Zilit

@Elias Pereira Tudo certo. Estou agradecido demais por sua atenção.

@Elias Pereira Desculpa pela demora. Sobre a última instrução, tudo ok, não ocorreu nenhum problema.

@Elias Pereira Program : RogueKiller Anti-Malware Version : 15.1.0.0 x64 : Yes Program Date : Sep 2 2021 Location : C:\Program Files\RogueKiller\RogueKiller64.exe Premium : No Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19043) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : Guizzle User is Admin : Yes Date : 2021/09/24 17:31:03 Type : Removal Aborted : No Scan Mode : Standard Duration : 1375 Found items : 9 Total scanned : 69775 Signatures Version : 20210924_061243 Truesight Driver : Yes ************************* Warnings ************************* ************************* Removal ************************* [PUP.HackTool (Potentially Malicious)] Service KMSELDI -- %ProgramFiles%\KMSpico\Service_KMS.exe -> Stopped [+] scan_what : 0 [+] vendors : PUP.HackTool [+] Name : Service KMSELDI [+] value : %ProgramFiles%\KMSpico\Service_KMS.exe [+] Type : Service [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 0 [+] status : 3 [+] status_str : Stopped [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.HackTool (Potentially Malicious)] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Deleted [+] scan_what : 0 [+] vendors : PUP.HackTool [+] Name : \AutoPico Daily Restart [+] value : "C:\Program Files\KMSpico\AutoPico.exe" (/silent) [+] Type : Task [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 1 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.HackTool (Potentially Malicious)] \KMSpico Automatic Update Scheduler -- "C:\Program Files\KMSpico\KMSUPD.exe" -> Deleted [+] scan_what : 0 [+] vendors : PUP.HackTool [+] Name : \KMSpico Automatic Update Scheduler [+] value : "C:\Program Files\KMSpico\KMSUPD.exe" [+] Type : Task [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 2 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-1525340926-1912069763-4131825724-1001\Software\Tencent -- -> Deleted [+] scan_what : 2 [+] vendors : PUP.Gen1 [+] Name : HKEY_USERS\S-1-5-21-1525340926-1912069763-4131825724-1001\Software\Tencent [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 3 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI -- [%ProgramFiles%\KMSpico\Service_KMS.exe] -> Deleted [+] scan_what : 2 [+] vendors : PUP.HackTool [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI [+] value : [%ProgramFiles%\KMSpico\Service_KMS.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 4 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUM.Proxy (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- -> Deleted [+] scan_what : 1 [+] vendors : PUM.Proxy [+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 4 [+] id : 5 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUM.Proxy (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- -> Deleted [+] scan_what : 1 [+] vendors : PUM.Proxy [+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 4 [+] id : 6 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename -- Default Search Engine -> Deleted [+] scan_what : 2 [+] vendors : PUM.SearchEngine [+] Name : browser.search.defaultenginename [+] value : Default Search Engine [+] Type : Browser [+] file_vtscore : 0 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 4 [+] id : 7 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Default Search Engine -> Deleted [+] scan_what : 2 [+] vendors : PUM.SearchEngine [+] Name : browser.search.selectedEngine [+] value : Default Search Engine [+] Type : Browser [+] file_vtscore : 0 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 4 [+] id : 8 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1

