Jump to content
  • Sign Up

spix

Membro Pleno
  • Posts

    14
  • Joined

  • Last visited

  • Feedback

    0%

Reputation

0

About spix

  • Birthday 03/26/1985 (36 years old)

Informações gerais

  • Cidade e Estado
    Rio de Janeiro, RJ
  1. Prezado Eduardo, Agradeço a resposta, estou pensando em fazer isso também. Mas preciso de um programa de backup que salve as senhas de instalação, inclusive do windows que veio com a máquina. Tem algum pra recomendar? Att. Marcelo
  2. Olá amigos(as)! Meu computador tem estado cada vez mais lento, suspeito de infecção por malware. Poderiam me ajudar a verificar? Att. Marcelo
  3. Prezado Elias, Realizei o novo procedimento. Após realizar as limpezas com os anti-malware o computador ficou bem mais rápido pois antes de abrir o tópico ele estava como "amarrado". Acredito que esteja resolvido. Agradeço muito sua atenção. Att. Marcelo
  4. Prezado Elias, Já tinha excluído os arquivos. Mas rodei novamente o Rogue Killer, segue o resultado. Agradeço, att. Marcelo log do rogue killer RogueKiller Anti-Malware V13.5.7.0 (x64) [Nov 20 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.17134) 64 bits Started in : Normal mode User : Marc1 [Administrator] Started from : C:\Users\Marc1\Downloads\PROGRAMAS\clubedohardware\RogueKiller_portable64.exe Signatures : 20191125_075819, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2019/11/26 01:29:54 (Duration : 00:30:12) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  5. Prezado Elias, Rodei o Roguekiller, segue o log abaixo. Devo remover os arquivos encontrados? Att. Marcelo RogueKiller Anti-Malware V13.5.7.0 (x64) [Nov 20 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.17134) 64 bits Started in : Normal mode User : Marc1 [Administrator] Started from : C:\Users\Marc1\Downloads\PROGRAMAS\clubedohardware\RogueKiller_portable64.exe Signatures : 20191121_092516, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2019/11/21 11:27:27 (Duration : 00:41:36) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> O101 - Clsid [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -- (Speed-Bit LTD) C:\Program Files (x86)\DAP\dapie64.dll -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{79D343F3-E4CE-40DF-8FD8-7D9349A1FAB1} -- (Speed-Bit LTD) C:\Program Files (x86)\DAP\dexthlp64.dll -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E} -- (Speed-Bit LTD) C:\Program Files (x86)\DAP\dapie64.dll -> Found >>>>>> XX - Software [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-418873493-328620954-977625431-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11192019155807049\Software\SpeedBit -- N/A -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Adw.HotspotShield (Malicious)] (folder) Hotspot Shield -- C:\ProgramData\Hotspot Shield -> Found [PUP.Gen1 (Potentially Malicious)] (shortcut) Download Accelerator Plus (DAP).lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk => C:\PROGRA~2\DAP\DAP.exe -> Found [PUP.Gen1 (Potentially Malicious)] (shortcut) DAP Update.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)\DAP Update.lnk => C:\PROGRA~2\DAP\dapupd.exe -> Found [PUP.Gen1 (Potentially Malicious)] (shortcut) Download Accelerator Plus.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)\Download Accelerator Plus.lnk => C:\PROGRA~2\DAP\DAP.exe -> Found [PUP.Gen1 (Potentially Malicious)] (folder) DAP -- C:\Program Files (x86)\DAP -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> Firefox Addon [PUP.Gen2 (Potentially Malicious)] daplinkchecker@speedbit.com (C:\Program Files (x86)\DAP\daplinkchecker) -- daplinkchecker@speedbit.com -> Found
  6. Agradeço pela atenção! Realizei os procedimentos, os logos seguem abaixo: LOG MBAM Malwarebytes www.malwarebytes.com -Detalhes do Relatório- Data da análise: 18/11/2019 Hora da análise: 13:54 Arquivo de relatório: 0fbdc3c8-0a24-11ea-8a23-6432a81bd653.json -Informações do Software- Versão: 4.0.4.49 Versão de componentes: 1.0.718 Versão do pacote de definições: 1.0.15102 Licença: Gratuita -Informações do Sistema- Sistema operacional: Windows 10 (Build 17134.1069) CPU: x64 Sistema de arquivos: NTFS Usuário: LAPTOP-SGU7U1NO\Marc1 -Resumo da Análise- Tipo de análise: Análise Customizada Análise Iniciada Por: Manual Resultado: Concluída Objetos verificados: 1153639 Ameaças detectadas: 6 Ameaças em quarentena: 5 Tempo decorrido: 10 hr, 33 min, 9 seg -Opções da Análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado Programa Potencialmente Indesejado: Detetar PUM: Detetar -Detalhes da Análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 6 PUP.Optional.ASK, C:\USERS\MARC1\DOCUMENTS\ARQUIVOS DIGITAIS - 2019\AAAS CAIXAS\ORGANIZAçãO DO ACERVO\SETUPIMGBURN_2.5.5.0.EXE, Quarentena, 2, 700966, 1.0.15102, , ame, Generic.Malware/Suspicious, C:\USERS\MARC1\DOCUMENTS\ARQUIVOS DIGITAIS - 2019\AAAS CAIXAS\ORGANIZAçãO DO ACERVO\SETUPIMGBURN_2.5.5.0.EXE, Quarentena, 0, 392686, 1.0.15102, , shuriken, Generic.Malware/Suspicious, C:\USERS\MARC1\DOCUMENTS\ARQUIVOS DIGITAIS - 2019\PASTA ARQUIVOS\PROGRAMAS\CUTEWRITER.EXE, Quarentena, 0, 392686, 1.0.15102, , shuriken, RiskWare.Tool.CK, C:\USERS\MARC1\DOCUMENTS\ARQUIVOS DIGITAIS - 2019\PASTA ARQUIVOS\PROGRAMAS\NERO 7.10.1.0\KEYGEN.EXE, Falha ao remover, 7453, 133298, 1.0.15102, 8BF99DC9F03A9693CAE473D6, dds, 00463174 PUP.Optional.BundleInstaller.Generic, C:\USERS\MARC1\DOCUMENTS\ARQUIVOS DIGITAIS - ARQUIVO\VERIFICAR\VERIFICAR\DESKTOP MAI2018\VERIFICAR\FREEFILESYNC_9.0_WINDOWS_SETUP.EXE, Quarentena, 5994, 518788, 1.0.15102, , ame, Adware.InstallCore, C:\USERS\MARC1\DOWNLOADS\PROGRAMAS\BAIXAKI_DOWNLOAD ACCELERATOR PLUS_1198792516.EXE, Quarentena, 471, 615405, 1.0.15102, , ame, Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) AdwCleaner[S00] # ------------------------------- # Malwarebytes AdwCleaner 7.4.2.0 # ------------------------------- # Build: 10-21-2019 # Database: 2019-10-21.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 11-19-2019 # Duration: 00:01:22 # OS: Windows 10 Home Single Language # Scanned: 35182 # Detected: 31 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy C:\ProgramData\Speedbit PUP.Optional.Legacy C:\Users\Marc1\AppData\LocalLow\Speedbit PUP.Optional.Legacy C:\Users\Marc1\AppData\Roaming\Speedbit ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Conduit HKCU\Software\Conduit PUP.Optional.Conduit HKLM\Software\Wow6432Node\Conduit PUP.Optional.Legacy HKCU\Software\SpeedBit PUP.Optional.Legacy HKLM\Software\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} PUP.Optional.Legacy HKLM\Software\Wow6432Node\SpeedBit ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Preinstalled Software ] ***** Preinstalled.ASUSDeviceActivation Folder C:\Program Files (x86)\ASUS\ASUS DEVICE ACTIVATION Preinstalled.ASUSDeviceActivation Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04} Preinstalled.ASUSGiftBox Folder C:\Program Files (x86)\ASUS\ASUS GIFTBOX SERVICE Preinstalled.ASUSGiftBox Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B} Preinstalled.ASUSHello Folder C:\Program Files (x86)\ASUS\ASUS HELLO Preinstalled.ASUSHello Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23F20504-1FD3-49EE-8710-6A7EAE9C2634} Preinstalled.ASUSHello Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Hello Preinstalled.ASUSHello Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D8CE1923-92A9-4036-817E-9E0D8AA2169B} Preinstalled.ASUSHello Task C:\Windows\System32\Tasks\ASUS HELLO Preinstalled.ASUSLiveUpdate Folder C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE Preinstalled.ASUSLiveUpdate Folder C:\ProgramData\ASUS\ASUS LIVE UPDATE Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CDD9D45-C32C-46D1-8EE5-4020A6CF20FD} Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker Preinstalled.ASUSLiveUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4} Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\UPDATE CHECKER Preinstalled.ASUSSplendid Folder C:\Program Files (x86)\ASUS\SPLENDID Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{922CB300-D8DC-4064-BEDE-E9825F015B90} Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON Preinstalled.ASUSSplendid Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D} Preinstalled.ASUSSplendid Task C:\Windows\System32\Tasks\ASUS SPLENDID ACMON Preinstalled.EpsonCustomerResearchParticipation Folder C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Preinstalled.EpsonCustomerResearchParticipation Folder C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Preinstalled.EpsonCustomerResearchParticipation Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA} AdwCleaner_Debug.log - [13121 octets] - [19/11/2019 15:43:15] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## AdwCleaner_Debug 2019-11-19 18:43:15 : <INFO> [Application] AdwCleaner 7 . 4 . 2 launched 2019-11-19 18:43:17 : <INFO> [MBInstaller] Checking Iris 2019-11-19 18:43:17 : <INFO> [IRIS] Making request 2019-11-19 18:43:17 : <INFO> [AdwUpgrade] Checking application updates 2019-11-19 18:43:17 : <INFO> [Telemetry] Sending hello 2019-11-19 18:43:18 : <WARNING> Type conversion already registered from type QSharedPointer<QNetworkSession> to type QObject* 2019-11-19 18:43:18 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-11-19 18:43:18 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-11-19 18:43:18 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-11-19 18:43:18 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-11-19 18:43:18 : <INFO> [SslCert] Certificate EffectiveDate: "seg out 2 00:00:00 2017 GMT" 2019-11-19 18:43:18 : <INFO> [SslCert] Certificate ExpirationDate: "ter out 6 12:00:00 2020 GMT" 2019-11-19 18:43:18 : <INFO> [SslCert] ALPN: None 2019-11-19 18:43:18 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-11-19 18:43:18 : <INFO> [SslCert] KXE: "ECDH" 2019-11-19 18:43:18 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-11-19 18:43:18 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-11-19 18:43:18 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-11-19 18:43:18 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-11-19 18:43:18 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-11-19 18:43:18 : <INFO> [SslCert] Certificate EffectiveDate: "seg out 2 00:00:00 2017 GMT" 2019-11-19 18:43:18 : <INFO> [SslCert] Certificate ExpirationDate: "ter out 6 12:00:00 2020 GMT" 2019-11-19 18:43:18 : <INFO> [SslCert] ALPN: None 2019-11-19 18:43:18 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-11-19 18:43:18 : <INFO> [SslCert] KXE: "ECDH" 2019-11-19 18:43:18 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-11-19 18:43:18 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-11-19 18:43:18 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-11-19 18:43:18 : <INFO> [IRIS] Failed 2019-11-19 18:43:27 : <INFO> [Button clicked] EULA agreed 2019-11-19 18:43:51 : <INFO> [Application] Closing AdwCleaner 2019-11-19 18:44:00 : <INFO> [Application] AdwCleaner 7 . 4 . 2 launched 2019-11-19 18:44:01 : <INFO> [MBInstaller] Checking Iris 2019-11-19 18:44:01 : <INFO> [IRIS] Making request 2019-11-19 18:44:02 : <INFO> [Telemetry] Sending hello ication updates 2019-11-19 18:44:02 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-11-19 18:44:02 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-11-19 18:44:02 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-11-19 18:44:02 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-11-19 18:44:02 : <INFO> [SslCert] Certificate EffectiveDate: "seg out 2 00:00:00 2017 GMT" 2019-11-19 18:44:02 : <INFO> [SslCert] Certificate ExpirationDate: "ter out 6 12:00:00 2020 GMT" 2019-11-19 18:44:02 : <INFO> [SslCert] ALPN: None 2019-11-19 18:44:02 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-11-19 18:44:02 : <INFO> [SslCert] KXE: "ECDH" 2019-11-19 18:44:02 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-11-19 18:44:02 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-11-19 18:44:02 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-11-19 18:44:02 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-11-19 18:44:02 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-11-19 18:44:02 : <INFO> [SslCert] Certificate EffectiveDate: "seg out 2 00:00:00 2017 GMT" 2019-11-19 18:44:02 : <INFO> [SslCert] Certificate ExpirationDate: "ter out 6 12:00:00 2020 GMT" 2019-11-19 18:44:02 : <INFO> [SslCert] ALPN: None 2019-11-19 18:44:02 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-11-19 18:44:02 : <INFO> [SslCert] KXE: "ECDH" 2019-11-19 18:44:02 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-11-19 18:44:02 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-11-19 18:44:03 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-11-19 18:44:03 : <INFO> [IRIS] Failed 2019-11-19 18:44:16 : <INFO> [Button clicked] Scan 2019-11-19 18:44:16 : <INFO> [Scan] Started 2019-11-19 18:44:16 : <INFO> [Database] Downloading database 2019-11-19 18:44:18 : <INFO> [Database] Checking integrity 2019-11-19 18:44:18 : <INFO> [Database] Found 2588 families 2019-11-19 18:44:18 : <INFO> [Database] Database v "2019-10-21.1" 2019-11-19 18:44:18 : <INFO> [Loading paths] Local paths loaded 2019-11-19 18:44:19 : <INFO> [Loading paths] Chrome paths loaded 2019-11-19 18:44:19 : <INFO> [Loading paths] User Keys loaded 2019-11-19 18:44:19 : <INFO> [Module initialized] "File" 2019-11-19 18:44:19 : <INFO> [Module initialized] "Folder" 2019-11-19 18:44:19 : <INFO> [Module initialized] "RegistryKey" 2019-11-19 18:44:19 : <INFO> [Module initialized] "RegistryValue" 2019-11-19 18:44:20 : <INFO> [Module initialized] "TaskName" 2019-11-19 18:44:20 : <INFO> [Module initialized] "Service" 2019-11-19 18:44:20 : <INFO> [Module initialized] "Winlogon" 2019-11-19 18:44:43 : <INFO> [Module initialized] "URL" 2019-11-19 18:44:43 : <INFO> [Module initialized] "RegAppInit" 2019-11-19 18:44:43 : <INFO> [Module initialized] "RegClasses" 2019-11-19 18:44:43 : <INFO> [Module initialized] "DNS" 2019-11-19 18:44:43 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-11-19 18:44:43 : <INFO> [Module initialized] "RegGuid" 2019-11-19 18:44:43 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-11-19 18:44:43 : <INFO> [Module initialized] "RegOther" 2019-11-19 18:44:43 : <INFO> [Module initialized] "RegProductID" 2019-11-19 18:44:43 : <INFO> [Module initialized] "RegSoftware" 2019-11-19 18:44:43 : <INFO> [Module initialized] "RegStartup" 2019-11-19 18:44:43 : <INFO> [Module initialized] "WMI" 2019-11-19 18:44:43 : <INFO> [Module initialized] "ChromiumExt" 2019-11-19 18:44:43 : <INFO> [Module initialized] "FirefoxExt" 2019-11-19 18:44:43 : <INFO> [Module initialize] Scan Browser 2019-11-19 18:45:22 : <INFO> [Module initialize] Scan Browser FF 2019-11-19 18:45:22 : <INFO> [Module initialize] FF start pages loaded 2019-11-19 18:45:22 : <INFO> [Module initialize] FF search providers loaded 2019-11-19 18:45:22 : <INFO> [Module initialize] FF plugin list loaded 2019-11-19 18:45:22 : <INFO> [Scan] Exclusions loaded 2019-11-19 18:45:24 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "C:\\Users\\Marc1\\AppData\\Roaming\\Speedbit" [ "Folder" ] 2019-11-19 18:45:24 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "C:\\Users\\Marc1\\AppData\\LocalLow\\Speedbit" [ "Folder" ] 2019-11-19 18:45:24 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "C:\\ProgramData\\Speedbit" [ "Folder" ] 2019-11-19 18:45:25 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKLM\\Software\\Classes\\Interface\\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}" [ "Registry" ] 2019-11-19 18:45:29 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKLM\\Software\\Wow6432Node\\SpeedBit" [ "Registry" ] 2019-11-19 18:45:29 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKCU\\Software\\SpeedBit" [ "Registry" ] 2019-11-19 18:45:32 : <INFO> [Scan] Item detected: "Preinstalled.ASUSSplendid" , "C:\\Program Files (x86)\\ASUS\\SPLENDID" [ "Folder" ] 2019-11-19 18:45:32 : <INFO> [Scan] Item detected: "Preinstalled.ASUSSplendid" , "C:\\Windows\\System32\\Tasks\\ASUS SPLENDID ACMON" [ "Task" ] 2019-11-19 18:45:32 : <INFO> [Scan] Item detected: "localScan" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\ASUS Splendid ACMON" [ "Registry" ] 2019-11-19 18:45:32 : <INFO> [Scan] Item detected: "Preinstalled.ASUSSplendid" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\ASUS Splendid ACMON" [ "Registry" ] 2019-11-19 18:45:33 : <INFO> [Scan] Item detected: "Preinstalled.ASUSSplendid" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{922CB300-D8DC-4064-BEDE-E9825F015B90}\u0000" [ "Registry" ] 2019-11-19 18:45:33 : <INFO> [Scan] Item detected: "Preinstalled.ASUSSplendid" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0969AF05-4FF6-4C00-9406-43599238DE0D}" [ "Registry" ] 2019-11-19 18:45:35 : <INFO> [Scan] Item detected: "PUP.Optional.Conduit" , "HKLM\\Software\\Wow6432Node\\Conduit" [ "Registry" ] 2019-11-19 18:45:35 : <INFO> [Scan] Item detected: "PUP.Optional.Conduit" , "HKCU\\Software\\Conduit" [ "Registry" ] 2019-11-19 18:45:36 : <INFO> [Scan] Item detected: "Preinstalled.ASUSGiftBox" , "C:\\Program Files (x86)\\ASUS\\ASUS GIFTBOX SERVICE" [ "Folder" ] 2019-11-19 18:45:36 : <INFO> [Scan] Item detected: "Preinstalled.ASUSGiftBox" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}" [ "Registry" ] 2019-11-19 18:45:36 : <INFO> [Scan] Item detected: "Preinstalled.ASUSHello" , "C:\\Program Files (x86)\\ASUS\\ASUS HELLO" [ "Folder" ] 2019-11-19 18:45:36 : <INFO> [Scan] Item detected: "Preinstalled.ASUSHello" , "C:\\Windows\\System32\\Tasks\\ASUS