PC Com Possivel Infecção

africacentral · 11 de outubro de 2021

Olá. Como podem observar, sou novo por aqui. Tentei executar o ZA-Scan, conforme orientações do forum, porém, só aparece como "incompatiilidade com sistema operacional". Podem me ajudar?

Elias Pereira · 13 de outubro de 2021

@africacentral

Por favor, atente para o seguinte:

Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento p2p/toŕŕent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Respeite a ordem das instruções passadas;
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Regras da Área de Remoção de Malware << IMPORTANTE A LEITURA

Regras Gerais do Forum Clube do Hardware << IMPORTANTE A LEITURA

Siga os passos abaixo:

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

ETAPA 1

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.

https://toolslib.net/downloads/viewdownload/1-adwcleaner/

http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em

Clique em VERIFICAR AGORA/SCAN NOW. Após o termino clique em LIMPAR/CLEAN e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

ETAPA 2

Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.majorgeeks.com/files/details/zhpcleaner.html

Execute o arquivo ZHPCleaner.exe Como Administrador

Clique no botão Scanner.
A ferramenta começara o exame do seu sistema.
Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
Em seguida clique no botão Reparar.
Será gerado um log chamado ZHPCleaner.txt

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

africacentral · 13 de outubro de 2021

~ ZHPCleaner v2021.10.10.332 by Nicolas Coolman (2021/10/10) ~ Run by User (Administrator) (13/10/2021 15:01:44) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\User\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 19041) ---\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. (ADS) ---\ Services (0) ~ No malicious or unnecessary items found. (Service) ---\ Browser internet (0) ~ No malicious or unnecessary items found. (Browser) ---\ Hosts file (1) ~ The hosts file is legitimate (21) ---\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. (Task) ---\ Explorer ( File, Folder) (7) FOUND file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\ProgramData\Microsoft Toolkit\Settings.xml =>HackTool.AutoKMS FOUND folder: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS FOUND folder: C:\Windows\AutoKMS =>HackTool.AutoKMS FOUND folder: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc =>.SUP.Discord ---\ Registry ( Key, Value, Data) (12) FOUND key: HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\SOFTWARE\Discord [] =>.SUP.Discord FOUND key: HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\SOFTWARE\Classes\Discord [URL:Discord Protocol] =>.SUP.Discord FOUND key: HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\SOFTWARE\Classes\discord-382624125287399424 [URL:Run game 382624125287399424 protocol] =>.SUP.Discord FOUND key: HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\SOFTWARE\Classes\discord-700161944773984286 [URL:Run game 700161944773984286 protocol] =>.SUP.Discord FOUND key: HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\SOFTWARE\Classes\discord-804050866717196338 [URL:Run game 804050866717196338 protocol] =>.SUP.Discord FOUND key: HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\SOFTWARE\Classes\discord-807640470758883329 [URL:Run game 807640470758883329 protocol] =>.SUP.Discord FOUND key: HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\SOFTWARE\Classes\discord-836176882688589884 [URL:Run game 836176882688589884 protocol] =>.SUP.Discord FOUND key: HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\SOFTWARE\Classes\discord-855771366141460481 [URL:Run game 855771366141460481 protocol] =>.SUP.Discord FOUND key: HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\SOFTWARE\Classes\discord-857009485607075851 [URL:Run game 857009485607075851 protocol] =>.SUP.Discord FOUND key: HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\SOFTWARE\Classes\discord-885283000823185409 [URL:Run game 885283000823185409 protocol] =>.SUP.Discord FOUND key: HKCU\Software\Discord [] =>.SUP.Discord FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Discord [Discord Inc.] =>.SUP.Discord ---\ Summary of the elements found (3) https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS https://nicolascoolman.eu/forum/Topic/Discord-logiciel-potentiellement-superflu-lps/ =>.SUP.Discord ---\ Result of repair ~ Any repair made ~ Google Chrome OK ~ Internet Explorer OK ---\ Statistics ~ Items scanned : 97975 ~ Items found : 24 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 9/17 ---\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of search in 00h06mn05s ---\ Reports (0) ZHPCleaner-[S]-13102021-15_07_49.txt