Sobre o problema nos navegadores, foi isso mesmo que você disse, agora voltou ao normal. Muito obrigado! Segue o report do RogueKiller: Program : RogueKiller Anti-Malware Version : 15.1.0.0 x64 : Yes Program Date : Sep 2 2021 Location : C:\Program Files\RogueKiller\RogueKiller64.exe Premium : No Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19043) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : Guizzle User is Admin : Yes Date : 2021/09/24 01:02:57 Type : Scan Aborted : No Scan Mode : Standard Duration : 1493 Found items : 9 Total scanned : 69380 Signatures Version : 20210917_090901 Truesight Driver : Yes Arguments : -minimize ************************* Warnings ************************* ************************* Processes ************************* ************************* Modules ************************* ************************* Services ************************* [PUP.HackTool (Potentially Malicious)] Service KMSELDI (0) -- C:\Program Files\KMSpico\Service_KMS.exe -> Found ************************* Scheduled Tasks ************************* [PUP.HackTool (Potentially Malicious)] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" [/silent] -> Found [PUP.HackTool (Potentially Malicious)] \KMSpico Automatic Update Scheduler -- "C:\Program Files\KMSpico\KMSUPD.exe" -> Found ************************* Registry ************************* >>>>>> XX - Software └── [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1525340926-1912069763-4131825724-1001\Software\Tencent -- N/A -> Found >>>>>> O23 - Services └── [PUP.HackTool (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI -- (missing) -> Found >>>>>> R5 - Proxy ├── [PUM.Proxy (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- http://127.0.0.1:86/ -> Found └── [PUM.Proxy (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- http://127.0.0.1:86/ -> Found ************************* WMI ************************* ************************* Hosts File ************************* is_too_big : No hosts_file_path : C:\Windows\System32\drivers\etc\hosts ************************* Filesystem ************************* ************************* Web Browsers ************************* >>>>>> Firefox Config ├── [PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename (C:\Users\Guizzle\AppData\Roaming\Mozilla\Firefox\Profiles\v0i3w7es.default-release\prefs.js) -- Default Search Engine -> Found └── [PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine (C:\Users\Guizzle\AppData\Roaming\Mozilla\Firefox\Profiles\v0i3w7es.default-release\prefs.js) -- Default Search Engine -> Found ************************* Antirootkit *************************

Muito obrigado pela atenção! Outra situação também começou a acontecer nos navegadores de internet, não consigo acessar o "google.com", vou anexar o print. Segue os logs: # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-09-09.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-23-2021 # Duration: 00:00:08 # OS: Windows 10 Pro # Cleaned: 12 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files (x86)\Tencent Deleted C:\Users\Guizzle\AppData\Local\Tencent Deleted C:\Users\Guizzle\AppData\Roaming\Tencent ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Wechat Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Wechat Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0153A848-39AE-4B04-9010-63C7C7641CEE} Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [3966 octets] - [23/09/2021 00:21:27] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ~ ZHPCleaner v2021.9.21.329 by Nicolas Coolman (2021/09/21) ~ Run by Guizzle (Administrator) (23/09/2021 03:49:34) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\Guizzle\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\Guizzle\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : OK ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 19043) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) DELETED data: [X64] HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser [Bad : 0] =>.SUP.ProxyRestriction ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (15) MOVED file: C:\Users\Guizzle\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\Guizzle\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Windows\Temp\SECOH-QAD.exe =>Heuristic.Suspect MOVED file: C:\Windows\Prefetch\KMSPICO-SETUP.TMP-18F76AB9.pf =>HackTool.KMSpico MOVED file: C:\Windows\Prefetch\KMSPICO-SETUP.TMP-D6D20A61.pf =>HackTool.KMSpico MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-76DEC696.pf =>HackTool.KMSpico MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-B45DA915.pf =>HackTool.KMSpico MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-F35C79A4.pf =>HackTool.KMSpico MOVED file: C:\Windows\SECOH-QAD.dll =>HackTool.KMSpico MOVED file: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS MOVED folder: C:\KMSpico Setup =>HackTool.KMSpico MOVED folder: C:\Program Files\KMSpico =>HackTool.KMSpico MOVED folder: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico MOVED folder: C:\WINDOWS\AutoKMS =>HackTool.AutoKMS ---\\ Registry ( Key, Value, Data) (2) DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 [KMSpico] =>HackTool.KMSpico DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSpico Automatic Update Scheduler [] =>HackTool.KMSpico ---\\ Summary of the elements found (5) https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.ProxyRestriction https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS ---\\ Other deletions. (0) ~ Registry Keys Tracing deleted (0) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 1838 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 9/17 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of clean in 00h01mn07s ---\\ Reports (2) ZHPCleaner-[S]-23092021-02_02_20.txt ZHPCleaner-[R]-23092021-03_50_41.txt

Sistema com uma certa lentidão e que mesmo eu realizando as ações necessárias recomendadas, o "Microsoft Defender" não para de ficar mandando notificações. ZA-Scan.txt