celosvas

@Elias Pereira Muitíssimo obrigado pela ajuda. Eu uso o Windows 7 por conta dos jogos, mas já vou voltar pro 10, justamente por segurança. 

Valeu mesmo, cara! 

@Elias Pereira Tudo certinho, nenhum problema.

@Elias Pereira

 

Eu tinha removido o WarSaw ontem, vou colar o report de ontem também, ok?

 

 

RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : ari [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210426_080854, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/04/29 00:25:46 (Duration : 00:11:01)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] \Rerun Warsaw's CoreFixer -- C:\Windows\TEMP\is-6BH2A.tmp\corefixer.exe (/norerun) -> Deleted
 

 

 

 

RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : ari [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210426_080854, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/04/29 11:20:11 (Duration : 00:10:34)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|USB Gamepad -- [%SystemRoot%\USB] -> Deleted
 

@Elias Pereira

 

RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : ari [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210426_080854, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/04/29 00:10:09 (Duration : 00:11:01)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] \Rerun Warsaw's CoreFixer -- C:\Windows\TEMP\is-6BH2A.tmp\corefixer.exe [/norerun] -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O4 - Run
  [Suspicious.Path (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|USB Gamepad -- C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot (missing) -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

Oi Elias boa noite. Muito obrigado pela resposta e me desculpe pela demora pra responder, fiz uma viagem curta no domingo, mas já estou de volta e comecei o processo de remoção que você citou. 

Vou colar abaixo o LOG do AdwCleaner:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-27-2021
# Duration: 00:00:01
# OS:       Windows 7 Ultimate
# Cleaned:  0
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock

*************************

AdwCleaner[C01].txt - [1732 octets] - [25/04/2021 12:36:31]
AdwCleaner[S00].txt - [1470 octets] - [27/04/2021 19:09:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

LOG do ZHPCleaner:

 

~ ZHPCleaner v2021.4.24.292 by Nicolas Coolman (2021/04/24)
~ Run by ari (Administrator)  (27/04/2021 20:57:02)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : 
~ Type : Repair
~ Report : C:\Users\ari\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\ari\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (0)
~ No malicious or unnecessary items found.

---\\  Hosts file (1)
~ The hosts file is legitimate (40)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (4)
MOVED file: C:\Users\ari\AppData\Local\Google\Chrome\User Data\Default\Preferences    =>Préférences Chromium
MOVED folder: C:\Users\ari\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\ari\AppData\Local\Google\Chrome\User Data\Default\File System\001  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\ari\AppData\Local\Google\Chrome\User Data\Default\File System\002  =>.SUP.Temporary.Chrome

---\\  Registry ( Key, Value, Data) (6)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{979A70FF-2430-4CDA-84C0-3773E07FDAA0}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3]  =>Hijacker.Browser
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3]  =>Hijacker.Browser
DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\program files (x86)\cyber hunter\bin\client.exe [client.exe]  =>.SUP.Orphan.MUICache
DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\program files (x86)\cyber hunter\bin\ccmini\ccmini.exe [CC直播内置语音]  =>.SUP.Orphan.MUICache
DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\program files (x86)\steam\steam.exe [Steam]  =>.SUP.Orphan.MUICache
DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe [Smite]  =>.SUP.Orphan.MUICache

---\\  Summary of the elements found (4)
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>Préférences Chromium
https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/  =>.SUP.Temporary.Chrome
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/forum/Topic/orphan-muicache-logiciel-potentiellement-superflu-lps/  =>.SUP.Orphan.MUICache

---\\  Other deletions. (2)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (2)

---\\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Internet Explorer OK

---\\ Statistics
~ Items scanned : 1028
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 16/17

---\\ OPTIONS NOT ACTIVES
~ Start browsers with extensions removed

~ End of clean in 00h00mn11s

---\\  Reports (4)
ZHPCleaner-[R]-25042021-13_58_45.txt
ZHPCleaner-[S]-25042021-13_58_12.txt
ZHPCleaner-[S]-27042021-20_56_19.txt
ZHPCleaner-[R]-27042021-20_57_13.txt
 

@GabrielLV Abri um tópico lá. Muito obrigado!

Fui infectado por esses vírus: Virus Seabrook.exe e haleng.exe e agora após remove-lo notei que minha conta no instagram está publicando posts automaticamente. Troquei todas as minhas senhas e reativei o login em 2 fatores, mas ainda não me sinto seguro. Podem me ajudar na remoção?

 

zoek-results.log

 

 

 

Já sim. As pastas e arquivos ocultos estão à mostra, mas os arquivos não são localizados. 
Mesmo assim, toda vez que ligo o PC, as entradas de inicialização no sistema voltam estar habilitadas. Eu exclui as chaves no Editor de Registro, mas tenho medo desses arquivos ainda estarem no computador.

Pessoal, estou com esses dois programas desconhecidos sendo iniciados com o windows. Não conheço os programas e não os instalei e eles tão não aparecem no Desinstalar Programas nem são detectados pelos antivirus. Eu tentei o MalwareBytes e apesar dele ter achado vários arquivos de vírus e removido todos esses programas não saem do iniciar.

Podem me ajudar a remove-los? Uso windows 7.
Estou anexando um relatório do MalwareBytes, parece que alguns arquivos não puderam ser removidos e pelo que entendi o Google Chrome também estava infectado, pois tive que reinstala-lo.

 

Abaixo uma foto do MSCONFIG

 

Agradeço desde já.

relatório malwarebytes.txt