Ir ao conteúdo
  • Cadastre-se

Kokoromoe

Membros Juniores
  • Total de itens

    7
  • Registro em

  • Última visita

  • Qualificações

    N/D
  1. Desculpe ressucitar o tópico, mas...: Você possui drivers Nvidia instalados no seu pc? Possuo o mesmo problema e mesmo formatando, pude perceber que esses processos aparecem após a instalação desses drivers... Posso estar enganado, mas eu realmente não sei mais o que fazer sobre isso
  2. Na medida que o meu computador pode oferecer, já percebo uma boa melhora no desempenho do sistema. Obrigado pela assistencia! Minha preocupação é aquela janela que abriu no inicio do sistema. Parecia que algo havia se instalado ou sei lá. hehe. Bom, seguimos com a análise... Segue o log: RogueKiller V12.12.32.0 (x64) [Aug 20 2018] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 10 (10.0.17134) 64 bits version Iniciou : Modo normal Usuário : ivanhariton [Administrador] Started from : C:\Users\ivanhariton\Desktop\RogueKiller_portable64.exe Modo : Deletar -- Data : 08/24/2018 23:58:11 (Duration : 01:54:29) ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 10 ¤¤¤ [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{76CF52AF-2B2D-4999-8CE8-495187BB11CD} (C:\Program Files (x86)\B1 Free Archiver\B1Shellext64.dll) -> Deletado [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{88ABAAA6-FDA9-4DE9-8735-F540761579F4} (C:\Program Files (x86)\B1 Free Archiver\B1Shellext64.dll) -> Deletado [PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll) -> Deletado [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll) -> Deletado [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll) -> Deletado [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" [x] -> Deletado [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2328190110-3637762651-1202300007-1006\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com/ -> Substituído (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2328190110-3637762651-1202300007-1006\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com/ -> Substituído (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2328190110-3637762651-1202300007-1006\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Substituído (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2328190110-3637762651-1202300007-1006\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Substituído (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) ¤¤¤ Tarefas : 0 ¤¤¤ ¤¤¤ Arquivos : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 3 ¤¤¤ [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [facebook.com] -> Deletado [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [https://www.facebook.com/search/top/?q={searchTerms}&opensearch=1] -> Deletado [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://www.facebook.com/search/opensearch/suggestions/?q={searchTerms}] -> Deletado ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000LPVX-80V0TT0 +++++ --- User --- [MBR] 2aeedb37b2f4d053abd65bc99702dad2 [BSP] 9bdc0468494d9d5d67369feda9c963d2 : Empty MBR Code Partition table: 0 - EFI system partition | Offset (sectors): 2048 | Size: 300 MB 1 - [SYSTEM] Basic data partition | Offset (sectors): 616448 | Size: 900 MB 2 - Microsoft reserved partition | Offset (sectors): 2459648 | Size: 128 MB 3 - Basic data partition | Offset (sectors): 2721792 | Size: 190424 MB 4 - [SYSTEM] | Offset (sectors): 392710144 | Size: 350 MB 5 - Basic data partition | Offset (sectors): 393426944 | Size: 132307 MB 6 - [SYSTEM] Basic data partition | Offset (sectors): 934809600 | Size: 20490 MB 7 - | Offset (sectors): 664393728 | Size: 1 MB 8 - | Offset (sectors): 664395776 | Size: 130299 MB 9 - | Offset (sectors): 931248128 | Size: 1739 MB User = LL1 ... OK User = LL2 ... OK
  3. Um usuário comum sem conhecimento aprofundado em informática pode aprender a analisar logs de segurança como ZA-Scan etc...? Se sim, por onde eu poderia começar? Desculpe minha ignorância. Sou apenas um curioso com vontade de aprender =) Também sou paranóico por segurança e não confio mais em programas que existem por aí na internet...xD
  4. OBS: No Scan do RogueKiller, eu fechei o programa sem remover os arquivos detectados. Segue log: RogueKiller V12.12.32.0 (x64) [Aug 20 2018] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 10 (10.0.17134) 64 bits version Iniciou : Modo normal Usuário : ivanhariton [Administrador] Started from : C:\Users\ivanhariton\Desktop\RogueKiller_portable64.exe Modo : Escanear -- Data : 08/22/2018 22:45:52 (Duration : 01:29:58) ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 10 ¤¤¤ [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{76CF52AF-2B2D-4999-8CE8-495187BB11CD} (C:\Program Files (x86)\B1 Free Archiver\B1Shellext64.dll) -> Encontrado [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{88ABAAA6-FDA9-4DE9-8735-F540761579F4} (C:\Program Files (x86)\B1 Free Archiver\B1Shellext64.dll) -> Encontrado [PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll) -> Encontrado [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll) -> Encontrado [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll) -> Encontrado [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" [x] -> Encontrado [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2328190110-3637762651-1202300007-1006\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com/ -> Encontrado [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2328190110-3637762651-1202300007-1006\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com/ -> Encontrado [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2328190110-3637762651-1202300007-1006\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Encontrado [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2328190110-3637762651-1202300007-1006\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Encontrado ¤¤¤ Tarefas : 0 ¤¤¤ ¤¤¤ Arquivos : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 3 ¤¤¤ [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [facebook.com] -> Encontrado [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [https://www.facebook.com/search/top/?q={searchTerms}&opensearch=1] -> Encontrado [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://www.facebook.com/search/opensearch/suggestions/?q={searchTerms}] -> Encontrado ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000LPVX-80V0TT0 +++++ --- User --- [MBR] 2aeedb37b2f4d053abd65bc99702dad2 [BSP] 9bdc0468494d9d5d67369feda9c963d2 : Empty MBR Code Partition table: 0 - EFI system partition | Offset (sectors): 2048 | Size: 300 MB 1 - [SYSTEM] Basic data partition | Offset (sectors): 616448 | Size: 900 MB 2 - Microsoft reserved partition | Offset (sectors): 2459648 | Size: 128 MB 3 - Basic data partition | Offset (sectors): 2721792 | Size: 190424 MB 4 - [SYSTEM] | Offset (sectors): 392710144 | Size: 350 MB 5 - Basic data partition | Offset (sectors): 393426944 | Size: 132307 MB 6 - [SYSTEM] Basic data partition | Offset (sectors): 934809600 | Size: 20490 MB 7 - | Offset (sectors): 664393728 | Size: 1 MB 8 - | Offset (sectors): 664395776 | Size: 130299 MB 9 - | Offset (sectors): 931248128 | Size: 1739 MB User = LL1 ... OK User = LL2 ... OK
  5. ZHPCleaner achou alguns arquivos e removeu. No log alega não ter encontrado arquivos... Espero que isso seja normal. Desculpe minha falta de atenção. Segue os logos: Malwarebytes: Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 19/08/2018 Hora da análise: 19:37 Arquivo de registro: 8217ab54-a400-11e8-b0e8-d850e6eb5f7f.json -Informação do software- Versão: 3.5.1.2522 Versão de componentes: 1.0.421 Versão do pacote de definições: 1.0.6411 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 10 (Build 17134.228) CPU: x64 Sistema de arquivos: NTFS Usuário: IVAN\ivanhariton -Resumo da análise- Tipo de análise: Análise Customizada Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 367036 Ameaças detectadas: 0 Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 5 hr, 53 min, 34 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 0 (Nenhum item malicioso detectado) Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) --------------------------------------------------------------------------------------------------------------------------- AdwCleaner[C00]: # ------------------------------- # Malwarebytes AdwCleaner 7.2.1.0 # ------------------------------- # Build: 06-26-2018 # Database: 2018-08-20.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-20-2018 # Duration: 00:01:17 # OS: Windows 10 Home Single Language # Cleaned: 51 # Failed: 1 ***** [ Services ] ***** Deleted WtuSystemSupport Deleted YSearchUtilSvc ***** [ Folders ] ***** Deleted C:\ProgramData\AVG_UPDATE_1215AV Deleted C:\ProgramData\AVG_UPDATE_0316AV Deleted C:\ProgramData\AVG_UPDATE_0215TB Deleted C:\ProgramData\IObit\Advanced SystemCare V8 Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare V8 Deleted C:\ProgramData\IObit\ASCDownloader Deleted C:\Program Files (x86)\Yahoo!\yset Deleted C:\ProgramData\avg web tuneup Deleted C:\Program Files\avg web tuneup Deleted C:\Program Files (x86)\avg web tuneup Deleted C:\Users\ivanhariton\AppData\Local\avg web tuneup Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil Deleted C:\Users\ivanhariton\AppData\Local\YSearchUtil Deleted C:\ProgramData\AVG Security Toolbar Deleted C:\ProgramData\AVG Secure Search Deleted C:\Program Files\Common Files\AVG Secure Search Deleted C:\Program Files (x86)\Common Files\AVG Secure Search Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver Deleted C:\Program Files (x86)\B1 Free Archiver Deleted C:\Users\ivanhariton\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp Deleted C:\ProgramData\apn ***** [ Files ] ***** Deleted C:\Users\ivanhariton\AppData\Roaming\Mozilla\Firefox\Profiles\uz3i2m4l.default\searchplugins\avg-secure-search.xml ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\0316AVUPDATEINFO Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler ***** [ Registry ] ***** Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE3198B8-BF80-4719-A32C-BCC691732297} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE3198B8-BF80-4719-A32C-BCC691732297} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0316avUpdateInfo Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector Deleted HKLM\Software\Wow6432Node\IOBIT\ASC Deleted HKLM\Software\Wow6432Node\AVG Tuneup Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet Deleted HKCU\Software\b1.org Deleted HKLM\Software\Wow6432Node\b1.org Deleted HKLM\Software\b1.org Deleted HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7} Deleted HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Deleted HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Deleted HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD94F9EF-3B7E-48DE-862B-D218B371C311} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted Ask Brasil ***** [ Firefox (and derivatives) ] ***** Deleted Search and New Tab by Yahoo Deleted AVG Web TuneUp ***** [ Firefox URLs ] ***** Not Deleted mysearch.avg.com ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [5544 octets] - [20/08/2018 16:44:54] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ---------------------------------------------------------------------------------------------------------------------------- Adwcleaner[S00] # ------------------------------- # Malwarebytes AdwCleaner 7.2.1.0 # ------------------------------- # Build: 06-26-2018 # Database: 2018-08-20.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 08-20-2018 # Duration: 00:01:28 # OS: Windows 10 Home Single Language # Scanned: 41517 # Detected: 52 ***** [ Services ] ***** PUP.Optional.Legacy WtuSystemSupport PUP.Optional.Legacy YSearchUtilSvc ***** [ Folders ] ***** PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_1215AV PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0316AV PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0215TB PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare V8 PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare V8 PUP.Optional.Legacy C:\ProgramData\IObit\ASCDownloader PUP.Optional.Legacy C:\Program Files (x86)\Yahoo!