Phil01

Program : RogueKiller Anti-Malware Version : 15.1.1.0 x64 : Yes Program Date : Oct 7 2021 Location : C:\Program Files\RogueKiller\RogueKiller64.exe Premium : No Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.22000) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : filip User is Admin : Yes Date : 2021/11/28 09:28:49 Type : Scan Aborted : No Scan Mode : Standard Duration : 136 Found items : 0 Total scanned : 62790 Signatures Version : 20211018_080802 Truesight Driver : Yes Updates Count : 0 ************************* Warnings ************************* ************************* Updates ************************* ************************* Processes ************************* ************************* Modules ************************* ************************* Services ************************* ************************* Scheduled Tasks ************************* ************************* Registry ************************* ************************* WMI ************************* ************************* Hosts File ************************* is_too_big : No hosts_file_path : C:\Windows\System32\drivers\etc\hosts ************************* Filesystem ************************* ************************* Web Browsers ************************* ************************* Antirootkit ************************* o botao que eu tinha na bandeija do windows para ligar o bluetooth desapareceu. Agora não estou conseguindo ligar o bluetooh...

Me desuclpe a demora da resposta. Estou evitando usar o laptop. Eu acredito que alguém tenha feito um ataque na mesma rede que uso. Agora acredito que alguém esteja com acesso remoto no meu notebook. O que acaba dificultando a identificao por virus. não sei se tem como identificar isso. Alguns arquivos foram deletados. As x o computador fica lento. As x tento identificar os processos em execucao em background e fica abrindo e fechando processo. não sei se existe alguma forma de fechar portas....

Eu acredito que alguém esteja acessando meu PC de forma remota. Mas eu não consigo identificar. você teria como me ajudar com isso?

Ola Elias, Boa tarde, tudo bem? Acabei de fazer o que você solicitou e aparentemente esta tudo normal. Por favor porque você solicitou para eu fazer isso? O que você notou de estranho? você acredita que alguém esteja com acesso remoto no meu PC? Muito obrigado pela ajuda

Ola Elias, Como vai? segue conforme orientado Program : RogueKiller Anti-Malware Version : 15.1.1.0 x64 : Yes Program Date : Oct 7 2021 Location : C:\Program Files\RogueKiller\RogueKiller64.exe Premium : Yes Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.22000) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : filip User is Admin : Yes Date : 2021/11/01 09:08:58 Type : Removal Aborted : No Scan Mode : Standard Duration : 231 Found items : 12 Total scanned : 61812 Signatures Version : 20211018_080802 Truesight Driver : Yes Updates Count : 0 Arguments : -minimize ************************* Warnings ************************* ************************* Removal ************************* [PUP.Iolo (Potentially Malicious)] \Live Boost Process Governor -- C:\Program Files (x86)\Phoenix360\System Mechanic\x64\LBgovernor.exe -> Deleted [+] scan_what : 0 [+] vendors : PUP.Iolo [+] Name : \Live Boost Process Governor [+] value : C:\Program Files (x86)\Phoenix360\System Mechanic\x64\LBgovernor.exe [+] Type : Task [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 0 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.Iolo (Potentially Malicious)] HKEY_USERS\S-1-5-21-3401686264-2777813322-2188102425-1001\Software\Phoenix360 -- -> Deleted [+] scan_what : 2 [+] vendors : PUP.Iolo [+] Name : HKEY_USERS\S-1-5-21-3401686264-2777813322-2188102425-1001\Software\Phoenix360 [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 1 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.Popcorn (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CB300F2C-68CB-4515-980E-E80D2381CAC1}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe -- [%localappdata%\popcorn-time\popcorn-time.exe] -> Deleted [+] scan_what : 1 [+] vendors : PUP.Popcorn [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CB300F2C-68CB-4515-980E-E80D2381CAC1}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe [+] value : [%localappdata%\popcorn-time\popcorn-time.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 2 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.Popcorn (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1CBBC10C-FAEA-43E3-BA46-E0D167BDCD44}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe -- [%localappdata%\popcorn-time\popcorn-time.exe] -> Deleted [+] scan_what : 1 [+] vendors : PUP.Popcorn [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1CBBC10C-FAEA-43E3-BA46-E0D167BDCD44}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe [+] value : [%localappdata%\popcorn-time\popcorn-time.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 3 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{7A03EEC8-9D55-4628-BCFD-6F93D21B2427}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe -- [%localappdata%\programs\lnv\stremio-4\stremio-runtime.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{7A03EEC8-9D55-4628-BCFD-6F93D21B2427}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe [+] value : [%localappdata%\programs\lnv\stremio-4\stremio-runtime.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 4 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{E6DF71C1-8FB2-417D-B8BE-01D44CC0F7A4}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe -- [%localappdata%\programs\lnv\stremio-4\stremio-runtime.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{E6DF71C1-8FB2-417D-B8BE-01D44CC0F7A4}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe [+] value : [%localappdata%\programs\lnv\stremio-4\stremio-runtime.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 5 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{98418954-EF5D-4955-8CED-FDD061B25E8F}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- [%localappdata%\programs\lnv\stremio-4\node.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{98418954-EF5D-4955-8CED-FDD061B25E8F}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe [+] value : [%localappdata%\programs\lnv\stremio-4\node.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 6 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{FDE94DA4-94EE-4EDF-B566-6E85FF34FA6C}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- [%localappdata%\programs\lnv\stremio-4\node.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{FDE94DA4-94EE-4EDF-B566-6E85FF34FA6C}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe [+] value : [%localappdata%\programs\lnv\stremio-4\node.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 7 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{EBAFDFE0-1388-45D8-B7A4-E77DC9FBF480}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- [%localappdata%\programs\lnv\stremio-4\node.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{EBAFDFE0-1388-45D8-B7A4-E77DC9FBF480}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe [+] value : [%localappdata%\programs\lnv\stremio-4\node.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 8 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{C3DB5F7B-C818-4690-865D-C88F37782AE0}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- [%localappdata%\programs\lnv\stremio-4\node.exe] -> Deleted [+] scan_what : 1 [+] vendors : Suspicious.Path [+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{C3DB5F7B-C818-4690-865D-C88F37782AE0}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe [+] value : [%localappdata%\programs\lnv\stremio-4\node.exe] [+] Type : Registry [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 9 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [PUP.Iolo (Potentially Malicious)] Phoenix360 -- %_filip_appdata%\Phoenix360 -> Deleted [+] scan_what : 1 [+] vendors : PUP.Iolo [+] Name : Phoenix360 [+] value : %_filip_appdata%\Phoenix360 [+] Type : File/Folder [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 10 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 [PUP.Iolo (Potentially Malicious)] Phoenix360 -- %programfiles(x86)%\Phoenix360 -> Deleted [+] scan_what : 1 [+] vendors : PUP.Iolo [+] Name : Phoenix360 [+] value : %programfiles(x86)%\Phoenix360 [+] Type : File/Folder [+] file_vtscore : -1 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 11 [+] status : 3 [+] status_str : Deleted [+] removed : Yes [+] status_choice : 2 [+] malpe_score : -1 abs

