Ir ao conteúdo
  • Cadastre-se

Guteramxpx

Membro Pleno
  • Total de itens

    48
  • Cadastrado em

  • Última visita

  • Qualificações

    0%

Reputação

0

Informações gerais

  • Cidade e Estado
    Lavras,MG
  1. @Elias Pereira Muito obrigado por mais essa ajuda.
  2. @Elias Pereira Não ocorreu nenhum tipo de problema. As análises que fizemos antes apontaram alguma coisa preocupante?
  3. Segue o resultado: RogueKiller Anti-Malware V15.0.8.0 (x64) [Jul 13 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19041) 64-bit Started in : Normal mode User : Shelby [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20210717_162602, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2021/07/19 14:36:49 (Duration : 00:43:08) Switches : -minimize ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  4. Elias, muito obrigado. O adw não encontrou nada (creio eu) e não tinha a opção de Limpar. Achei esse log colado abaixo dentro do programa. Esses pre-installed necessitam alguma ação? Na sequencia tem o do ZHP # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-06-29.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 07-17-2021 # Duration: 00:01:26 # OS: Windows 10 Home Single Language # Scanned: 31978 # Detected: 30 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243} Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} Preinstalled.DellCustomerConnect Folder C:\Program Files (x86)\DELL CUSTOMER CONNECT Preinstalled.DellCustomerConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF} Preinstalled.DellQuickset Folder C:\Program Files\DELL\QUICKSET Preinstalled.DellQuickset Folder C:\ProgramData\DELL\QUICKSET Preinstalled.DellQuickset Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QuickSet Preinstalled.DellQuickset Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|QuickSet Preinstalled.DellQuickset Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{87CF757E-C1F1-4D22-865C-00C6950B5258} Preinstalled.DellSupportCenter Folder C:\Program Files\DELL SUPPORT CENTER Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL UPDATE Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATE Preinstalled.DellUpdateforWindows10 Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD} Preinstalled.LenovoPower2Go Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EA7D413-72FD-40C4-BCCB-F2C44D979F23} Preinstalled.LenovoPower2Go Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CLVDLauncher Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} Preinstalled.LenovoPower2Go Task C:\Windows\System32\Tasks\CLVDLAUNCHER Preinstalled.LenovoPowerDVD Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|RemoteControl10 Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|RemoteControl10 Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B} Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B} Preinstalled.LenovoThinkVantageToolbox Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2083582D-6F00-479B-BFED-90E38E3BC271} Preinstalled.LenovoThinkVantageToolbox Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2083582D-6F00-479B-BFED-90E38E3BC271} Preinstalled.LenovoThinkVantageToolbox Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask Preinstalled.LenovoThinkVantageToolbox Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC-Doctor for Windows Preinstalled.MyDell Folder C:\Program Files\MY DELL Preinstalled.MyDell Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dell Support Center AdwCleaner[S00].txt - [6523 octets] - [19/04/2020 19:36:56] AdwCleaner[C00].txt - [2744 octets] - [19/04/2020 19:38:55] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ########## ~ ZHPCleaner v2021.7.15.311 by Nicolas Coolman (2021/07/15) ~ Run by Shelby (Administrator) (17/07/2021 12:52:11) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version KO ~ Type : Repair ~ Report : C:\Users\Shelby\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\Shelby\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : OK ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home Single Language, 64-bit (Build 19041) ---\\ Alternate Data Stream (ADS). (0) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (25) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (3) MOVED file: C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences =>Préférences Chromium MOVED file: C:\Users\Shelby\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium MOVED folder: C:\Program Files (x86)\Skillbrains =>SUP.Optional.Skillbrains ---\\ Registry ( Key, Value, Data) (2) DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater [] =>Riskware.FlashPlayer DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI [Adobe Systems Incorporated] =>Riskware.FlashPlayer ---\\ Summary of the elements found (3) https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium https://nicolascoolman.eu/2019/01/sup-skillbrains =>SUP.Optional.Skillbrains https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/ =>Riskware.FlashPlayer ---\\ Other deletions. (17) ~ Registry Keys Tracing deleted (14) ~ Remove the old reports ZHPCleaner. (3) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 2115 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 9/17 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of clean in 00h00mn25s ---\\ Reports (2) ZHPCleaner-[S]-17072021-12_42_58.txt ZHPCleaner-[R]-17072021-12_52_36.txt
  5. Prezados, há umas duas semanas troquei meu provedor de internet para um provedor fibra. Ontem a noite ao fazer uma pesquisa no google, começou a pedir um captcha, dizendo que "Nossos sistemas detectaram tráfego incomum na sua rede...". Isso acontecia com todos os dispositivos da casa. Celulares e notebook. Entrei em contato com a empresa e ao que parece tudo normal com o roteador. Assim, mais uma vez resolvi contar com a boa vontade de vocês, para analisar um log do meu note. Entretanto, quando vou baixar o arquivo zoek.zip, tanto o Firefox quanto o Chrome baixam mas dizem ser um arquivo com vírus. O Edge baixa normal, mas fiquei com receio de abrir. Posso abrir? Ou existe outra coisa a se fazer? Obrigado Augusto
  6. @Elias Pereira Aparentemente, tudo certo. Agradeço a sua ajuda.
  7. @Elias Pereira depois de Remover, esse é o log do Roguekiller. Já fiz também o passo anterior que era criar o ponto de restauração e desabilitar os serviços que não eram Microsoft. Aparentemente o Note está um tanto quanto melhor. Quanto aos malwares eu só tinha uma desconfiança de que tivesse algo. Muito obrigado pela ajuda RogueKiller Anti-Malware V14.4.0.0 (x64) [Apr 1 2020] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.18362) 64 bits Started in : Normal mode User : Shelby [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20200430_054922, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2020/05/01 19:08:53 (Duration : 00:26:08) Switches : -minimize ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Adw.WifiHotSpot (Malicious)] HotSpot -- %programdata%\Microsoft\Windows\Start Menu\Programs\HotSpot -> Deleted => HotSpot.lnk -- C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\HotSpot\HotSpot.lnk [1]
  8. @Elias Pereira Fiquei com uma dúvida no Roguekiller. Ele encontrou [Adw.WifiHotSpot (Malicious)] (folder) HotSpot -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot -> Found porém nessa fase ele só escaneou correto? Não eliminou. Preciso passar novamente pedindo para que elemine? Desde já agradeço.
  9. @Elias Pereira Segue o relatório do Roguekiller RogueKiller Anti-Malware V14.4.0.0 (x64) [Apr 1 2020] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.18362) 64 bits Started in : Normal mode User : Shelby [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20200424_130303, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2020/04/24 11:48:27 (Duration : 00:34:59) Switches : -minimize ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Adw.WifiHotSpot (Malicious)] (folder) HotSpot -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  10. @Elias Pereira, seguem os logs. O Malwarebytes demorou mais de 30 horas, hehehe. Isso é normal será? Desde já agradeço muito por dedicar parte do seu tempo nessa análise. ###### Malwarebytes www.malwarebytes.com -Detalhes do Relatório- Data da análise: 18/04/2020 Hora da análise: 05:08 Arquivo de relatório: db63579c-814b-11ea-9bf0-a41f72f6ed2e.json -Informações do Software- Versão: 4.1.0.56 Versão de componentes: 1.0.875 Versão do pacote de definições: 1.0.22616 Licença: Versão de Avaliação -Informações do Sistema- Sistema operacional: Windows 10 (Build 18362.778) CPU: x64 Sistema de arquivos: NTFS Usuário: Shelby\Shelby -Resumo da Análise- Tipo de análise: Análise Customizada Análise Iniciada Por: Manual Resultado: Concluída Objetos verificados: 841546 Ameaças detectadas: 7 Ameaças em quarentena: 7 Tempo decorrido: 37 hr, 4 min, 11 seg -Opções da Análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado Programa Potencialmente Indesejado: Detetar PUM: Detetar -Detalhes da Análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 1 PUP.Optional.InstallCore, HKU\S-1-5-21-1312496892-2424668927-2316652474-1002\SOFTWARE\INSTALLCORE, Quarentena, 494, 239563, 1.0.22616, , ame, Valor de registro: 1 PUP.Optional.FilesFrog, HKLM\SOFTWARE\CLASSES\SDP\SHELL\OPEN\COMMAND|, Quarentena, 2175, 258347, 1.0.22616, , ame, Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 2 PUP.Optional.VBates, C:\Users\Shelby\AppData\LocalLow\Company\Product\1.0, Quarentena, 3650, 247040, , , , PUP.Optional.VBates, C:\USERS\SHELBY\APPDATA\LOCALLOW\COMPANY\PRODUCT, Quarentena, 3650, 247040, 1.0.22616, , ame, Arquivo: 3 PUP.Optional.VBates, C:\USERS\SHELBY\APPDATA\LOCALLOW\COMPANY\PRODUCT\1.0\LOCALSTORAGEIE.TXT, Quarentena, 3650, 247040, 1.0.22616, , ame, Malware.Generic.3691863201, C:\USERS\SHELBY\APPDATA\ROAMING\Microsoft\Windows\Recent\zoek.zip.lnk, Quarentena, 1000000, 0, , , , Malware.Generic.3691863201, C:\USERS\SHELBY\DESKTOP\ZOEK.ZIP, Quarentena, 1000000, 0, 1.0.22616, 4EEA4435C23F6067DC0D5CA1, dds, 00681558 Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) #### # ------------------------------- # Malwarebytes AdwCleaner 8.0.4.0 # ------------------------------- # Build: 04-03-2020 # Database: 2020-04-08.2 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-19-2020 # Duration: 00:00:06 # OS: Windows 10 Home Single Language # Cleaned: 14 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files (x86)\Common Files\Speedbit Deleted C:\Users\Shelby\AppData\LocalLow\Speedbit ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\SpeedBit Deleted HKLM\Software\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5} Deleted HKLM\Software\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} Deleted HKLM\Software\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Deleted HKLM\Software\Wow6432Node\SpeedBit Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Wpm Deleted HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\V-bates ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [6523 octets] - [19/04/2020 19:36:56] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## #### ~ ZHPCleaner v2020.4.15.192 by Nicolas Coolman (2020/04/15) ~ Run by Shelby (Administrator) (20/04/2020 17:32:48) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\Shelby\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\Shelby\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : OK ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home Single Language, 64-bit (Build 18362) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (25) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (10) MOVED file: C:\Users\Shelby\AppData\Roaming\Mozilla\Firefox\Profiles\5l8rfb0b.default-1458403856152\storage\default\https+++secure.booking.com\.metadata =>PUP.Optional.Booking MOVED file: C:\Users\Shelby\AppData\Roaming\Mozilla\Firefox\Profiles\5l8rfb0b.default-1458403856152\storage\default\https+++secure.booking.com\.metadata-v2 =>PUP.Optional.Booking MOVED file: C:\Users\Shelby\AppData\Roaming\Mozilla\Firefox\Profiles\5l8rfb0b.default-1458403856152\storage\default\https+++secure.booking.com\cache\.padding =>PUP.Optional.Booking MOVED file: C:\Users\Shelby\AppData\Roaming\Mozilla\Firefox\Profiles\5l8rfb0b.default-1458403856152\storage\default\https+++secure.booking.com\cache\caches.sqlite =>PUP.Optional.Booking MOVED file: C:\Users\Shelby\AppData\Roaming\unins001.exe [ - Setup/Uninstall] =>Adware.Pirrit MOVED file: C:\Users\Shelby\Downloads\setup-lightshot.exe [Skillbrains - lightshot Setup] =>SUP.Optional.Skillbrains MOVED folder^: C:\Program Files (x86)\Skillbrains =>SUP.Optional.Skillbrains MOVED folder: C:\Users\Shelby\AppData\Local\Visicom Media =>.SUP.VisicomMedia MOVED folder: C:\Users\Shelby\AppData\Local\Google\Update =>Heuristic.Suspect MOVED folder: C:\Users\Shelby\AppData\LocalLow\Company =>PUP.Optional.$VBates ---\\ Registry ( Key, Value, Data) (8) DELETED key*: HKEY_USERS\S-1-5-21-1312496892-2424668927-2316652474-1002\SOFTWARE\SkillBrains [] =>SUP.Optional.Skillbrains DELETED key*: HKEY_USERS\S-1-5-21-1312496892-2424668927-2316652474-1002\SOFTWARE\Visicom Media [] =>.SUP.VisicomMedia DELETED key**: HKCU\Software\SkillBrains [] =>SUP.Optional.Skillbrains DELETED key**: HKCU\Software\Visicom Media [] =>.SUP.VisicomMedia DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Skillbrains [] =>SUP.Optional.Skillbrains DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Visicom Media [] =>.SUP.VisicomMedia DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Download Accelerator Plus (DAP) [Speedbit Ltd.] =>Adware.SpeedBit DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains] =>SUP.Optional.Skillbrains ---\\ Summary of the elements found (7) https://nicolascoolman.eu/forum/Topic/booking-logiciel-potentiellement-indesirable-pup-lpi/ =>PUP.Optional.Booking https://nicolascoolman.eu/2017/02/25/adware-pirrit/ =>Adware.Pirrit https://nicolascoolman.eu/2019/01/sup-skillbrains =>SUP.Optional.Skillbrains https://nicolascoolman.eu/2017/03/18/superfluous-visicommedia/ =>.SUP.VisicomMedia https://nicolascoolman.eu/wp-content/uploads/2019/01/Informations-Sécurité-Zone-antimalware.jpg =>Heuristic.Suspect https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.$VBates https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware.SpeedBit ---\\ Other deletions. (9) ~ Registry Keys Tracing deleted (9) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 1786 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 8/15 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ End of clean in 00h00mn31s
  11. @Elias Pereira Na verdade o e: é só uma partição. O sistema operacional está no c:. A minha pergunta na verdade referia-se as configurações no Malwarebytes, se posso deixar marcado daquele jeito. Já que tocou no assunto, marco o e: tambem?
  12. Prezado @Elias Pereira, nessa parte posso deixar assim:
  13. A quem puder ajudar agradeço. Meu note está um pouco lento e tenho recebido uns emails estranhos (spams) e sempre desconfio que há algum keylogger ou algo do tipo no pc. Alguem poderia me dar uma mão nas análises? Segue o primeiro log do ZAScan. ZA-Scan.txt
  14. Podemos sim. Imensamente agradecido pela ajuda.
  15. Prezado, realizei os procedimentos. Tudo certo?

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Como se tornar um desenvolvedor full-stack

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!