Phil01
Membro Júnior-
Posts
8 -
Cadastrado em
-
Última visita
Reputação
0-
Program : RogueKiller Anti-Malware Version : 15.1.1.0 x64 : Yes Program Date : Oct 7 2021 Location : C:\Program Files\RogueKiller\RogueKiller64.exe Premium : No Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.22000) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : filip User is Admin : Yes Date : 2021/11/28 09:28:49 Type : Scan Aborted : No Scan Mode : Standard Duration : 136 Found items : 0 Total scanned : 62790 Signatures Version : 20211018_080802 Truesight Driver : Yes Updates Count : 0 ************************* Warnings ************************* ************************* Updates ************************* ************************* Processes ************************* ************************* Modules ************************* ************************* Services ************************* ************************* Scheduled Tasks ************************* ************************* Registry ************************* ************************* WMI ************************* ************************* Hosts File ************************* is_too_big : No hosts_file_path : C:\Windows\System32\drivers\etc\hosts ************************* Filesystem ************************* ************************* Web Browsers ************************* ************************* Antirootkit ************************* o botao que eu tinha na bandeija do windows para ligar o bluetooth desapareceu. Agora não estou conseguindo ligar o bluetooh...
-
Me desuclpe a demora da resposta. Estou evitando usar o laptop. Eu acredito que alguém tenha feito um ataque na mesma rede que uso. Agora acredito que alguém esteja com acesso remoto no meu notebook. O que acaba dificultando a identificao por virus. não sei se tem como identificar isso. Alguns arquivos foram deletados. As x o computador fica lento. As x tento identificar os processos em execucao em background e fica abrindo e fechando processo. não sei se existe alguma forma de fechar portas....
-
Eu acredito que alguém esteja acessando meu PC de forma remota. Mas eu não consigo identificar. você teria como me ajudar com isso?
-
Ola Elias, Boa tarde, tudo bem? Acabei de fazer o que você solicitou e aparentemente esta tudo normal. Por favor porque você solicitou para eu fazer isso? O que você notou de estranho? você acredita que alguém esteja com acesso remoto no meu PC? Muito obrigado pela ajuda
-
Ola Elias, Como vai? segue conforme orientado Program : RogueKiller Anti-Malware Version : 15.1.1.0 x64 : Yes Program Date : Oct 7 2021 Location : C:\Program Files\RogueKiller\RogueKiller64.exe Premium : Yes Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.22000) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : filip User is Admin : Yes Date : 2021/11/01 09:08:58 Type : Removal Aborted : No Scan Mode : Standard Duration : 231 Found items : 12 Total scanned : 61812 Signatures Version : 20211018_080802 Truesight Driver : Yes Updates Count : 0 Arguments : -minimize ************************* Warnings ************************* ************************* Removal ************************* [PUP.Iolo (Potentially Malicious)] \Live Boost Process Governor -- C:\Program Files (x86)\Phoenix360\System Mechanic\x64\LBgovernor.exe -> Deleted [+] scan_what : 0 [+] vendors : PUP.Iolo [+] Name : \Live Boost Process Governor [+] value : C:\Program Files (x86)\Phoenix360\System Mechanic\x64\LBgovernor.exe [+] Type : Task [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 0 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.Iolo (Potentially Malicious)] HKEY_USERS\S-1-5-21-3401686264-2777813322-2188102425-1001\Software\Phoenix360 -- -> Deleted [+] scan_what : 2 [+] vendors : PUP.Iolo [+] Name : HKEY_USERS\S-1-5-21-3401686264-2777813322-2188102425-1001\Software\Phoenix360 [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 1 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.Popcorn (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CB300F2C-68CB-4515-980E-E80D2381CAC1}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe -- [%localappdata%\popcorn-time\popcorn-time.exe] -> Deleted [+] scan_what : 1 [+] vendors : PUP.Popcorn [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CB300F2C-68CB-4515-980E-E80D2381CAC1}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe [+] value : [%localappdata%\popcorn-time\popcorn-time.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 2 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.Popcorn (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1CBBC10C-FAEA-43E3-BA46-E0D167BDCD44}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe -- [%localappdata%\popcorn-time\popcorn-time.exe] -> Deleted [+] scan_what : 1 [+] vendors : PUP.Popcorn [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1CBBC10C-FAEA-43E3-BA46-E0D167BDCD44}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe [+] value : [%localappdata%\popcorn-time\popcorn-time.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 3 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{7A03EEC8-9D55-4628-BCFD-6F93D21B2427}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe -- [%localappdata%\programs\lnv\stremio-4\stremio-runtime.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{7A03EEC8-9D55-4628-BCFD-6F93D21B2427}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe [+] value : [%localappdata%\programs\lnv\stremio-4\stremio-runtime.