HELLO" [ "Task" ] 2019-11-19 18:45:36 : <INFO> [Scan] Item detected: "localScan" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\ASUS Hello" [ "Registry" ] 2019-11-19 18:45:36 : <INFO> [Scan] Item detected: "Preinstalled.ASUSHello" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\ASUS Hello" [ "Registry" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.ASUSHello" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{23F20504-1FD3-49EE-8710-6A7EAE9C2634}\u0000" [ "Registry" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.ASUSHello" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}" [ "Registry" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.ASUSDeviceActivation" , "C:\\Program Files (x86)\\ASUS\\ASUS DEVICE ACTIVATION" [ "Folder" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.ASUSDeviceActivation" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}" [ "Registry" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.ASUSLiveUpdate" , "C:\\Program Files (x86)\\ASUS\\ASUS LIVE UPDATE" [ "Folder" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.ASUSLiveUpdate" , "C:\\ProgramData\\ASUS\\ASUS LIVE UPDATE" [ "Folder" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.ASUSLiveUpdate" , "C:\\Windows\\System32\\Tasks\\UPDATE CHECKER" [ "Task" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "localScan" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\Update Checker" [ "Registry" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.ASUSLiveUpdate" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\Update Checker" [ "Registry" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.ASUSLiveUpdate" , "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9CDD9D45-C32C-46D1-8EE5-4020A6CF20FD}\u0000" [ "Registry" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.ASUSLiveUpdate" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" [ "Registry" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.EpsonCustomerResearchParticipation" , "C:\\Program Files\\EPSON\\EPSONCUSTOMERRESEARCHPARTICIPATION" [ "Folder" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.EpsonCustomerResearchParticipation" , "C:\\ProgramData\\EPSON\\EPSONCUSTOMERRESEARCHPARTICIPATION" [ "Folder" ] 2019-11-19 18:45:37 : <INFO> [Scan] Item detected: "Preinstalled.EpsonCustomerResearchParticipation" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{B26449A6-6007-4460-B4FE-C4776115BCEA}" [ "Registry" ] 2019-11-19 18:45:39 : <INFO> [Telemetry] Sending to Influx 2019-11-19 18:45:41 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-11-19 18:45:41 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-11-19 18:45:41 : <INFO> [SslCert] Locality Name () 2019-11-19 18:45:41 : <INFO> [SslCert] Organization () 2019-11-19 18:45:41 : <INFO> [SslCert] Certificate EffectiveDate: "qui out 17 14:50:26 2019 GMT" 2019-11-19 18:45:41 : <INFO> [SslCert] Certificate ExpirationDate: "qua jan 15 14:50:26 2020 GMT" 2019-11-19 18:45:41 : <INFO> [SslCert] ALPN: Yes 2019-11-19 18:45:41 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-11-19 18:45:41 : <INFO> [SslCert] KXE: "ECDH" 2019-11-19 18:45:41 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-11-19 18:45:41 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-11-19 18:45:41 : <INFO> [Telemetry] Sending to DSE 2019-11-19 18:45:41 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-11-19 18:45:41 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-11-19 18:45:41 : <INFO> [SslCert] Locality Name ("San Jose") 2019-11-19 18:45:41 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-11-19 18:45:41 : <INFO> [SslCert] Certificate EffectiveDate: "qui fev 22 00:00:00 2018 GMT" 2019-11-19 18:45:41 : <INFO> [SslCert] Certificate ExpirationDate: "qua abr 22 12:00:00 2020 GMT" 2019-11-19 18:45:41 : <INFO> [SslCert] ALPN: Yes 2019-11-19 18:45:41 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-11-19 18:45:41 : <INFO> [SslCert] KXE: "ECDH" 2019-11-19 18:45:41 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-11-19 18:45:41 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-11-19 18:45:41 : <INFO> [Scan] Finished 2019-11-19 18:47:28 : <INFO> [Button clicked] Next 2019-11-19 18:48:06 : <INFO> [Checkbox clicked] Bundleware found "Don't show again": "Unchecked" 2019-11-19 18:48:07 : <INFO> [Button clicked] Bundleware found ok button 2019-11-19 18:48:30 : <INFO> [Button clicked] Previous 2019-11-19 18:48:37 : <INFO> [Button clicked] Next 2019-11-19 18:48:39 : <INFO> [Button clicked] Bundleware found ok button 2019-11-19 18:48:41 : <INFO> [Button clicked] Clean & repair 2019-11-19 18:48:45 : <INFO> [Button clicked] Dialog button clicked [ 5 ] 2019-11-19 18:48:48 : <INFO> [Button clicked] Clean & repair 2019-11-19 18:48:49 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-11-19 18:48:49 : <INFO> [Cleaning] Started 2019-11-19 18:48:49 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-11-19 18:48:49 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-11-19 18:48:49 : <WARNING> [Cleaning] Unable to Open process - "Registry" 0 2019-11-19 18:48:49 : <WARNING> [Cleaning] Unable to Open process - "Memory Compression" 0 2019-11-19 18:48:49 : <WARNING> [Cleaning] Unable to Open process - "SecurityHealthService.exe" 0 2019-11-19 18:48:49 : <WARNING> [Cleaning] Unable to Open process - "sppsvc.exe" 0 2019-11-19 18:48:49 : <WARNING> [Cleaning] Unable to Open process - "SgrmBroker.exe" 0 2019-11-19 18:48:49 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849" 2019-11-19 18:48:49 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "C:\\Users\\Marc1\\AppData\\Roaming\\Speedbit" [ "Folder" ] 2019-11-19 18:48:49 : <DEBUG> [Quarantine] Created quarantine record. 