![](https://www.clubedohardware.com.br/uploads/themes/set_resources_52/84c1e40ea0e759e3f1505eb1788ddf3c_pattern.png)
Zilit
-
Posts
6 -
Cadastrado em
-
Última visita
Tipo de conteúdo
Artigos
Selos
Fabricantes
Livros
Cursos
Análises
Fórum
posts postados por Zilit
-
-
@Elias Pereira
Desculpa pela demora.
Sobre a última instrução, tudo ok, não ocorreu nenhum problema. -
Program : RogueKiller Anti-Malware
Version : 15.1.0.0
x64 : Yes
Program Date : Sep 2 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19043) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Guizzle
User is Admin : Yes
Date : 2021/09/24 17:31:03
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 1375
Found items : 9
Total scanned : 69775
Signatures Version : 20210924_061243
Truesight Driver : Yes************************* Warnings *************************
************************* Removal *************************
[PUP.HackTool (Potentially Malicious)] Service KMSELDI -- %ProgramFiles%\KMSpico\Service_KMS.exe -> Stopped
[+] scan_what : 0
[+] vendors : PUP.HackTool
[+] Name : Service KMSELDI
[+] value : %ProgramFiles%\KMSpico\Service_KMS.exe
[+] Type : Service
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 0
[+] status : 3
[+] status_str : Stopped
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1[PUP.HackTool (Potentially Malicious)] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Deleted
[+] scan_what : 0
[+] vendors : PUP.HackTool
[+] Name : \AutoPico Daily Restart
[+] value : "C:\Program Files\KMSpico\AutoPico.exe" (/silent)
[+] Type : Task
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1[PUP.HackTool (Potentially Malicious)] \KMSpico Automatic Update Scheduler -- "C:\Program Files\KMSpico\KMSUPD.exe" -> Deleted
[+] scan_what : 0
[+] vendors : PUP.HackTool
[+] Name : \KMSpico Automatic Update Scheduler
[+] value : "C:\Program Files\KMSpico\KMSUPD.exe"
[+] Type : Task
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 2
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-1525340926-1912069763-4131825724-1001\Software\Tencent -- -> Deleted
[+] scan_what : 2
[+] vendors : PUP.Gen1
[+] Name : HKEY_USERS\S-1-5-21-1525340926-1912069763-4131825724-1001\Software\Tencent
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 3
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI -- [%ProgramFiles%\KMSpico\Service_KMS.exe] -> Deleted
[+] scan_what : 2
[+] vendors : PUP.HackTool
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI
[+] value : [%ProgramFiles%\KMSpico\Service_KMS.exe]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 4
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1[PUM.Proxy (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- -> Deleted
[+] scan_what : 1
[+] vendors : PUM.Proxy
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 5
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1[PUM.Proxy (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- -> Deleted
[+] scan_what : 1
[+] vendors : PUM.Proxy
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 6
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1[PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename -- Default Search Engine -> Deleted
[+] scan_what : 2
[+] vendors : PUM.SearchEngine
[+] Name : browser.search.defaultenginename
[+] value : Default Search Engine
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 7
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Default Search Engine -> Deleted
[+] scan_what : 2
[+] vendors : PUM.SearchEngine
[+] Name : browser.search.selectedEngine
[+] value : Default Search Engine
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 8
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1 -
Sobre o problema nos navegadores, foi isso mesmo que você disse, agora voltou ao normal. Muito obrigado!