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 4 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{E6DF71C1-8FB2-417D-B8BE-01D44CC0F7A4}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe -- [%localappdata%\programs\lnv\stremio-4\stremio-runtime.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{E6DF71C1-8FB2-417D-B8BE-01D44CC0F7A4}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe [+] value : [%localappdata%\programs\lnv\stremio-4\stremio-runtime.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 5 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{98418954-EF5D-4955-8CED-FDD061B25E8F}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- [%localappdata%\programs\lnv\stremio-4\node.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{98418954-EF5D-4955-8CED-FDD061B25E8F}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe [+] value : [%localappdata%\programs\lnv\stremio-4\node.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 6 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{FDE94DA4-94EE-4EDF-B566-6E85FF34FA6C}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- [%localappdata%\programs\lnv\stremio-4\node.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{FDE94DA4-94EE-4EDF-B566-6E85FF34FA6C}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe [+] value : [%localappdata%\programs\lnv\stremio-4\node.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 7 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{EBAFDFE0-1388-45D8-B7A4-E77DC9FBF480}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- [%localappdata%\programs\lnv\stremio-4\node.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{EBAFDFE0-1388-45D8-B7A4-E77DC9FBF480}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe [+] value : [%localappdata%\programs\lnv\stremio-4\node.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 8 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{C3DB5F7B-C818-4690-865D-C88F37782AE0}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- [%localappdata%\programs\lnv\stremio-4\node.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{C3DB5F7B-C818-4690-865D-C88F37782AE0}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe [+] value : [%localappdata%\programs\lnv\stremio-4\node.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 9 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [PUP.Iolo (Potentially Malicious)] Phoenix360 -- %_filip_appdata%\Phoenix360 -> Deleted [+] scan_what : 1 [+] vendors : PUP.Iolo [+] Name : Phoenix360 [+] value : %_filip_appdata%\Phoenix360 [+] Type : File/Folder [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 10 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.Iolo (Potentially Malicious)] Phoenix360 -- %programfiles(x86)%\Phoenix360 -> Deleted [+] scan_what : 1 [+] vendors : PUP.Iolo [+] Name : Phoenix360 [+] value : %programfiles(x86)%\Phoenix360 [+] Type : File/Folder [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 11 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 abs
-
Boa noite Elias, Muito obrigado Segue conforme solicitado: Program : RogueKiller Anti-Malware Version : 15.1.1.0 x64 : Yes Program Date : Oct 7 2021 Location : C:\Program Files\RogueKiller\RogueKiller64.exe Premium : Yes Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19043) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : filip User is Admin : Yes Date : 2021/10/19 10:03:35 Type : Scan Aborted : No Scan Mode : Standard Duration : 258 Found items : 17 Total scanned : 65143 Signatures Version : 20211018_080802 Truesight Driver : Yes Updates Count : 0 Arguments : -minimize ************************* Warnings ************************* ************************* Updates ************************* ************************* Processes ************************* ************************* Modules ************************* ************************* Services ************************* ************************* Scheduled Tasks ************************* [PUP.Iolo (Potentially Malicious)] \Live Boost Process Governor -- C:\Program Files (x86)\Phoenix360\System Mechanic\x64\LBgovernor.exe -> Found ************************* Registry ************************* >>>>>> XX - Software └── [PUP.Iolo (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-3401686264-2777813322-2188102425-1001\Software\Phoenix360 -- N/A -> Found >>>>>> O87 - Firewall ├── [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1CBBC10C-FAEA-43E3-BA46-E0D167BDCD44}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe|Name=popcorn-time.exe|Desc=popcorn-time.exe|Defer=User| (missing) -> Found ├── [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CB300F2C-68CB-4515-980E-E80D2381CAC1}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe|Name=popcorn-time.exe|Desc=popcorn-time.exe|Defer=User| (missing) -> Found ├── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{EBAFDFE0-1388-45D8-B7A4-E77DC9FBF480}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe|Name=node.exe|Desc=node.exe|Defer=User| (missing) -> Found ├── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{C3DB5F7B-C818-4690-865D-C88F37782AE0}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe|Name=node.exe|Desc=node.exe|Defer=User| (missing) -> Found ├── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{FDE94DA4-94EE-4EDF-B566-6E85FF34FA6C}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe|Name=node.exe|Desc=node.exe|Defer=User| (missing) -> Found ├── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{98418954-EF5D-4955-8CED-FDD061B25E8F}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe|Name=node.exe|Desc=node.exe|Defer=User| (missing) -> Found ├── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{7A03EEC8-9D55-4628-BCFD-6F93D21B2427}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe|Name=stremio-runtime.exe|Desc=stremio-runtime.exe|Defer=User| (missing) -> Found └── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{E6DF71C1-8FB2-417D-B8BE-01D44CC0F7A4}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe|Name=stremio-runtime.exe|Desc=stremio-runtime.exe|Defer=User| (missing) -> Found ************************* WMI ************************* ************************* Hosts File ************************* is_too_big : No hosts_file_path : C:\Windows\System32\drivers\etc\hosts ************************* Filesystem ************************* [MalPE.99 (Potentially Malicious)] (file) ZA-Scan.exe -- C:\Users\filip\Desktop\ZA-Scan.exe -> Found [MalPE.99 (Potentially Malicious)] (file) zoek.exe -- C:\Users\filip\Desktop\zoek.exe -> Found [PUP.Iolo (Potentially Malicious)] (folder) Phoenix360 -- C:\Users\filip\AppData\Roaming\Phoenix360 -> Found [MalPE.97 (Potentially Malicious)] (file) zoek-delete.exe -- C:\Users\filip\AppData\Local\Temp\zoek-delete.exe -> Found [PUP.Iolo (Potentially Malicious)] (folder) Phoenix360 -- C:\Program Files (x86)\Phoenix360 -> Found [MalPE.99 (Potentially Malicious)] (file) ZA-Scan.exe -- C:\Users\filip\Desktop\ZA-Scan.exe -> Found [MalPE.99 (Potentially Malicious)] (file) zoek.exe -- C:\Users\filip\Desktop\zoek.exe -> Found ************************* Web Browsers ************************* ************************* Antirootkit *************************
-
Ola Elias, Boa noite, como vai? Seguem os logs: # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-10-08.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 10-17-2021 # Duration: 00:00:03 # OS: Windows 10 Home # Cleaned: 7 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion Deleted HKLM\System\Setup\FirstBoot\Services\WCAssistantService Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2141 octets] - [17/10/2021 21:23:37] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ~ ZHPCleaner v2021.10.10.332 by Nicolas Coolman (2021/10/10) ~ Run by filip (Administrator) (17/10/2021 21:29:47) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\filip\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\filip\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 19043) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) FOUND data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;] =>Hijacker.Proxy ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (10) FOUND file: C:\Users\filip\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\filip\AppData\Local\Comodo\Dragon\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\filip\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Windows\Prefetch\POPCORN-TIME.EXE-D8BEFBD6.pf =>.SUP.PopcornTime FOUND file: C:\ProgramData\KMSAutoS\bin\KMSSS.exe [MDL Forum, mod by Ratiborus - KMS Server Emulator Service (XP)] =>HackTool.AutoKMS FOUND file: C:\ProgramData\KMSAutoS\kmsauto.ini =>HackTool.WinActivator FOUND folder: C:\ProgramData\KMSAutoS\bin =>HackTool.WinActivator FOUND folder: C:\ProgramData\KMSAutoS =>HackTool.WinActivator FOUND file: C:\Users\filip\AppData\Local\MSfree Inc\kmsauto.ini =>HackTool.WinActivator FOUND folder: C:\Users\filip\AppData\Local\MSfree Inc =>HackTool.WinActivator ---\\ Registry ( Key, Value, Data) (2) FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00AF148102104E15CBB50E86D078D96A [C:\Program Files\Autodesk\3ds Max 2021\ApplicationPlugins\MAXtoA\materialx\stdlib\genosl\mx_magnitude.inline] =>PUP.Optional.LinkiDoo FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [ASUSTeK Computer Inc.] =>Heuristic.Suspect ---\\ Summary of the elements found (7) https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference https://nicolascoolman.eu/2017/02/26/superfluous-popcorntime/ =>.SUP.PopcornTime https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator https://nicolascoolman.eu/forum/Topic/linkidoo-logiciel-potentiellement-indesirable-pup-lpi/ =>PUP.Optional.LinkiDoo https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Result of repair ~ Any repair made ~ Comodo Dragon OK ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ---\\ Statistics ~ Items scanned : 115238 ~ Items found : 18 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 9/17 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of search in 00h11mn00s ---\\ Reports (0) ZHPCleaner-[S]-17102021-21_40_47.txt muito obrigado pela ajuda
-
Prezados, Boa noite, tudo bem? Meu PC foi atacado, acredito que alguém esteja acessando meu note por acesso remoto. Instalei o Kaspersky e nada foi identificado. Dias atras meu notebook travou e todas as minhas contas de rede social foram deslogadas, as x aparece uma informacao de alerta do chrome avisando que minha webcam esta sendo utilizada. Agradeco muito seu tempo!!! Atenciosamente Phil01 zoek-results.txt
Sobre o Clube do Hardware
No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais
Direitos autorais
Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais