09-19 15:18:46 :  <INFO>      [IRIS] Making request
2019-09-19 15:18:47 :  <INFO>      [MBBanner] Checking Iris
2019-09-19 15:18:47 :  <INFO>      [IRIS] Making request
2019-09-19 15:18:47 :  <INFO>      [Telemetry] Sending hello
ication updates
2019-09-19 15:18:48 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-19 15:18:48 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-19 15:18:48 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-19 15:18:48 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-19 15:18:48 :  <INFO>      [SslCert] Certificate EffectiveDate:  "seg out 2 00:00:00 2017 GMT"
2019-09-19 15:18:48 :  <INFO>      [SslCert] Certificate ExpirationDate:  "ter out 6 12:00:00 2020 GMT"
2019-09-19 15:18:48 :  <INFO>      [SslCert] ALPN: None
2019-09-19 15:18:48 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-19 15:18:48 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-19 15:18:48 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-19 15:18:48 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-19 15:18:48 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-19 15:18:48 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-19 15:18:48 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-19 15:18:48 :  <INFO>      [SslCert] Certificate EffectiveDate:  "seg out 2 00:00:00 2017 GMT"
2019-09-19 15:18:48 :  <INFO>      [SslCert] Certificate ExpirationDate:  "ter out 6 12:00:00 2020 GMT"
2019-09-19 15:18:48 :  <INFO>      [SslCert] ALPN: None
2019-09-19 15:18:48 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-19 15:18:48 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-19 15:18:48 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-19 15:18:48 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-19 15:18:48 :  <INFO>      [IRIS] Failed
2019-09-19 15:18:49 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-19 15:18:49 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-19 15:18:49 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-19 15:18:49 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-19 15:18:49 :  <INFO>      [SslCert] Certificate EffectiveDate:  "seg out 2 00:00:00 2017 GMT"
2019-09-19 15:18:49 :  <INFO>      [SslCert] Certificate ExpirationDate:  "ter out 6 12:00:00 2020 GMT"
2019-09-19 15:18:49 :  <INFO>      [SslCert] ALPN: None
2019-09-19 15:18:49 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-19 15:18:49 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-19 15:18:49 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-19 15:18:49 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-09-19 15:18:49 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-19 15:18:49 :  <INFO>      [IRIS] Failed
2019-09-19 15:21:01 :  <INFO>      [Button clicked] Log files menu item

 

ZHPCleaner

 

~ ZHPCleaner v2019.9.17.139 by Nicolas Coolman (2019/09/17)
~ Run by leexr (Administrator)  (19/09/2019 19:54:59)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\leexr\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\leexr\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 17763)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (23)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (5)
MOVED file: C:\Windows\SECOH-QAD.dll    =>HackTool.KMSpico
MOVED file: C:\Windows\SECOH-QAD.exe    =>HackTool.KMSpico
MOVED folder: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico
MOVED folder: C:\Users\leexr\AppData\Local\Visicom Media  =>.SUP.VisicomMedia


---\\  Registry ( Key, Value, Data) (2)
DELETED key*: HKCU\Software\undefined [AdditionalScan 147]  =>.SUP.Downloader
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 [KMSpico]  =>HackTool.KMSpico


---\\  Summary of the elements found (3)
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/03/18/superfluous-visicommedia/  =>.SUP.VisicomMedia
https://nicolascoolman.eu/2017/12/22/sup-downloader/  =>.SUP.Downloader


---\\  Other deletions. (6)
~ Registry Keys Tracing deleted (6)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 1389
~ Items found : 0
~ Items cancelled : 0
~ Items options : 6/13
~ Space saving (bytes) : 0


~ End of clean in 00h00mn31s

---\\  Reports (2)
ZHPCleaner--19092019-12_41_58.txt
ZHPCleaner-[R]-19092019-19_55_30.txt
 

 

PS. Não tomei nenhuma outra medida além das passadas aqui e me desvinculei (desisti de encontrar ajuda, real) em outro fórum.