Boa noite Elias, Muito obrigado Segue conforme solicitado: Program : RogueKiller Anti-Malware Version : 15.1.1.0 x64 : Yes Program Date : Oct 7 2021 Location : C:\Program Files\RogueKiller\RogueKiller64.exe Premium : Yes Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19043) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : filip User is Admin : Yes Date : 2021/10/19 10:03:35 Type : Scan Aborted : No Scan Mode : Standard Duration : 258 Found items : 17 Total scanned : 65143 Signatures Version : 20211018_080802 Truesight Driver : Yes Updates Count : 0 Arguments : -minimize ************************* Warnings ************************* ************************* Updates ************************* ************************* Processes ************************* ************************* Modules ************************* ************************* Services ************************* ************************* Scheduled Tasks ************************* [PUP.Iolo (Potentially Malicious)] \Live Boost Process Governor -- C:\Program Files (x86)\Phoenix360\System Mechanic\x64\LBgovernor.exe -> Found ************************* Registry ************************* >>>>>> XX - Software └── [PUP.Iolo (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-3401686264-2777813322-2188102425-1001\Software\Phoenix360 -- N/A -> Found >>>>>> O87 - Firewall ├── [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1CBBC10C-FAEA-43E3-BA46-E0D167BDCD44}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe|Name=popcorn-time.exe|Desc=popcorn-time.exe|Defer=User| (missing) -> Found ├── [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CB300F2C-68CB-4515-980E-E80D2381CAC1}C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\filip\appdata\local\popcorn-time\popcorn-time.exe|Name=popcorn-time.exe|Desc=popcorn-time.exe|Defer=User| (missing) -> Found ├── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{EBAFDFE0-1388-45D8-B7A4-E77DC9FBF480}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe|Name=node.exe|Desc=node.exe|Defer=User| (missing) -> Found ├── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{C3DB5F7B-C818-4690-865D-C88F37782AE0}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe|Name=node.exe|Desc=node.exe|Defer=User| (missing) -> Found ├── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{FDE94DA4-94EE-4EDF-B566-6E85FF34FA6C}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe|Name=node.exe|Desc=node.exe|Defer=User| (missing) -> Found ├── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{98418954-EF5D-4955-8CED-FDD061B25E8F}C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\node.exe|Name=node.exe|Desc=node.exe|Defer=User| (missing) -> Found ├── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{7A03EEC8-9D55-4628-BCFD-6F93D21B2427}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe|Name=stremio-runtime.exe|Desc=stremio-runtime.exe|Defer=User| (missing) -> Found └── [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{E6DF71C1-8FB2-417D-B8BE-01D44CC0F7A4}C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\filip\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe|Name=stremio-runtime.exe|Desc=stremio-runtime.exe|Defer=User| (missing) -> Found ************************* WMI ************************* ************************* Hosts File ************************* is_too_big : No hosts_file_path : C:\Windows\System32\drivers\etc\hosts ************************* Filesystem ************************* [MalPE.99 (Potentially Malicious)] (file) ZA-Scan.exe -- C:\Users\filip\Desktop\ZA-Scan.exe -> Found [MalPE.99 (Potentially Malicious)] (file) zoek.exe -- C:\Users\filip\Desktop\zoek.exe -> Found [PUP.Iolo (Potentially Malicious)] (folder) Phoenix360 -- C:\Users\filip\AppData\Roaming\Phoenix360 -> Found [MalPE.97 (Potentially Malicious)] (file) zoek-delete.exe -- C:\Users\filip\AppData\Local\Temp\zoek-delete.exe -> Found [PUP.Iolo (Potentially Malicious)] (folder) Phoenix360 -- C:\Program Files (x86)\Phoenix360 -> Found [MalPE.99 (Potentially Malicious)] (file) ZA-Scan.exe -- C:\Users\filip\Desktop\ZA-Scan.exe -> Found [MalPE.99 (Potentially Malicious)] (file) zoek.exe -- C:\Users\filip\Desktop\zoek.exe -> Found ************************* Web Browsers ************************* ************************* Antirootkit *************************