\yset PUP.Optional.Legacy C:\ProgramData\avg web tuneup PUP.Optional.Legacy C:\Program Files\avg web tuneup PUP.Optional.Legacy C:\Program Files (x86)\avg web tuneup PUP.Optional.Legacy C:\Users\ivanhariton\AppData\Local\avg web tuneup PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil PUP.Optional.Legacy C:\Users\ivanhariton\AppData\Local\YSearchUtil PUP.Optional.Legacy C:\ProgramData\AVG Security Toolbar PUP.Optional.Legacy C:\ProgramData\AVG Secure Search PUP.Optional.Legacy C:\Program Files\Common Files\AVG Secure Search PUP.Optional.Legacy C:\Program Files (x86)\Common Files\AVG Secure Search PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver PUP.Optional.Legacy C:\Program Files (x86)\B1 Free Archiver PUP.Optional.MYPCTuneUp C:\Users\ivanhariton\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp Rogue.ForcedExtension C:\ProgramData\apn ***** [ Files ] ***** PUP.Optional.Legacy C:\Users\ivanhariton\AppData\Roaming\Mozilla\Firefox\Profiles\uz3i2m4l.default\searchplugins\avg-secure-search.xml ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Adware.Heuristic C:\Windows\System32\Tasks\0316AVUPDATEINFO PUP.Optional.Legacy C:\Windows\System32\Tasks\Driver Booster Scheduler ***** [ Registry ] ***** PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE3198B8-BF80-4719-A32C-BCC691732297} PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE3198B8-BF80-4719-A32C-BCC691732297} PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0316avUpdateInfo PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC PUP.Optional.Legacy HKLM\Software\Wow6432Node\AVG Tuneup PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet PUP.Optional.Legacy HKCU\Software\b1.org PUP.Optional.Legacy HKLM\Software\Wow6432Node\b1.org PUP.Optional.Legacy HKLM\Software\b1.org PUP.Optional.Legacy HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD94F9EF-3B7E-48DE-862B-D218B371C311} PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** PUP.Optional.Legacy Ask Brasil ***** [ Firefox (and derivatives) ] ***** PUP.Optional.Legacy Search and New Tab by Yahoo PUP.Optional.Legacy AVG Web TuneUp ***** [ Firefox URLs ] ***** PUP.Optional.Legacy mysearch.avg.com ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## --------------------------------------------------------------------------------------------------------------------------- ZHPCleaner: ~ ZHPCleaner v2018.8.20.163 by Nicolas Coolman (2018/08/20) ~ Run by ivanhariton (Administrator) (20/08/2018 17:20:27) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\ivanhariton\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\ivanhariton\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home Single Language, 64-bit (Build 17134) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (24) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (2) MOVED file: C:\Users\ivanhariton\Downloads\uTorrent.exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P) MOVED folder: C:\Program Files (x86)\Prolific =>.SUP.Empty ---\\ Registry ( Key, Value, Data) (4) DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c6cb334c-ce9e-4d05-a6b6-a377d7f22946}\\DhcpNameServer [Bad : 200.144.93.246 200.144.93.247] =>Hijacker.Browser DELETED key*: [X64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi [ScriptHelperApi Class] =>Toolbar.Agent DELETED key*: [X64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 [ScriptHelperApi Class] =>Toolbar.Agent DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\B1FreeArchiver [Catalina Group Ltd] =>.SUP.CatalinaMarketing ---\\ Summary of the elements found (5) https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>Toolbar.Agent https://nicolascoolman.eu/2017/09/16/sup-catalinamarketing/ =>.SUP.CatalinaMarketing ---\\ Other deletions. (5) ~ Registry Keys Tracing deleted (5) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 811 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 0/7 ~ Space saving (bytes) : 0 ~ End of clean in 00h13mn04s ---\\ Reports (2) ZHPCleaner--20082018-17_16_37.txt ZHPCleaner-[R]-20082018-17_33_31.txt
  6. Obrigado pela assistencia, Elias. Na verificação do AdwCleaner, foi gerado 2 logs. Por esse motivo decidi upa-los para não haver duvidas na análise. Já na verificação do ZHPCleaner, foi aberto uma janela perguntando se eu conhecia um "server"com numero de ip na qual eu não anotei. Cliquei em "não" na janela e a exclusão prosseguiu. segue os logs: malwarebytes.txt AdwCleaner[S00].txt AdwCleaner[C00].txt ZHPCleaner.txt
  7. Telas do prompt de comando abrindo na inicialização do sistema. Pc travando eventualmente... ZA-Scan.txt

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×