Elias Pereira · 18 de outubro de 2021

@africacentral

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop)

roguekiller.exe (x64) << link

Feche todos os programas
Execute o RogueKiller.exe.
** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em
Clique em SCAN
Clique no primeiro START "Standard Scan (recommended)" e aguarde o scan...
Clique no botão RESULTS
Clique na opção REPORT e em EXPORT e selecione a opção Text file...
Salve o arquivo na area de trabalho com o nome roguekiller_report

Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

africacentral · 19 de outubro de 2021

Program : RogueKiller Anti-Malware
Version : 15.1.1.0
x64 : Yes
Program Date : Oct 7 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19041) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : User
User is Admin : Yes
Date : 2021/10/19 13:48:50
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 299
Found items : 2
Total scanned : 63457
Signatures Version : 20211018_080802
Truesight Driver : Yes
Updates Count : 4
Arguments : -minimize

************************* Warnings *************************

************************* Updates *************************
BlueStacks App Player (64-bit), version 4.280.0.1022
[+] Available Version : 5.3.0.1076
[+] Size : 1,99 GB
[+] Wow6432 : No
[+] Portable : No

WinRAR 5.91 (64-bit) (64-bit), version 5.91.0
[+] Available Version : 6.02
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\WinRAR\

Revo Uninstaller 2.2.2 (64-bit), version 2.2.2
[+] Available Version : 2.3.0
[+] Size : 21,6 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\VS Revo Group\Revo Uninstaller\

K-Lite Codec Pack 16.0.5 Basic (32-bit), version 16.0.5
[+] Available Version : 16.4.6
[+] Size : 77,9 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\K-Lite Codec Pack\

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************
[Tr.Zusy (Malicious)] \Rerun Warsaw's CoreFixer -- C:\Windows\TEMP\is-RBVUP.tmp\corefixer.exe [/norerun] -> Found

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts

************************* Filesystem *************************
[PUP.HackTool (Potentially Malicious)] (folder) AutoKMS -- C:\Windows\AutoKMS -> Found

************************* Web Browsers *************************

************************* Antirootkit *************************

Elias Pereira · 23 de outubro de 2021

@africacentral

Execute novamente o RogueKiller e após o scan, marque as entradas para remoção.

Abra o relatório gerado, copie e cole o conteúdo na sua próxima resposta.

africacentral · 23 de outubro de 2021

Program : RogueKiller Anti-Malware
Version : 15.1.1.0
x64 : Yes
Program Date : Oct 7 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19041) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : User
User is Admin : Yes
Date : 2021/10/23 23:46:13
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 287
Found items : 2
Total scanned : 63441
Signatures Version : 20211022_080253
Truesight Driver : Yes
Updates Count : 5
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[Tr.Zusy (Malicious)] \Rerun Warsaw's CoreFixer -- C:\Windows\TEMP\is-RBVUP.tmp\corefixer.exe (/norerun) -> Deleted
[+] scan_what : 0
[+] vendors : Tr.Zusy
[+] Name : \Rerun Warsaw's CoreFixer
[+] value : C:\Windows\TEMP\is-RBVUP.tmp\corefixer.exe (/norerun)
[+] Type : Task
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 0
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.HackTool (Potentially Malicious)] AutoKMS -- %SystemRoot%\AutoKMS -> Deleted
[+] scan_what : 1
[+] vendors : PUP.HackTool
[+] Name : AutoKMS
[+] value : %SystemRoot%\AutoKMS
[+] Type : File/Folder
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

Elias Pereira · 26 de outubro de 2021

@africacentral

Execute novamente o RogueKiller e após o scan, marque as entradas para remoção.