Segue o report do RogueKiller:Program : RogueKiller Anti-Malware
Version : 15.1.0.0
x64 : Yes
Program Date : Sep 2 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19043) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Guizzle
User is Admin : Yes
Date : 2021/09/24 01:02:57
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 1493
Found items : 9
Total scanned : 69380
Signatures Version : 20210917_090901
Truesight Driver : Yes
Arguments : -minimize************************* Warnings *************************
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
[PUP.HackTool (Potentially Malicious)] Service KMSELDI (0) -- C:\Program Files\KMSpico\Service_KMS.exe -> Found************************* Scheduled Tasks *************************
[PUP.HackTool (Potentially Malicious)] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" [/silent] -> Found
[PUP.HackTool (Potentially Malicious)] \KMSpico Automatic Update Scheduler -- "C:\Program Files\KMSpico\KMSUPD.exe" -> Found************************* Registry *************************
>>>>>> XX - Software
└── [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1525340926-1912069763-4131825724-1001\Software\Tencent -- N/A -> Found
>>>>>> O23 - Services
└── [PUP.HackTool (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI -- (missing) -> Found
>>>>>> R5 - Proxy
├── [PUM.Proxy (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- http://127.0.0.1:86/ -> Found
└── [PUM.Proxy (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- http://127.0.0.1:86/ -> Found************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem ************************************************** Web Browsers *************************
>>>>>> Firefox Config
├── [PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename (C:\Users\Guizzle\AppData\Roaming\Mozilla\Firefox\Profiles\v0i3w7es.default-release\prefs.js) -- Default Search Engine -> Found
└── [PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine (C:\Users\Guizzle\AppData\Roaming\Mozilla\Firefox\Profiles\v0i3w7es.default-release\prefs.js) -- Default Search Engine -> Found************************* Antirootkit *************************
-
Muito obrigado pela atenção!
Outra situação também começou a acontecer nos navegadores de internet, não consigo acessar o "google.com", vou anexar o print.Segue os logs:
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-23-2021
# Duration: 00:00:08
# OS: Windows 10 Pro
# Cleaned: 12
# Failed: 0
***** [ Services ] *****No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Tencent
Deleted C:\Users\Guizzle\AppData\Local\Tencent
Deleted C:\Users\Guizzle\AppData\Roaming\Tencent***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Wechat
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Wechat
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0153A848-39AE-4B04-9010-63C7C7641CEE}
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************[+] Delete Tracing Keys
[+] Reset Winsock*************************
AdwCleaner[S00].txt - [3966 octets] - [23/09/2021 00:21:27]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
~ ZHPCleaner v2021.9.21.329 by Nicolas Coolman (2021/09/21)
~ Run by Guizzle (Administrator) (23/09/2021 03:49:34)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Guizzle\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Guizzle\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 19043)
---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.
---\\ Services (0)
~ No malicious or unnecessary items found.
---\\ Browser internet (1)
DELETED data: [X64] HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser [Bad : 0] =>.SUP.ProxyRestriction
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
---\\ Explorer ( File, Folder) (15)
MOVED file: C:\Users\Guizzle\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium
MOVED file: C:\Users\Guizzle\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium
MOVED file: C:\Windows\Temp\SECOH-QAD.exe =>Heuristic.Suspect
MOVED file: C:\Windows\Prefetch\KMSPICO-SETUP.TMP-18F76AB9.pf =>HackTool.KMSpico
MOVED file: C:\Windows\Prefetch\KMSPICO-SETUP.TMP-D6D20A61.pf =>HackTool.KMSpico
MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-76DEC696.pf =>HackTool.KMSpico
MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-B45DA915.pf =>HackTool.KMSpico
MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-F35C79A4.pf =>HackTool.KMSpico
MOVED file: C:\Windows\SECOH-QAD.dll =>HackTool.KMSpico
MOVED file: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS
MOVED folder: C:\KMSpico Setup =>HackTool.KMSpico
MOVED folder: C:\Program Files\KMSpico =>HackTool.KMSpico
MOVED folder: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
MOVED folder: C:\WINDOWS\AutoKMS =>HackTool.AutoKMS
---\\ Registry ( Key, Value, Data) (2)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 [KMSpico] =>HackTool.KMSpico
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSpico Automatic Update Scheduler [] =>HackTool.KMSpico
---\\ Summary of the elements found (5)
https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.ProxyRestriction
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS
---\\ Other deletions. (0)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (0)
---\\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK
~ The system has been restarted.
---\\ Statistics
~ Items scanned : 1838
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17
---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed~ End of clean in 00h01mn07s
---\\ Reports (2)
ZHPCleaner-[S]-23092021-02_02_20.txt
ZHPCleaner-[R]-23092021-03_50_41.txt -
Sistema com uma certa lentidão e que mesmo eu realizando as ações necessárias recomendadas, o "Microsoft Defender" não para de ficar mandando notificações.
Sobre o Clube do Hardware
No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais
Direitos autorais
Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais
Ameaças Encontradas, Computador Lento
em Casos resolvidos
Postado
@Elias Pereira
Tudo certo.
Estou agradecido demais por sua atenção.