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\1" 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\1\\Speedbit" 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\1\\Speedbit\\DAP" 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\1\\Speedbit\\DAP\\Tables" 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:49 : <DEBUG> [Cleaning] Cleaned the item. 2019-11-19 18:48:49 : <DEBUG> [Cleaning] Updated quarantine index file. 2019-11-19 18:48:49 : <DEBUG> [Cleaning] ObjectsProcessed = 1 2019-11-19 18:48:49 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "C:\\Users\\Marc1\\AppData\\Roaming\\Speedbit" [ "Folder" ] 2019-11-19 18:48:49 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "C:\\Users\\Marc1\\AppData\\LocalLow\\Speedbit" [ "Folder" ] 2019-11-19 18:48:49 : <DEBUG> [Quarantine] Created quarantine record. 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\2" 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\2\\Speedbit" 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:49 : <DEBUG> [Cleaning] Cleaned the item. 2019-11-19 18:48:49 : <DEBUG> [Cleaning] Updated quarantine index file. 2019-11-19 18:48:49 : <DEBUG> [Cleaning] ObjectsProcessed = 2 2019-11-19 18:48:49 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "C:\\Users\\Marc1\\AppData\\LocalLow\\Speedbit" [ "Folder" ] 2019-11-19 18:48:49 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "C:\\ProgramData\\Speedbit" [ "Folder" ] 2019-11-19 18:48:49 : <DEBUG> [Quarantine] Created quarantine record. 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3" 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit" 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP" 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\History" 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Log" 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:49 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\MCFiles" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Offers" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\08D29C25-8256-4454-9E93-A39DCAFB043D" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\08D29C25-8256-4454-9E93-A39DCAFB043D\\1.0.0.4_0" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\189AE673-13C1-4133-A470-8C4DDD1ACB8C" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\189AE673-13C1-4133-A470-8C4DDD1ACB8C\\1.0.1.3_0" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\189AE673-13C1-4133-A470-8C4DDD1ACB8C\\1.0.1.3_0\\Dapsters" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\189AE673-13C1-4133-A470-8C4DDD1ACB8C\\1.0.1.3_0\\Dapsters\\Icons" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\211A24A5-08E2-4413-8BFF-C16F80CCB537" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\211A24A5-08E2-4413-8BFF-C16F80CCB537\\1.0.0.0_0" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\B0FE9480-9E77-4c65-BF2F-855F9D750418" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\B0FE9480-9E77-4c65-BF2F-855F9D750418\\1.0.0.3_0" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\B775A1D0-4882-4577-B251-0DAC64A08E40" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\B775A1D0-4882-4577-B251-0DAC64A08E40\\1.0.5.1_0" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\B775A1D0-4882-4577-B251-0DAC64A08E40\\1.0.5.1_0\\public" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\Install" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Plugins\\Log" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Temp" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: "C:\\AdwCleaner\\Quarantine\\v1\\20191119.154849\\3\\Speedbit\\DAP\\Updates" 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [recurseProcessNameHashes]: Done. 2019-11-19 18:48:50 : <DEBUG> [Cleaning] Cleaned the item. 2019-11-19 18:48:50 : <DEBUG> [Cleaning] Updated quarantine index file. 2019-11-19 18:48:50 : <DEBUG> [Cleaning] ObjectsProcessed = 3 2019-11-19 18:48:50 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "C:\\ProgramData\\Speedbit" [ "Folder" ] 2019-11-19 18:48:50 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKLM\\Software\\Classes\\Interface\\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}" [ "Registry" ] 2019-11-19 18:48:50 : <DEBUG> [Quarantine] Created quarantine record. 2019-11-19 18:48:51 : <DEBUG> [Cleaning] Cleaned the item. 2019-11-19 18:48:51 : <DEBUG> [Cleaning] Updated quarantine index file. 2019-11-19 18:48:51 : <DEBUG> [Cleaning] ObjectsProcessed = 4 2019-11-19 18:48:51 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKLM\\Software\\Classes\\Interface\\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}" [ "Registry" ] 2019-11-19 18:48:51 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKLM\\Software\\Wow6432Node\\SpeedBit" [ "Registry" ] 2019-11-19 18:48:51 : <DEBUG> [Quarantine] Created quarantine record. 2019-11-19 18:48:51 : <DEBUG> [Cleaning] Cleaned the item. 2019-11-19 18:48:51 : <DEBUG> [Cleaning] Updated quarantine index file. 2019-11-19 18:48:51 : <DEBUG> [Cleaning] ObjectsProcessed = 5 2019-11-19 18:48:51 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKLM\\Software\\Wow6432Node\\SpeedBit" [ "Registry" ] 2019-11-19 18:48:51 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKCU\\Software\\SpeedBit" [ "Registry" ] 2019-11-19 18:48:51 : <DEBUG> [Quarantine] Created quarantine record. 2019-11-19 18:48:51 : <DEBUG> [Cleaning] Cleaned the item. 2019-11-19 18:48:51 : <DEBUG> [Cleaning] Updated quarantine index file. 2019-11-19 18:48:51 : <DEBUG> [Cleaning] ObjectsProcessed = 6 2019-11-19 18:48:51 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKCU\\Software\\SpeedBit" [ "Registry" ] 2019-11-19 18:48:51 : <INFO> [Cleaning] Processing: "PUP.Optional.Conduit" , "HKLM\\Software\\Wow6432Node\\Conduit" [ "Registry" ] 2019-11-19 18:48:51 : <DEBUG> [Quarantine] Created quarantine record. 