Abra o relatório gerado, copie e cole o conteúdo na sua próxima resposta.

africacentral · 26 de outubro de 2021

Program : RogueKiller Anti-Malware
Version : 15.1.1.0
x64 : Yes
Program Date : Oct 7 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19041) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : User
User is Admin : Yes
Date : 2021/10/26 23:44:42
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 311
Found items : 40
Total scanned : 63237
Signatures Version : 20211025_113801
Truesight Driver : Yes
Updates Count : 4
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[Tr.Gen (Malicious)] msedge.exe [Microsoft Corporation] -- %programfiles(x86)%\Microsoft\Edge\Application\msedge.exe -> ERROR [0]
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : msedge.exe [Microsoft Corporation]
[+] value : %programfiles(x86)%\Microsoft\Edge\Application\msedge.exe
[+] Type : Process
[+] file_hash : 0987A7B9A54AB8479968DEDC734EC048355008324AED7151E1DED4EF4CFA2ED8
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 0
[+] status : 4
[+] status_str : ERROR [0]
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] msedge.exe [Microsoft Corporation] -- %programfiles(x86)%\Microsoft\Edge\Application\msedge.exe ->
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : msedge.exe [Microsoft Corporation]
[+] value : %programfiles(x86)%\Microsoft\Edge\Application\msedge.exe
[+] Type : Process
[+] file_hash : 0987A7B9A54AB8479968DEDC734EC048355008324AED7151E1DED4EF4CFA2ED8
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 1
[+] status : 414865568
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] msedge.exe [Microsoft Corporation] -- %programfiles(x86)%\Microsoft\Edge\Application\msedge.exe -> ERROR [0]
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : msedge.exe [Microsoft Corporation]
[+] value : %programfiles(x86)%\Microsoft\Edge\Application\msedge.exe
[+] Type : Process
[+] file_hash : 0987A7B9A54AB8479968DEDC734EC048355008324AED7151E1DED4EF4CFA2ED8
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 2
[+] status : 4
[+] status_str : ERROR [0]
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] msedge.exe [Microsoft Corporation] -- %programfiles(x86)%\Microsoft\Edge\Application\msedge.exe ->
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : msedge.exe [Microsoft Corporation]
[+] value : %programfiles(x86)%\Microsoft\Edge\Application\msedge.exe
[+] Type : Process
[+] file_hash : 0987A7B9A54AB8479968DEDC734EC048355008324AED7151E1DED4EF4CFA2ED8
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 3
[+] status : 363466928
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] msedge.exe [Microsoft Corporation] -- %programfiles(x86)%\Microsoft\Edge\Application\msedge.exe ->
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : msedge.exe [Microsoft Corporation]
[+] value : %programfiles(x86)%\Microsoft\Edge\Application\msedge.exe
[+] Type : Process
[+] file_hash : 0987A7B9A54AB8479968DEDC734EC048355008324AED7151E1DED4EF4CFA2ED8
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 4
[+] status : 56211280
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] identity_helper.exe [Microsoft Corporation] -- %programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\identity_helper.exe ->
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : identity_helper.exe [Microsoft Corporation]
[+] value : %programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\identity_helper.exe
[+] Type : Process
[+] file_hash : 24335390C0E7331C4AB6BD6D30D02E966311D60DCEA2960B45EC40248C97CF83
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 5
[+] status : 56209616
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] edgeupdatem [Microsoft Corporation] -- %programfiles(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe -> Stopped
[+] scan_what : 0
[+] vendors : Tr.Gen
[+] Name : edgeupdatem [Microsoft Corporation]
[+] value : %programfiles(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
[+] Type : Service
[+] file_hash : 154EDCA117AF862AAAD2BBEFC8FD1FE5B5D89C0F2CC6091653FFC254DFDB8059
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 6
[+] status : 3
[+] status_str : Stopped
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] edgeupdate [Microsoft Corporation] -- %programfiles(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe -> Stopped
[+] scan_what : 0
[+] vendors : Tr.Gen
[+] Name : edgeupdate [Microsoft Corporation]
[+] value : %programfiles(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
[+] Type : Service
[+] file_hash : 154EDCA117AF862AAAD2BBEFC8FD1FE5B5D89C0F2CC6091653FFC254DFDB8059
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 7
[+] status : 3
[+] status_str : Stopped
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] MicrosoftEdgeElevationService [Microsoft Corporation] -- %programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\elevation_service.exe -> Stopped
[+] scan_what : 0
[+] vendors : Tr.Gen
[+] Name : MicrosoftEdgeElevationService [Microsoft Corporation]
[+] value : %programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\elevation_service.exe
[+] Type : Service
[+] file_hash : D4CB5323A9807D43B4523201DC9AD726B70D4C795D982E0C59F66C60BF2129EC
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 8
[+] status : 3
[+] status_str : Stopped
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] \MicrosoftEdgeUpdateTaskMachineCore -- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (/c) -> Deleted
[+] scan_what : 0
[+] vendors : Tr.Gen
[+] Name : \MicrosoftEdgeUpdateTaskMachineCore
[+] value : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (/c)
[+] Type : Task
[+] file_hash : 154EDCA117AF862AAAD2BBEFC8FD1FE5B5D89C0F2CC6091653FFC254DFDB8059
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 9
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] \MicrosoftEdgeUpdateTaskMachineUA -- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (/ua /installsource scheduler) -> Deleted
[+] scan_what : 0
[+] vendors : Tr.Gen
[+] Name : \MicrosoftEdgeUpdateTaskMachineUA
[+] value : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (/ua /installsource scheduler)
[+] Type : Task
[+] file_hash : 154EDCA117AF862AAAD2BBEFC8FD1FE5B5D89C0F2CC6091653FFC254DFDB8059