Ola Elias, Boa noite, como vai? Seguem os logs: # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-10-08.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 10-17-2021 # Duration: 00:00:03 # OS: Windows 10 Home # Cleaned: 7 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion Deleted HKLM\System\Setup\FirstBoot\Services\WCAssistantService Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2141 octets] - [17/10/2021 21:23:37] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ~ ZHPCleaner v2021.10.10.332 by Nicolas Coolman (2021/10/10) ~ Run by filip (Administrator) (17/10/2021 21:29:47) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\filip\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\filip\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 19043) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) FOUND data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;] =>Hijacker.Proxy ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (10) FOUND file: C:\Users\filip\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\filip\AppData\Local\Comodo\Dragon\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\filip\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Windows\Prefetch\POPCORN-TIME.EXE-D8BEFBD6.pf =>.SUP.PopcornTime FOUND file: C:\ProgramData\KMSAutoS\bin\KMSSS.exe [MDL Forum, mod by Ratiborus - KMS Server Emulator Service (XP)] =>HackTool.AutoKMS FOUND file: C:\ProgramData\KMSAutoS\kmsauto.ini =>HackTool.WinActivator FOUND folder: C:\ProgramData\KMSAutoS\bin =>HackTool.WinActivator FOUND folder: C:\ProgramData\KMSAutoS =>HackTool.WinActivator FOUND file: C:\Users\filip\AppData\Local\MSfree Inc\kmsauto.ini =>HackTool.WinActivator FOUND folder: C:\Users\filip\AppData\Local\MSfree Inc =>HackTool.WinActivator ---\\ Registry ( Key, Value, Data) (2) FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00AF148102104E15CBB50E86D078D96A [C:\Program Files\Autodesk\3ds Max 2021\ApplicationPlugins\MAXtoA\materialx\stdlib\genosl\mx_magnitude.inline] =>PUP.Optional.LinkiDoo FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [ASUSTeK Computer Inc.] =>Heuristic.Suspect ---\\ Summary of the elements found (7) https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference https://nicolascoolman.eu/2017/02/26/superfluous-popcorntime/ =>.SUP.PopcornTime https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator https://nicolascoolman.eu/forum/Topic/linkidoo-logiciel-potentiellement-indesirable-pup-lpi/ =>PUP.Optional.LinkiDoo https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Result of repair ~ Any repair made ~ Comodo Dragon OK ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ---\\ Statistics ~ Items scanned : 115238 ~ Items found : 18 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 9/17 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of search in 00h11mn00s ---\\ Reports (0) ZHPCleaner-[S]-17102021-21_40_47.txt muito obrigado pela ajuda

Prezados, Boa noite, tudo bem? Meu PC foi atacado, acredito que alguém esteja acessando meu note por acesso remoto. Instalei o Kaspersky e nada foi identificado. Dias atras meu notebook travou e todas as minhas contas de rede social foram deslogadas, as x aparece uma informacao de alerta do chrome avisando que minha webcam esta sendo utilizada. Agradeco muito seu tempo!!! Atenciosamente Phil01 zoek-results.txt