2019-11-19 18:48:52 : <DEBUG> [Cleaning] Cleaned the item. 2019-11-19 18:48:52 : <DEBUG> [Cleaning] Updated quarantine index file. 2019-11-19 18:48:52 : <DEBUG> [Cleaning] ObjectsProcessed = 7 2019-11-19 18:48:52 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Conduit" , "HKLM\\Software\\Wow6432Node\\Conduit" [ "Registry" ] 2019-11-19 18:48:52 : <INFO> [Cleaning] Processing: "PUP.Optional.Conduit" , "HKCU\\Software\\Conduit" [ "Registry" ] 2019-11-19 18:48:52 : <DEBUG> [Quarantine] Created quarantine record. 2019-11-19 18:48:52 : <DEBUG> [Cleaning] Cleaned the item. 2019-11-19 18:48:52 : <DEBUG> [Cleaning] Updated quarantine index file. 2019-11-19 18:48:52 : <DEBUG> [Cleaning] ObjectsProcessed = 8 2019-11-19 18:48:52 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Conduit" , "HKCU\\Software\\Conduit" [ "Registry" ] 2019-11-19 18:48:52 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-11-19 18:48:55 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-11-19 18:48:55 : <INFO> [Telemetry] Sending to Influx 2019-11-19 18:48:57 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-11-19 18:48:57 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-11-19 18:48:57 : <INFO> [SslCert] Locality Name () 2019-11-19 18:48:57 : <INFO> [SslCert] Organization () 2019-11-19 18:48:57 : <INFO> [SslCert] Certificate EffectiveDate: "qui out 17 14:50:26 2019 GMT" 2019-11-19 18:48:57 : <INFO> [SslCert] Certificate ExpirationDate: "qua jan 15 14:50:26 2020 GMT" 2019-11-19 18:48:57 : <INFO> [SslCert] ALPN: Yes 2019-11-19 18:48:57 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-11-19 18:48:57 : <INFO> [SslCert] KXE: "ECDH" 2019-11-19 18:48:57 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-11-19 18:48:57 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-11-19 18:48:57 : <INFO> [Telemetry] Sending to DSE 2019-11-19 18:48:58 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-11-19 18:48:58 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-11-19 18:48:58 : <INFO> [SslCert] Locality Name ("San Jose") 2019-11-19 18:48:58 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-11-19 18:48:58 : <INFO> [SslCert] Certificate EffectiveDate: "qui fev 22 00:00:00 2018 GMT" 2019-11-19 18:48:58 : <INFO> [SslCert] Certificate ExpirationDate: "qua abr 22 12:00:00 2020 GMT" 2019-11-19 18:48:58 : <INFO> [SslCert] ALPN: Yes 2019-11-19 18:48:58 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-11-19 18:48:58 : <INFO> [SslCert] KXE: "ECDH" 2019-11-19 18:48:58 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-11-19 18:48:58 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-11-19 18:48:58 : <INFO> [Cleaning] Finished 2019-11-19 18:48:58 : <CRITICAL> [TaskMan] Failed to save the task ( 0 ) 2019-11-19 18:50:58 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-11-19 18:50:59 : <INFO> [Application] Closing AdwCleaner 2019-11-19 19:02:20 : <INFO> [Application] AdwCleaner 7 . 4 . 2 launched 2019-11-19 19:02:27 : <INFO> [MBInstaller] Checking Iris 2019-11-19 19:02:27 : <INFO> [IRIS] Making request 2019-11-19 19:02:28 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-11-19 19:02:28 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-11-19 19:02:28 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-11-19 19:02:28 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-11-19 19:02:28 : <INFO> [SslCert] Certificate EffectiveDate: "seg out 2 00:00:00 2017 GMT" 2019-11-19 19:02:28 : <INFO> [SslCert] Certificate ExpirationDate: "ter out 6 12:00:00 2020 GMT" 2019-11-19 19:02:28 : <INFO> [SslCert] ALPN: None 2019-11-19 19:02:28 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-11-19 19:02:28 : <INFO> [SslCert] KXE: "ECDH" 2019-11-19 19:02:28 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-11-19 19:02:28 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-11-19 19:02:28 : <INFO> [IRIS] Failed 2019-11-19 19:02:35 : <INFO> [Button clicked] Survey closed 2019-11-19 19:02:35 : <INFO> [Telemetry] Sending NPS Survey 2019-11-19 19:02:36 : <INFO> [AdwUpgrade] Checking application updates 2019-11-19 19:02:36 : <INFO> [Telemetry] Sending hello 2019-11-19 19:02:36 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-11-19 19:02:36 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-11-19 19:02:36 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-11-19 19:02:36 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-11-19 19:02:36 : <INFO> [SslCert] Certificate EffectiveDate: "seg out 2 00:00:00 2017 GMT" 2019-11-19 19:02:36 : <INFO> [SslCert] Certificate ExpirationDate: "ter out 6 12:00:00 2020 GMT" 2019-11-19 19:02:36 : <INFO> [SslCert] ALPN: None 2019-11-19 19:02:36 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-11-19 19:02:36 : <INFO> [SslCert] KXE: "ECDH" 2019-11-19 19:02:36 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-11-19 19:02:36 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-11-19 19:02:37 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-11-19 19:02:37 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-11-19 19:02:37 : <INFO> [SslCert] Locality Name () 2019-11-19 19:02:37 : <INFO> [SslCert] Organization () 2019-11-19 19:02:37 : <INFO> [SslCert] Certificate EffectiveDate: "qui out 17 14:50:26 2019 GMT" 2019-11-19 19:02:37 : <INFO> [SslCert] Certificate ExpirationDate: "qua jan 15 14:50:26 2020 GMT" 2019-11-19 19:02:37 : <INFO> [SslCert] ALPN: Yes 2019-11-19 19:02:37 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-11-19 19:02:37 : <INFO> [SslCert] KXE: "ECDH" 2019-11-19 19:02:37 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-11-19 19:02:37 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-11-19 19:02:38 : <INFO> [Button clicked] Log files menu item ZHPCLEANER ZHPCleaner Report ~ ZHPCleaner v2019.11.14.158 by Nicolas Coolman (2019/11/14) ~ Run by Marc1 (Administrator) (19/11/2019 17:19:04) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version KO ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Marc1\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\Marc1\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home Single Language, 64-bit (Build 17134) ---\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. (ADS) ---\ Services (0) ~ No malicious or unnecessary items found. (Service) ---\ Browser internet (1) DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;;] =>Hijacker.Proxy ---\ Hosts file (1) ~ The hosts file is legitimate (24) ---\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. (Task) ---\ Explorer ( File, Folder) (4) MOVED file: C:\Users\Marc1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk [Bad : C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe](.AB Team.) =>.SUP.ABTeam MOVED file: C:\Users\Marc1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\Marc1\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\Marc1\Downloads\PROGRAMAS\uTorrent.exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P) MOVED folder: C:\Program Files (x86)\Webteh =>.SUP.ABTeam ---\ Registry ( Key, Value, Data) (4) DELETED key*: HKEY_USERS\S-1-5-21-418873493-328620954-977625431-1001\SOFTWARE\Classes\AppX7x7b1rpymnzqa9xabs5s8b4kgfcncz13 [] =>Adware.Navipromo DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Webteh [] =>.SUP.ABTeam DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Download Accelerator Plus (DAP) [Speedbit Ltd.] =>Adware.SpeedBit ---\ Summary of the elements found (5) https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.ABTeam https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://www.nicolascoolman.com/fr/adware-navipromo/ =>Adware.Navipromo https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware.SpeedBit ---\ Other deletions. (7) ~ Registry Keys Tracing deleted (7) ~ Remove the old reports ZHPCleaner. (0) ---\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ~ Opera OK ---\ Statistics ~ Items scanned : 2207 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 6/13 ~ Space saving (bytes) : 0 ~ End of clean in 00h00mn20s ---\ Reports (3) ZHPCleaner--19112019-16_32_07.txt ZHPCleaner--19112019-17_03_31.txt ZHPCleaner-[R]-19112019-17_19_24.txt ZHPCleaner report End Desde já grato, Att. Marcelo
  7. Prezados/as amigos/as Realizei o procedimento inicial mas o za-scan não abre, apesar de ter desabilitado o antivirus, antispyware e o firewall do windows 10 home 64 bits. Isto foi feito por suspeita de malware, para o que peço, encarecidamente, a ajuda de vcs. Att. Marcelo
  8. Na verdade gostaria de saber se alguem tem informações sobre o Philips 13NB8602 Core 2 Duo T8300 (2,4 Ghz) 2GB RAM 250GB, que está com uma configuração muito boa e está R$ 2.499,00 a vista nas Pernambucanas. As características estão abaixo: Descrição Notebook multimídia 13.3" com Microsoft® Windows® Vista Home Premium. Criado para pessoas que precisam de mobilidade, velocidade, conectividade e muito mais. Tudo em um só notebook: processador Core 2 Duo, 2 GB de memória, capacidade de armazenamento de 250 GB, além de conexão sem fio, bluetooth e firewire. Conexão com redes sem fio: A certificação Wi-Fi garante a comunicação com todos os dispositivos Wi-Fi. A comissão Wi-Fi é composta pela Philips, Microsoft, IBM, Dell e outras empresas que definem os padrões da indústria. Câmera de 1.3 megapixel: Capture seus momentos mais preciosos com a mais clara e nítida qualidade de imagem por meio da resolução de 1.3 megapixel. Pressione a tecla OK para tirar fotos vibrantes e use-as como papel de parede, para fazer chamadas por foto ou para enviá-las via MMS. Conexão Wireless: Conexão com redes sem fio Suas dimensões e leveza o tornam verdadeiramente portátil: Assista filmes no formato widescreen 16:9 A qualquer hora e em qualquer lugar: Use seu notebook até 5 horas sem precisar recarregar a bateria Mostre ao mundo quem você realmente é: Câmera de 1.3 megapixel para uma qualidade de imagem clara e nítida Curta as suas músicas, fotos e filmes favoritos: Seus filmes, suas fotos e suas músicas com você onde você estiver Especificações Imagem/tela: Proporção da imagem: 16:9 Resolução no painel: WXGA TFT de 13,1'' (1280 x 800) Especificações do PC: Processador: Intel® Core 2 Duo 8300 Unidade de disco rígido: 250 GB Memória: 2 GB Sistema operacional: Microsoft® Windows® Vista HP Gráficos: Intel® GMA965 Reprodução de áudio: Mídia de reprodução: CD, CD de MP3, MP3-DVD, Áudio DVD, CD-R/RW Reprodução de vídeo: Mídia de reprodução: CD, DVD, DVD+R, DVD+R DL, DVD+R/+RW, DVD+RW, DVD-R, DVD-R DL, DVD-R/-RW, MPEG4, Foto CD Gravação de vídeo: Mídia de gravação: CD-R/RW, DVD+R DL, DVD+R/+RW, DVD-R DL, DVD-R/-RW Alimentação: Fonte de alimentação: 110 a 240 V Dados Técnicos Fabricante PHILIPS Cor do produto Preto/Prata Peso sem embalagem 1,9 Kg Altura sem embalagem 2,96 cm Largura sem embalagem 31,1 cm Comprimento sem embalagem 23,1 cm Prazo de Garantia 12 meses Para mais informações ligue: (11) 2121-0203 (São Paulo-SP) 0800 701 0203 (Demais Localidades) Conexões Conexões frontais / laterais: Entrada i.LINK DV (IEEE1394, 4 pinos), Saída para fone de ouvido, Microfone, Saída VGA, 3 saídas USB 2.0 Rede local com fio: Ethernet (RJ 45) 1x Rede local sem fio: Rede local sem fio (IEEE802.11b), Rede local sem fio (IEEE802.11g), Rede local sem fio (IEEE802.11a) Versão Bluetooth: 2,0 Itens inclusos Cabo de alimentação AC Manual do usuário Adaptador de energia bivolt
  9. Prezados amigos, Estou procurando um notebook que seja pequeno (13,3 ou 14"), pois o utilizarei fora de casa, mas que tenha bom desempenho sem ser excessivamente caro (até 3.000 no máximo). Aceitaria sugestões e opiniões sobre as três seguintes opções: - HP Pavilion DV4 - 1130BR Core 2 Duo T5800 (2.0 Ghz) 2GB RAM 160GB - Philips 13NB8602 Core 2 Duo T8300 (2,4 Ghz) 2GB RAM 250GB - Dell vostro 1310 Desde já agradeço a ajuda de todos!