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 10
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{0288C4DF-C38D-4B9F-BC61-7A629F19FDD9} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.137.93\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{0288C4DF-C38D-4B9F-BC61-7A629F19FDD9}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.137.93\psmachine_64.dll]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 11
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{02FA29FD-9010-4BF7-BE2D-E0519A40E826} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.129.35\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{02FA29FD-9010-4BF7-BE2D-E0519A40E826}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.129.35\psmachine_64.dll]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 12
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{14BE1FB6-7B58-4724-BCF7-4389C7770F07} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.135.41\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{14BE1FB6-7B58-4724-BCF7-4389C7770F07}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.135.41\psmachine_64.dll]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 13
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -- [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\BHO\ie_to_edge_bho_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}
[+] value : [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\BHO\ie_to_edge_bho_64.dll]
[+] Type : Registry
[+] file_hash : F41521034D70213A92B4DD5D9A888641CEF04E0E7F7B20DC7B2FD937D4B42879
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 14
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{59B4762A-A6A9-43BF-A4E3-1BC20DA752D8} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.135.29\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{59B4762A-A6A9-43BF-A4E3-1BC20DA752D8}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.135.29\psmachine_64.dll]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 15
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} -- [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\notification_helper.exe] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}
[+] value : [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\notification_helper.exe]
[+] Type : Registry
[+] file_hash : 9C09A0EF52F68DF557C7ED0D551F8D24D18AFF6659AFB3E210E4C5CDD19B3F94
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 16
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{9252D922-D666-478A-9770-7C0C63BC2692} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.153.45\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{9252D922-D666-478A-9770-7C0C63BC2692}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.153.45\psmachine_64.dll]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 17
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{9D48CE47-9E1C-4D41-B480-260563C0B724} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.153.47\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{9D48CE47-9E1C-4D41-B480-260563C0B724}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.153.47\psmachine_64.dll]
[+] Type : Registry
[+] file_hash : 378AB2C06454E4AB7BCD7BF37FA125D4F7AF03E31755173B750339DF31C759BB
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 18
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.153.47\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.153.47\psmachine_64.dll]
[+] Type : Registry
[+] file_hash : 378AB2C06454E4AB7BCD7BF37FA125D4F7AF03E31755173B750339DF31C759BB
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 19
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.153.47\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.153.47\psmachine_64.dll]
[+] Type : Registry
[+] file_hash : 378AB2C06454E4AB7BCD7BF37FA125D4F7AF03E31755173B750339DF31C759BB
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 20
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.147.37\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{A533BCB1-6D33-41FC-8C3B-63223FCCE9D2}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.147.37\psmachine_64.dll]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 21
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{B532B342-0E34-448B-9EDF-1D55C04041F8} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.151.27\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{B532B342-0E34-448B-9EDF-1D55C04041F8}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.151.27\psmachine_64.dll]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 22
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{CFBF07CB-F962-4D92-9CA0-6A84148B1AAE} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.137.99\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{CFBF07CB-F962-4D92-9CA0-6A84148B1AAE}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.137.99\psmachine_64.dll]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 23
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{DA63DCB5-6ABC-45FE-933C-8FDE834DE2C8} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.135.49\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{DA63DCB5-6ABC-45FE-933C-8FDE834DE2C8}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.135.49\psmachine_64.dll]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 24
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_CLASSES_ROOT\CLSID\{F061FB61-2FE6-4BFF-ACF7-5FC2271CCEA9} -- [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.139.59\psmachine_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_CLASSES_ROOT\CLSID\{F061FB61-2FE6-4BFF-ACF7-5FC2271CCEA9}
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\1.3.139.59\psmachine_64.dll]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 25
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -- [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\BHO\ie_to_edge_bho_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}
[+] value : [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\BHO\ie_to_edge_bho_64.dll]
[+] Type : Registry
[+] file_hash : F41521034D70213A92B4DD5D9A888641CEF04E0E7F7B20DC7B2FD937D4B42879
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 26