 

 

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Akai

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x64) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Clique em SCAN
  • Clique no primeiro START "Standard Scan (recommended)" e aguarde o scan...
  • Clique no botão RESULTS
  • Clique na opção REPORT e em EXPORT e selecione a opção Text file...
  • Salve o arquivo na area de trabalho com o nome roguekiller_report


Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta
  • Obrigado 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aparentemente ainda haviam funções kmspico, eu prossegui com a remoção.

 

roguekiller

 

RogueKiller Anti-Malware V13.4.4.0 (x64) [Sep 16 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : leexr [Administrator]
Started from : C:\Users\leexr\Desktop\RogueKiller_portable64.exe
Signatures : 20190920_083050, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/09/22 03:53:35 (Duration : 00:34:05)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] Service_KMS.exe (3348) -- C:\Program Files\KMSpico\Service_KMS.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] Service KMSELDI (3348) -- C:\Program Files\KMSpico\Service_KMS.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O23 - Services
  [PUP.HackTool (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI -- "C:\Program Files\KMSpico\Service_KMS.exe" (missing) -> Found
>>>>>> XX - System Policies
  [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] (file) SECOH-QAD.exe -- C:\Windows\SECOH-QAD.exe -> Found
[PUP.HackTool (Potentially Malicious)] (folder) KMSpico -- C:\Program Files\KMSpico -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Akai

 

Feche todos os programas

  • Execute RogueKiller.exe.
    ** Usuários do Windows Vista, 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png
  • Quando a Eula aparecer, clique em Accept.
  • Selecione a aba SCAN e clique em START SCAN
  • Aguarde ate que o scan termine.
  • Clique em RESULTS e verifique se todas os checkboxs
  • >>>>>>> Navegue entre as abas e marque todas as entradas encontradas <<<<<<<
  • Clique em REMOVAL
  • Aguarde ate que o programa termine de deletar as infecções.
  • Clique em RESULTS
  • Clique no botão REPORT e depois em EXPORT > TXT FILE
  • Salve como report.txt na sua Área de Trabalho

Abra o arquivo report.txt salvo no sua Área de Trabalho, copie e cole todo o conteudo na sua próxima resposta.

  • Obrigado 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

roguekiller report

 

RogueKiller Anti-Malware V13.4.4.0 (x64) [Sep 16 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : leexr [Administrator]
Started from : C:\Users\leexr\Desktop\RogueKiller_portable64.exe
Signatures : 20191003_121227, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/10/03 20:35:48 (Duration : 00:38:10)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Akai

 

  1. Clique no menu Iniciar, e após isso clique com o botão direito do mouse sob Este computador e selecione a opção Propriedades. .

  2. Em Propriedades, selecione a opção Configurações avançadas do sistema.

  3. Vá na aba Proteção do Sistema, e em Restauração do Sistema, vá na opção Criar.

    fce2f587-5556-456b-93d4-00966ae7f59d

  4. Depois basta seguir as instruções em tela, para criar seu ponto de restauração.

    OBS: Lembre-se de colocar um nome de fácil entendimento para uma posterior restauração a partir deste ponto.

Pressione as teclas Windows conheca-atalhos-de-teclado-para-dominar- + R e digite: msconfig
 
- Clique na guia Serviços, marque a opção Ocultar todos os serviços Microsoft e depois clique em Desativar tudo
- Clique na guia Inicialização de Programas e clique em Abrir Gerenciador de Tarefas
- Clique com o botão direito em cada entrada da inicialização e clique em Desabilitar/Desativar.

Volte para a tela de Configurações do Sistema e clique em Aplicar e depois em OK.
 
Siga as mensagens ate que seja solicitado a reiniciar.

Após isso me informe se os problemas em relação a malwares ainda persistem.

 

PRÓXIMA ETAPA

  • Obrigado 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Crie uma nova conta em nossa comunidade. É fácil!

Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.

Entrar agora





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

GRÁTIS: minicurso “Como ganhar dinheiro montando computadores”

Gabriel TorresGabriel Torres, fundador e editor executivo do Clube do Hardware, acaba de lançar um minicurso totalmente gratuito: "Como ganhar dinheiro montando computadores".

Você aprenderá sobre o quanto pode ganhar, como cobrar, como lidar com a concorrência, como se tornar um profissional altamente qualificado e muito mais!

Inscreva-se agora!