Zilit

@Elias Pereira

Tudo certo.

Estou agradecido demais por sua atenção.

@Elias Pereira

Desculpa pela demora.

Sobre a última instrução, tudo ok, não ocorreu nenhum problema.

@Elias Pereira
 

Program            : RogueKiller Anti-Malware
Version            : 15.1.0.0
x64                : Yes
Program Date       : Sep  2 2021
Location           : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium            : No
Company            : Adlice Software
Website            : https://www.adlice.com/
Contact            : https://adlice.com/contact/
Website            : https://adlice.com/download/roguekiller/
Operating System   : Windows 10 (10.0.19043) 64-bit
64-bit OS          : Yes
Startup            : 0
WindowsPE          : No
User               : Guizzle
User is Admin      : Yes
Date               : 2021/09/24 17:31:03
Type               : Removal
Aborted            : No
Scan Mode          : Standard
Duration           : 1375
Found items        : 9
Total scanned      : 69775
Signatures Version : 20210924_061243
Truesight Driver   : Yes

************************* Warnings *************************

************************* Removal *************************
[PUP.HackTool (Potentially Malicious)] Service KMSELDI -- %ProgramFiles%\KMSpico\Service_KMS.exe -> Stopped
  [+] scan_what       : 0
  [+] vendors         : PUP.HackTool
  [+] Name            : Service KMSELDI
  [+] value           : %ProgramFiles%\KMSpico\Service_KMS.exe
  [+] Type            : Service
  [+] file_vtscore    : -1
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 3
  [+] id              : 0
  [+] status          : 3
  [+] status_str      : Stopped
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[PUP.HackTool (Potentially Malicious)] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Deleted
  [+] scan_what       : 0
  [+] vendors         : PUP.HackTool
  [+] Name            : \AutoPico Daily Restart
  [+] value           : "C:\Program Files\KMSpico\AutoPico.exe" (/silent)
  [+] Type            : Task
  [+] file_vtscore    : -1
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 3
  [+] id              : 1
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[PUP.HackTool (Potentially Malicious)] \KMSpico Automatic Update Scheduler -- "C:\Program Files\KMSpico\KMSUPD.exe" -> Deleted
  [+] scan_what       : 0
  [+] vendors         : PUP.HackTool
  [+] Name            : \KMSpico Automatic Update Scheduler
  [+] value           : "C:\Program Files\KMSpico\KMSUPD.exe"
  [+] Type            : Task
  [+] file_vtscore    : -1
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 3
  [+] id              : 2
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-1525340926-1912069763-4131825724-1001\Software\Tencent --  -> Deleted
  [+] scan_what       : 2
  [+] vendors         : PUP.Gen1
  [+] Name            : HKEY_USERS\S-1-5-21-1525340926-1912069763-4131825724-1001\Software\Tencent
  [+] Type            : Registry
  [+] file_vtscore    : -1
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 3
  [+] id              : 3
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI -- [%ProgramFiles%\KMSpico\Service_KMS.exe] -> Deleted
  [+] scan_what       : 2
  [+] vendors         : PUP.HackTool
  [+] Name            : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI
  [+] value           : [%ProgramFiles%\KMSpico\Service_KMS.exe]
  [+] Type            : Registry
  [+] file_vtscore    : -1
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 3
  [+] id              : 4
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[PUM.Proxy (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL --  -> Deleted
  [+] scan_what       : 1
  [+] vendors         : PUM.Proxy
  [+] Name            : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL
  [+] Type            : Registry
  [+] file_vtscore    : -1
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 4
  [+] id              : 5
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[PUM.Proxy (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL --  -> Deleted
  [+] scan_what       : 1
  [+] vendors         : PUM.Proxy
  [+] Name            : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL
  [+] Type            : Registry
  [+] file_vtscore    : -1
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 4
  [+] id              : 6
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename -- Default Search Engine -> Deleted
  [+] scan_what       : 2
  [+] vendors         : PUM.SearchEngine
  [+] Name            : browser.search.defaultenginename
  [+] value           : Default Search Engine
  [+] Type            : Browser
  [+] file_vtscore    : 0
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 4
  [+] id              : 7
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Default Search Engine -> Deleted
  [+] scan_what       : 2
  [+] vendors         : PUM.SearchEngine
  [+] Name            : browser.search.selectedEngine
  [+] value           : Default Search Engine
  [+] Type            : Browser
  [+] file_vtscore    : 0
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 4
  [+] id              : 8
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

Sobre o problema nos navegadores, foi isso mesmo que você disse, agora voltou ao normal. Muito obrigado!

Segue o report do RogueKiller:

Program            : RogueKiller Anti-Malware
Version            : 15.1.0.0
x64                : Yes
Program Date       : Sep  2 2021
Location           : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium            : No
Company            : Adlice Software
Website            : https://www.adlice.com/
Contact            : https://adlice.com/contact/
Website            : https://adlice.com/download/roguekiller/
Operating System   : Windows 10 (10.0.19043) 64-bit
64-bit OS          : Yes
Startup            : 0
WindowsPE          : No
User               : Guizzle
User is Admin      : Yes
Date               : 2021/09/24 01:02:57
Type               : Scan
Aborted            : No
Scan Mode          : Standard
Duration           : 1493
Found items        : 9
Total scanned      : 69380
Signatures Version : 20210917_090901
Truesight Driver   : Yes
Arguments          : -minimize

************************* Warnings *************************

************************* Processes *************************

************************* Modules *************************

************************* Services *************************
[PUP.HackTool (Potentially Malicious)] Service KMSELDI (0) -- C:\Program Files\KMSpico\Service_KMS.exe -> Found

************************* Scheduled Tasks *************************
[PUP.HackTool (Potentially Malicious)] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" [/silent] -> Found
[PUP.HackTool (Potentially Malicious)] \KMSpico Automatic Update Scheduler -- "C:\Program Files\KMSpico\KMSUPD.exe" -> Found

************************* Registry *************************
>>>>>> XX - Software
└── [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1525340926-1912069763-4131825724-1001\Software\Tencent -- N/A -> Found
>>>>>> O23 - Services
└── [PUP.HackTool (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI --  (missing) -> Found
>>>>>> R5 - Proxy
├── [PUM.Proxy (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- http://127.0.0.1:86/ -> Found
└── [PUM.Proxy (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- http://127.0.0.1:86/ -> Found

************************* WMI *************************

************************* Hosts File *************************
is_too_big      : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts

************************* Filesystem *************************

************************* Web Browsers *************************
>>>>>> Firefox Config
├── [PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename (C:\Users\Guizzle\AppData\Roaming\Mozilla\Firefox\Profiles\v0i3w7es.default-release\prefs.js) -- Default Search Engine -> Found
└── [PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine (C:\Users\Guizzle\AppData\Roaming\Mozilla\Firefox\Profiles\v0i3w7es.default-release\prefs.js) -- Default Search Engine -> Found

************************* Antirootkit *************************

Muito obrigado pela atenção!

Outra situação também começou a acontecer nos navegadores de internet, não consigo acessar o "google.com", vou anexar o print.

 

Segue os logs:
 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-23-2021
# Duration: 00:00:08
# OS:       Windows 10 Pro
# Cleaned:  12
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Tencent
Deleted       C:\Users\Guizzle\AppData\Local\Tencent
Deleted       C:\Users\Guizzle\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Wechat
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Wechat
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0153A848-39AE-4B04-9010-63C7C7641CEE}
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3966 octets] - [23/09/2021 00:21:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

~ ZHPCleaner v2021.9.21.329 by Nicolas Coolman (2021/09/21)
~ Run by Guizzle (Administrator)  (23/09/2021 03:49:34)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Guizzle\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Guizzle\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 19043)

---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (1)
DELETED data: [X64] HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser [Bad : 0]  =>.SUP.ProxyRestriction

---\\  Hosts file (1)
~ The hosts file is legitimate (21)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (15)
MOVED file: C:\Users\Guizzle\AppData\Local\Google\Chrome\User Data\Default\Preferences    =>Préférences Chromium
MOVED file: C:\Users\Guizzle\AppData\Local\Microsoft\Edge\User Data\Default\Preferences    =>Préférences Chromium
MOVED file: C:\Windows\Temp\SECOH-QAD.exe    =>Heuristic.Suspect
MOVED file: C:\Windows\Prefetch\KMSPICO-SETUP.TMP-18F76AB9.pf    =>HackTool.KMSpico
MOVED file: C:\Windows\Prefetch\KMSPICO-SETUP.TMP-D6D20A61.pf    =>HackTool.KMSpico
MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-76DEC696.pf    =>HackTool.KMSpico
MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-B45DA915.pf    =>HackTool.KMSpico
MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-F35C79A4.pf    =>HackTool.KMSpico
MOVED file: C:\Windows\SECOH-QAD.dll    =>HackTool.KMSpico
MOVED file: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
MOVED folder: C:\KMSpico Setup  =>HackTool.KMSpico
MOVED folder: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVED folder: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico
MOVED folder: C:\WINDOWS\AutoKMS  =>HackTool.AutoKMS

---\\  Registry ( Key, Value, Data) (2)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 [KMSpico]  =>HackTool.KMSpico
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSpico Automatic Update Scheduler []  =>HackTool.KMSpico

---\\  Summary of the elements found (5)
https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.ProxyRestriction
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS

---\\  Other deletions. (0)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK
~ The system has been restarted.

---\\ Statistics
~ Items scanned : 1838
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17

---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of clean in 00h01mn07s

---\\  Reports (2)
ZHPCleaner-[S]-23092021-02_02_20.txt
ZHPCleaner-[R]-23092021-03_50_41.txt

Sistema com uma certa lentidão e que mesmo eu realizando as ações necessárias recomendadas, o "Microsoft Defender" não para de ficar mandando notificações.

 

 

ZA-Scan.txt