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -- [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\BHO\ie_to_edge_bho_64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}
[+] value : [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\BHO\ie_to_edge_bho_64.dll]
[+] Type : Registry
[+] file_hash : F41521034D70213A92B4DD5D9A888641CEF04E0E7F7B20DC7B2FD937D4B42879
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 27
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\Software\Microsoft\Windows\CurrentVersion\Run|MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C -- [%programfiles(x86)%\Microsoft\Edge\Application\msedge.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : HKEY_USERS\S-1-5-21-1138513053-1052002816-1852904259-1000\Software\Microsoft\Windows\CurrentVersion\Run|MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C
[+] value : [%programfiles(x86)%\Microsoft\Edge\Application\msedge.exe]
[+] Type : Registry
[+] file_hash : 0987A7B9A54AB8479968DEDC734EC048355008324AED7151E1DED4EF4CFA2ED8
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 28
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\edgeupdate -- [%programfiles(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\edgeupdate
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe]
[+] Type : Registry
[+] file_hash : 154EDCA117AF862AAAD2BBEFC8FD1FE5B5D89C0F2CC6091653FFC254DFDB8059
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 29
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\edgeupdatem -- [%programfiles(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\edgeupdatem
[+] value : [%programfiles(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe]
[+] Type : Registry
[+] file_hash : 154EDCA117AF862AAAD2BBEFC8FD1FE5B5D89C0F2CC6091653FFC254DFDB8059
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 30
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MicrosoftEdgeElevationService -- [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\elevation_service.exe] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gen
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MicrosoftEdgeElevationService
[+] value : [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\elevation_service.exe]
[+] Type : Registry
[+] file_hash : D4CB5323A9807D43B4523201DC9AD726B70D4C795D982E0C59F66C60BF2129EC
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 31
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BD56DA9E-530A-446B-B7F0-E67C57235F83} -- [%programfiles(x86)%\Microsoft\Edge\Application\msedge.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BD56DA9E-530A-446B-B7F0-E67C57235F83}
[+] value : [%programfiles(x86)%\Microsoft\Edge\Application\msedge.exe]
[+] Type : Registry
[+] file_hash : 0987A7B9A54AB8479968DEDC734EC048355008324AED7151E1DED4EF4CFA2ED8
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 32
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B5383301-13FC-4E95-9F30-001C47390405} -- [%programfiles(x86)%\Microsoft\Edge\Application\msedge.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B5383301-13FC-4E95-9F30-001C47390405}
[+] value : [%programfiles(x86)%\Microsoft\Edge\Application\msedge.exe]
[+] Type : Registry
[+] file_hash : 0987A7B9A54AB8479968DEDC734EC048355008324AED7151E1DED4EF4CFA2ED8
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 33
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}|StubPath -- [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\Installer\setup.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}|StubPath
[+] value : [%programfiles(x86)%\Microsoft\Edge\Application\95.0.1020.30\Installer\setup.exe]
[+] Type : Registry
[+] file_hash : 3DCE548AB6862CE91E4EABA1119E0CCEEA42E5101DF22F76C8BEEF2A4D4FBEDE
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 34
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] Microsoft Edge.lnk -- %_User_appdata%\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk (lnk => C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe []) -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : Microsoft Edge.lnk
[+] value : %_User_appdata%\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk (lnk => C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe [])
[+] Type : File/Folder
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 35
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] Microsoft Edge.lnk -- %_User_appdata%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk (lnk => C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe [--profile-directory=Default]) -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : Microsoft Edge.lnk
[+] value : %_User_appdata%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk (lnk => C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe [--profile-directory=Default])
[+] Type : File/Folder
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 36
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] Microsoft Edge.lnk -- %localappdata%\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk (lnk => C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe [--profile-directory=Default]) -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : Microsoft Edge.lnk
[+] value : %localappdata%\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk (lnk => C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe [--profile-directory=Default])
[+] Type : File/Folder
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 37
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] Microsoft Edge.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk (lnk => C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe []) -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : Microsoft Edge.lnk
[+] value : %programdata%\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk (lnk => C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe [])
[+] Type : File/Folder
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 38
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gen (Malicious)] Microsoft -- %programfiles(x86)%\Microsoft -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : Microsoft
[+] value : %programfiles(x86)%\Microsoft
[+] Type : File/Folder
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 39
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