  10. José Melo, Mais uma vez fico agradecido, o procedimento para o firewall funcionou! Um abraço, Marcelo
  11. Olá, agradeço a sugestão e realizarei o procedimento. Gostaria que visses a foto do meu utilitário de inicialização do sistema. Consta uma linha referente a um tal de dumprep 0 -u. Eu desabilito ele some da listagem e reaparece na próxima inicialização. Estou desconfiado que possa ser algo. Agradecido, Marcelo
  12. Sim. Quando tento habilitar o firewall aparece a mensagem "devido a um problema não identificado, o Windows não pode exibir as configurações do Firewall do Windos".
  13. Agradeço a tua atencão José Melo, Depois que escrevi consegui o spyware doctor e ele identificou diversos trojans. Depois disto o AVG identificou este que você. achou (Generic2.FBV) e também o Proxy. HKQ. Mesmo assim eliminei este linha do registro e abaixo segue o novo logfile. Aparentemente o problema foi sanado, ficaram apenas os resultados da infecção, ou seja, um problema com o Winlogon.exe, que impede o desligamento normal do PC e também o firewall do windows xp que não permite mais ser habilitado. Abraços, agradecido, Marcelo Logfile of HijackThis v1.99.1 Scan saved at 19:56:55, on 20/10/06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Arquivos de programas\Spyware Doctor\sdhelp.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\slserv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Spyware Doctor\swdoctor.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe G:\PROGRAMAS DESKTOP\HijackThis.exe O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Arquivos de programas\DAP\DAPIEBar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Arquivos de programas\DAP\DAPIEBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [ASUS Probe] "C:\Program Files\ASUS\Probe\AsusProb.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [spyware Doctor] "C:\Arquivos de programas\Spyware Doctor\swdoctor.exe" /Q O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm O8 - Extra context menu item: &Pesquisa do Google - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Traduzir palavra em inglês - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Instantâneo da página em cache - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Links para esta página - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Páginas semelhantes - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161215585125 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7B39F1CB-632F-45C0-B83E-53B0B42BE605}: NameServer = 200.149.55.140 200.165.132.147 O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: ArcGIS License Manager - Unknown owner - C:\ARQUIV~1\ESRI\License\arcgis9x\lmgrd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Arquivos de programas\Spyware Doctor\sdhelp.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
  14. Prezados amigos, É a primeira vez que escrevo e desculpem-me se ignoro coisas que para muitos talvez sejam simples. Em um processo de reinstalação do windows xp deixei abertas portas que infectaram meu computador. A principio o Ad-Aware identificou e deletou o Win32.trojan.downloader. Porém o computador continuou lento e o spybot indentificou entradas de registro alteradas que desabilitaram o firewall do windows e o surfsidekick (vide imagens em anexo). As entradas são corrigidas mas elas voltam a aparecer após. Como vi que muitas mensagens orientam a passar o Hijackthis e salvar o log realizei o procedimento, que aparece abaixo. Desde já agradeço a atenção, Obrigado! Logfile of HijackThis v1.99.1 Scan saved at 11:13:11, on 19/10/06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Arquivos de programas\ElcomSoft\Distributed Password Recovery\esdprs.exe C:\WINDOWS\system32\slserv.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Outlook Express\msimn.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgwb.dat C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Marc\Desktop\HijackThis.exe O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Arquivos de programas\DAP\DAPIEBar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {33BBB14D-1E43-44BD-A9C0-067565ADBB80} - C:\WINDOWS\system32\ikilg.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Arquivos de programas\DAP\DAPIEBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll O3 - Toolbar: &Wordz - Lookup words in Dictionary or Thesauras - {4708D1EF-3800-4E4E-9948-360BA9164264} - C:\ARQUIV~1\WORDZT~1\wordz.dll O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [ASUS Probe] "C:\Program Files\ASUS\Probe\AsusProb.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm O8 - Extra context menu item: &Pesquisa do Google - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Traduzir palavra em inglês - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Instantâneo da página em cache - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Links para esta página - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Páginas semelhantes - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161215585125 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7B39F1CB-632F-45C0-B83E-53B0B42BE605}: NameServer = 200.149.55.140 200.165.132.147 O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: ArcGIS License Manager - Unknown owner - C:\ARQUIV~1\ESRI\License\arcgis9x\lmgrd.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Distributed Password Recovery Server (ElcomSoftDistributedPasswordRecoveryServer) - ElcomSoft Co. Ltd. - C:\Arquivos de programas\ElcomSoft\Distributed Password Recovery\esdprs.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Create New...

Redes-Wi-Fi-capa-3d-newsletter.png

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!