Dymytry Correia

Entendi. Vou procurar os drivers do notebook. Ao encontrá-lo devo fazer este procedimento mencionado?

Boa noite. Estou com 2 problemas no meu notebook. Primeiro: Meu notebook não reinicia. Toda vez que preciso reiniciá-lo, ele apenas esmaece a tela e não encerra para logo em seguida iniciar. Forçando-me a reiniciar manualmente. Mediante isso, vem o segundo problema. Não estou conseguindo instalar o Windows 10, já que pede reinicialização do sistema, como eu faço a reinicialização forçada, quando o computador inicia, já abre com erro de instalação do Windows. CÓDIGO DO ERRO: 0xC1900101 - 0x20017 OBS. Tentei instalar o Windows 10 pelo Media Creator. ZA-Scan.txt

Muito obrigado por tudo, aparentemente o problema foi solucionado. Desde que testei aqui, não tive ocorrências. Novamente, agradeço muito pela ajuda. Grande Abraço.

RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits Started in : Normal mode User : dymytry [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20210412_114416, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2021/04/12 13:17:04 (Duration : 00:11:26) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Miner.Gen (Malicious)] Active.exe -- %localappdata%\Disk\Packages\Active.exe -> Killed [Tree] [Miner.Gen (Malicious)] AutoIt3_x64.exe [AutoIt Consulting Ltd] -- %localappdata%\Disk\AutoIt3\AutoIt3_x64.exe -> Killed [Tree] [PUP.HackTool (Potentially Malicious)] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Deleted [Miner.Gen (Malicious)] \Services\Diagnostic -- "C:\Users\dymytry\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe" ("C:\Users\dymytry\AppData\Local\Disk\AutoIt3\Settings.au3") -> Deleted [PUP.CryptoTab (Potentially Malicious)] HKEY_USERS\S-1-5-21-491344444-3582890924-2238278525-1000\Software\CryptoCompany -- -> Deleted [PUP.CryptoTab (Potentially Malicious)] CryptoCompany -- %localappdata%\CryptoCompany -> Deleted => CrashReports -- C:\Users\dymytry\AppData\Local\CRYPTO~1\CRASHR~1 -> Deleted [Miner.Gen (Malicious)] Disk -- %localappdata%\Disk -> ERROR [5] [PUP.CryptoTab (Potentially Malicious)] CryptoCompany -- %programfiles(x86)%\CryptoCompany -> Deleted => CrashReports -- C:\PROGRA~2\CRYPTO~1\CRASHR~1 -> Deleted

RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits Started in : Normal mode User : dymytry [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20210407_080335, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2021/04/09 12:45:42 (Duration : 00:11:18) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Miner.Gen (Malicious)] AutoIt3_x64.exe (4084) -- (AutoIt Consulting Ltd) C:\Users\dymytry\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe -> Found [Miner.Gen (Malicious)] Active.exe (2704) -- C:\Users\dymytry\AppData\Local\Disk\Packages\Active.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.HackTool (Potentially Malicious)] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Found [Miner.Gen (Malicious)] (AutoIt Consulting Ltd) \Services\Diagnostic -- "C:\Users\dymytry\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe" ["C:\Users\dymytry\AppData\Local\Disk\AutoIt3\Settings.au3"] -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Software [PUP.CryptoTab (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-491344444-3582890924-2238278525-1000\Software\CryptoCompany -- N/A -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.CryptoTab (Potentially Malicious)] (folder) CryptoCompany -- C:\Users\dymytry\AppData\Local\CryptoCompany -> Found [Miner.Gen (Malicious)] (folder) Disk -- C:\Users\dymytry\AppData\Local\Disk -> Found [PUP.CryptoTab (Potentially Malicious)] (folder) CryptoCompany -- C:\Program Files (x86)\CryptoCompany -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ZHPCleaner v2021.4.3.289 by Nicolas Coolman (2021/04/03) ~ Run by dymytry (Administrator) (07/04/2021 06:56:03) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : ~ Type : Repair ~ Report : C:\Users\dymytry\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\dymytry\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Professional, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (20) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (10) MOVED file: C:\Users\dymytry\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\Kekynha\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\dymytry\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\dymytry\AppData\Local\Temp\utt5D99.tmp =>BitTorrent (P2P) MOVED file: C:\Users\dymytry\AppData\Local\Temp\utt6623.tmp =>BitTorrent (P2P) MOVED file: C:\Users\dymytry\AppData\Local\Temp\utt89DA.tmp =>BitTorrent (P2P) MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] =>HackTool.AutoKMS MOVED file: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS MOVED folder: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS MOVED folder: C:\Windows\AutoKMS =>HackTool.AutoKMS ---\\ Registry ( Key, Value, Data) (8) DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8E61F24D-0430-42AF-ACC3-3004C693079D}\\DhcpNameServer [Bad : 189.127.48.4 189.127.48.8] =>Hijacker.Browser DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 189.127.48.4 189.127.48.8] =>Hijacker.Browser DELETED key*: HKCU\Software\undefined [AdditionalScan 148] =>.SUP.Downloader DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player NPAPI Notifier [] =>Riskware.FlashPlayer DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater [] =>Riskware.FlashPlayer DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX [Adobe Systems Incorporated] =>Riskware.FlashPlayer DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI [Adobe] =>Riskware.FlashPlayer DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google LLC] =>Heuristic.Suspect ---\\ Summary of the elements found (7) https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser https://nicolascoolman.eu/2017/12/22/sup-downloader/ =>.SUP.Downloader https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/ =>Riskware.FlashPlayer https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Other deletions. (0) ~ Registry Keys Tracing deleted (0) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 1711 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 9/17 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of clean in 00h00mn42s ---\\ Reports (2) ZHPCleaner-[S]-07042021-06_55_29.txt ZHPCleaner-[R]-07042021-06_56_45.txt # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-03-22.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-07-2021 # Duration: 00:00:01 # OS: Windows 7 Professional # Cleaned: 13 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\dymytry\AppData\Roaming\Smart Clock ***** [ Files ] ***** Deleted C:\Users\dymytry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Deleted HKLM\Software\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Deleted HKLM\Software\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Deleted HKLM\Software\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672} Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\CryptoTab Browser Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted br.banggood.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2644 octets] - [07/04/2021 06:33:21] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Bom dia, segue logs em anexo. AdwCleaner[C00].txt ZHPCleaner.txt

Boa tarde, estou tendo um vírus no meu computador, onde eu copio um id de hash de uma carteira de criptomoedas, e quando clico em colar, aparece outra hash. Funciona em todos os links que eu copio, quando colo, é sempre a mesma hash que me é clonada. Vou enviar aqui a hash. 0x9876A5bc27ff511bF5dA8f58c8F93281E5BD1f21 Esse é o código falso. Este aí é o vírus. Mas não sei como eu peguei e nem como tirar ele. Gostaria de ajuda. Muito obrigado a todos. Estou com um problema também onde o teclado do meu notebook está digitando o número 5 direto. A solução que tive foi desinstalar o teclado embutido e usar somente externo. ZA-Scan.txt