africacentral · 27 de outubro de 2021

Essa ultima limpeza deixou o Microsoft Edge corrompido.

Elias Pereira · 31 de outubro de 2021

Em 27/10/2021 às 10:55, africacentral disse:

Essa ultima limpeza deixou o Microsoft Edge corrompido.

O roguekiller removeu alguma infecção nas dlls do edge.

Execute novamente o RogueKiller e poste o log.

africacentral · 1 de novembro de 2021

Log limpo, sem nenhuma ameaça detectada.

africacentral · 1 de novembro de 2021

Program : RogueKiller Anti-Malware
Version : 15.1.1.0
x64 : Yes
Program Date : Oct 7 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19041) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : User
User is Admin : Yes
Date : 2021/11/01 16:51:44
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 268
Found items : 0
Total scanned : 63508
Signatures Version : 20211027_081912
Truesight Driver : Yes
Updates Count : 5
Arguments : -minimize

************************* Warnings *************************

************************* Updates *************************
BlueStacks App Player (64-bit), version 4.280.0.1022
[+] Available Version : 5.3.110.1002
[+] Size : 1,99 GB
[+] Wow6432 : No
[+] Portable : No

WinRAR 5.91 (64-bit) (64-bit), version 5.91.0
[+] Available Version : 6.02
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\WinRAR\

Revo Uninstaller 2.2.2 (64-bit), version 2.2.2
[+] Available Version : 2.3.5
[+] Size : 21,6 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\VS Revo Group\Revo Uninstaller\

Google Chrome (32-bit), version 95.0.4638.54
[+] Available Version : 95.0.4638.69
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files\Google\Chrome\Application

K-Lite Codec Pack 16.0.5 Basic (32-bit), version 16.0.5
[+] Available Version : 16.5.0
[+] Size : 77,9 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\K-Lite Codec Pack\

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts

************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

Elias Pereira · 4 de novembro de 2021

@africacentral

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop)

roguekiller.exe (x64) << link

Feche todos os programas
Execute o RogueKiller.exe.
** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em
Clique em SCAN
Clique no primeiro START "Standard Scan (recommended)" e aguarde o scan...
Clique no botão RESULTS
Clique na opção REPORT e em EXPORT e selecione a opção Text file...
Salve o arquivo na area de trabalho com o nome roguekiller_report

Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

africacentral · 5 de novembro de 2021

Program : RogueKiller Anti-Malware
Version : 15.1.2.0
x64 : Yes
Program Date : Nov 3 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19041) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : User
User is Admin : Yes
Date : 2021/11/05 14:24:56
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 219
Found items : 0
Total scanned : 64747
Signatures Version : 20211102_094554
Truesight Driver : Yes
Updates Count : 4
Arguments : -minimize

************************* Warnings *************************

************************* Updates *************************
BlueStacks App Player (64-bit), version 4.280.0.1022
[+] Available Version : 5.3.110.1002
[+] Size : 1,99 GB
[+] Wow6432 : No
[+] Portable : No

WinRAR 5.91 (64-bit) (64-bit), version 5.91.0
[+] Available Version : 6.02
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\WinRAR\

Revo Uninstaller 2.2.2 (64-bit), version 2.2.2
[+] Available Version : 2.3.5
[+] Size : 21,6 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\VS Revo Group\Revo Uninstaller\

K-Lite Codec Pack 16.0.5 Basic (32-bit), version 16.0.5
[+] Available Version : 16.5.2
[+] Size : 77,9 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\K-Lite Codec Pack\

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts

************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

Elias Pereira · 5 de novembro de 2021

@africacentral

Clique no menu Iniciar, e após isso clique com o botão direito do mouse sob Este computador e selecione a opção Propriedades.
Em Propriedades, selecione a opção Configurações avançadas do sistema.
Vá na aba Proteção do Sistema, e em Restauração do Sistema, vá na opção Criar.
OBS: Atente para a correta criação do ponto de restauração
Depois basta seguir as instruções em tela, para criar seu ponto de restauração.
OBS: Lembre-se de colocar um nome de fácil entendimento para uma posterior restauração a partir deste ponto.

Pressione as teclas Windows + R e digite: msconfig
- Clique na guia Serviços, marque a opção Ocultar todos os serviços Microsoft e depois clique em Desativar tudo
- Clique na guia Inicialização de Programas e clique em Abrir Gerenciador de Tarefas
- Clique com o botão direito em cada entrada da inicialização e clique em Desabilitar/Desativar.

Volte para a tela de Configurações do Sistema e clique em Aplicar e depois em OK.

Siga as mensagens ate que seja solicitado a reiniciar.

Me informe se tudo ok ou se ocorreu algum problema.

africacentral · 6 de novembro de 2021

Fiz a restauração de sistema conforme indicado, mas o Edge não voltou.

Elias Pereira · 9 de novembro de 2021

@africacentral

Faça o download novamente e instale.

https://www.microsoft.com/en-us/edge

africacentral · 9 de novembro de 2021

Tudo certo agora, muito obrigado pela ajuda!!

Elias Pereira · 12 de novembro de 2021

@africacentral

Em relação a malwares, não temos mais problemas.

MANTENHA O SO ATUALIZADO:
Mantenha como "automatica" as atualizações do windows. Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações. Por isso é fundamental manter o seu sistema atualizado.

Se não tiver mais problema em relação a malwares, clique em Denunciar Post localizado no topo da pagina e diga que seu topico está RESOLVIDO. Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do CdH.

Elias Pereira · 14 de dezembro de 2021

Problema resolvido!

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.