Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo

turca

Participante
  • Postagens

    294
  • Desde

  • Última visita

Mídias Sociais

1 Seguidor

Perfil

  • Estado
    Mato Grosso
  • Sexo
    masculino
  • Escolaridade
    2º grau incompleto
  • Área Profissional
    Telecomunicações
  • Nível Profissional
    Autônomo

Últimos Visitantes

4.606 visualizações
  1. ok, obrigado, mas se eu fizer isso perco um programa de mais de 30 gigas e nao posso reinstalar no momento. Vou ver o que faço obrigado
  2. Foi feito limpeza pelo baboo, mas logo apos programas detectaram virus, podem me ajudar Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:53:39, on 02/06/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19355) Boot mode: Normal Running processes: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Users\TURCA\Desktop\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Serviço do CryptoTab Update (cryptobrowser) (cryptobrowser) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe O23 - Service: Serviço do CryptoTab Update (cryptobrowserm) (cryptobrowserm) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KingoSoftService - Unknown owner - C:\Users\TURCA\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Panda VPN Service - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7827 bytes
  3. Malwarebytes ainda encotra virus estranho
  4. C:\Program Files (x86)\iRoot\1.8.9.21144\AppCool.apk a variant of Android/Spy.Agent.BN trojan deleted C:\Program Files (x86)\iRoot\1.8.9.21144\CleanMaster.apk a variant of Android/DroidRooter.AC potentially unsafe application deleted C:\Program Files (x86)\iRoot\1.8.9.21144\kinguser.zip a variant of Android/DroidRooter.AG potentially unsafe application deleted C:\Program Files (x86)\iRoot\1.8.9.21144\Superuser.apk a variant of Android/DroidRooter.AC potentially unsafe application deleted C:\Users\TURCA\AppData\Local\Temp\{18A721E4-9404-48E6-9567-0BAD2D5DBC23}.exe Win32/Visicom.C potentially unwanted application deleted C:\Users\TURCA\AppData\Roaming\mgyun\VRoot\RomMaster_Setup.exe multiple threats cleaned by deleting C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe Win32/OpenCandy.J potentially unsafe application deleted C:\Users\TURCA\AppData\Roaming\uTorrent\updates\3.5.5_45225.exe Win32/OpenCandy.J potentially unsafe application deleted D:\BOX\EMMC\emmc dongle Ver 1.0.3 Crackd.rar multiple threats deleted D:\BOX\ROOT\free-download-rootkhp-pro--manualroot.exe a variant of Win32/Kryptik.GNEP trojan cleaned by deleting D:\BOX\ROOT\iRoot_1.8.9.21144_cid1005.exe multiple threats cleaned by deleting D:\BOX\ROOT\iRoot_171024.zip multiple threats deleted D:\BOX\ROOT\KingoRoot.exe Win32/InstallCore.AYH potentially unwanted application cleaned by deleting D:\BOX\ROOT\RootGenius.exe a variant of Win32/RootGenius.B potentially unsafe application cleaned by deleting D:\BOX\ROOT\vroot-download.zip multiple threats deleted D:\TURCATTO\13-05-2019\Download\Não confirmado 354759.crdownload a variant of Android/Hiddad.SL trojan deleted
  5. Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 27/05/2019 Hora da análise: 22:11 Arquivo de registro: ed9479f0-80ed-11e9-b828-14dae9bc5ab7.json -Informação do software- Versão: 3.7.1.2839 Versão de componentes: 1.0.586 Versão do pacote de definições: 1.0.10792 Licença: Gratuita -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: TURCA-PC\TURCA -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 246663 Ameaças detectadas: 173 Ameaças em quarentena: 166 Tempo decorrido: 5 min, 18 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 14 Adware.SmartApplicationController.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CheckControllerUpdatesUA, Quarentena, [5477], [470279],1.0.10792 Adware.SmartApplicationController.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{85E62323-105E-44B5-9B1D-2F45291F391D}, Quarentena, [5477], [470279],1.0.10792 Adware.SmartApplicationController.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{85E62323-105E-44B5-9B1D-2F45291F391D}, Quarentena, [5477], [470279],1.0.10792 Adware.SmartApplicationController.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CheckControllerUpdatesUA, Quarentena, [5477], [-1],0.0.0 Adware.SmartApplicationController.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85E62323-105E-44B5-9B1D-2F45291F391D}, Quarentena, [5477], [-1],0.0.0 Adware.SmartApplicationController.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85E62323-105E-44B5-9B1D-2F45291F391D}, Quarentena, [5477], [-1],0.0.0 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\beliehdniadoecbonbhlcgbdldccfigp, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iepoegkaoeljnbhagabakjodgpfniimo, Quarentena, [247], [655213],1.0.10792 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\LOW RIGHTS\ELEVATIONPOLICY\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}, Quarentena, [247], [471429],1.0.10792 PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\ru.mail.go.ext_info_host, Quarentena, [247], [485554],1.0.10792 PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}, Quarentena, [247], [382913],1.0.10792 PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarentena, [319], [351113],1.0.10792 PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarentena, [319], [351113],1.0.10792 PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarentena, [319], [351113],1.0.10792 Valor de registro: 8 PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|BELIEHDNIADOECBONBHLCGBDLDCCFIGP, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|IEPOEGKAOELJNBHAGABAKJODGPFNIIMO, Quarentena, [247], [655213],1.0.10792 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\LOW RIGHTS\ELEVATIONPOLICY\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}|APPPATH, Quarentena, [247], [471429],1.0.10792 PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|URL, Quarentena, [247], [382913],1.0.10792 PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|FAVICONURLFALLBACK, Quarentena, [247], [382913],1.0.10792 PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|SUGGESTIONSURL, Quarentena, [247], [382913],1.0.10792 Adware.Yelloader, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\RUN|VIEW, Quarentena, [2599], [593743],1.0.10792 PUP.Optional.HandyTab, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ichlgjlpcclmlojahkhhbgmklkphcgll, Falha ao remover, [226], [617104],1.0.10792 Dados de registro: 1 Adware.MailRu.BatBitRst, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|START PAGE, Substituído, [330], [481471],1.0.10792 Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 29 Adware.SmartApplicationController, C:\USERS\TURCA\APPDATA\ROAMING\SMART APPLICATION CONTROLLER, Quarentena, [4278], [470282],1.0.10792 PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon, Quarentena, [4621], [509531],1.0.10792 PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js, Quarentena, [4621], [509531],1.0.10792 PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0, Quarentena, [4621], [509531],1.0.10792 PUP.Optional.SystemTable.Generic, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\SYSTEMTABLE, Quarentena, [4621], [509531],1.0.10792 Adware.SmartApplicationController.TskLnk, C:\PROGRAM FILES (X86)\SMART APPLICATION CONTROLLER, Quarentena, [5477], [470279],1.0.10792 Adware.SmartApplicationController, C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\PROGRAMS\SMART APPLICATION CONTROLLER, Quarentena, [4278], [471427],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_locales\en, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_locales\ru, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\img, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\icons, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_metadata, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_locales, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\BELIEHDNIADOECBONBHLCGBDLDCCFIGP, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\_metadata, Quarentena, [247], [655213],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0, Quarentena, [247], [655213],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\IEPOEGKAOELJNBHAGABAKJODGPFNIIMO, Quarentena, [247], [655213],1.0.10792 PUP.Optional.MailRu, C:\PROGRAM FILES (X86)\MAIL.RU, Quarentena, [247], [384138],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\_metadata, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\js, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll, Falha ao remover, [226], [617104],1.0.10792 Arquivo: 121 Adware.SmartApplicationController, C:\USERS\TURCA\APPDATA\ROAMING\SMART APPLICATION CONTROLLER\SETTINGS.INI, Quarentena, [4278], [470282],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\FAVORITES\Mail.Ru.url, Quarentena, [247], [471428],1.0.10792 PUP.Optional.SystemTable.Generic, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\SYSTEMTABLE\1.2_0\manifest.json, Quarentena, [4621], [509531],1.0.10792 PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon128.png, Quarentena, [4621], [509531],1.0.10792 PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon16.png, Quarentena, [4621], [509531],1.0.10792 PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon24.png, Quarentena, [4621], [509531],1.0.10792 PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon32.png, Quarentena, [4621], [509531],1.0.10792 PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js\background.js, Quarentena, [4621], [509531],1.0.10792 PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js\libs.js, Quarentena, [4621], [509531],1.0.10792 Adware.SmartApplicationController.TskLnk, C:\Windows\SYSTEM32\TASKS\CheckControllerUpdatesUA, Quarentena, [5477], [470279],1.0.10792 Adware.SmartApplicationController.TskLnk, C:\PROGRAM FILES (X86)\SMART APPLICATION CONTROLLER\SMAPPSCONTROLLER.EXE, Quarentena, [5477], [470279],1.0.10792 Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\smappscontroller_update.exe, Quarentena, [5477], [470279],1.0.10792 Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\software_update.ico, Quarentena, [5477], [470279],1.0.10792 Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\unins000.dat, Quarentena, [5477], [470279],1.0.10792 Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\unins000.exe, Quarentena, [5477], [470279],1.0.10792 Adware.SmartApplicationController.TskLnk, C:\Windows\SYSTEM32\TASKS\CheckControllerUpdatesUA, Quarentena, [5477], [-1],0.0.0 Adware.SmartApplicationController, C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\PROGRAMS\SMART APPLICATION CONTROLLER\SMART APPLICATION CONTROLLER.LNK, Quarentena, [4278], [471427],1.0.10792 Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [330], [-1],0.0.0 Adware.MailRu.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [330], [-1],0.0.0 Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [330], [-1],0.0.0 Adware.MailRu.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [330], [-1],0.0.0 Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [330], [-1],0.0.0 Adware.MailRu.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [330], [-1],0.0.0 Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [330], [-1],0.0.0 Adware.MailRu.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [330], [-1],0.0.0 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\img\loaded-empty.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources\currency-arrow-dark-up.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources\currency-arrow-light-down.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources\currency-arrow-light-up.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources\drag-arrows.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources\search-cancel-button.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\add-128.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\add-16.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\add-32.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\add-48.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\added-128.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\added-16.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\added-32.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\added-48.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\disabled-128.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\disabled-16.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\disabled-32.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\disabled-48.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\icons\icon-128.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\icons\icon-16.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\icons\icon-32.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\icons\icon-48.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\black-cross.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\spinner.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\trash.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\white-cross.png, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_locales\en\messages.json, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_locales\ru\messages.json, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_metadata\verified_contents.json, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\page-script.js, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\app.bundle.css, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\app.bundle.js, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\background.bundle.css, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\background.bundle.js, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\background.html, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\context_mailru-plugin.js, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\manifest.json, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\page-script.css, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\prerender.js, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\vendors~app.bundle.css, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\vendors~app.bundle.js, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\vendors~app.bundle~background.bundle.css, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\vendors~app.bundle~background.bundle.js, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\vendors~background.bundle.js, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\visual-bookmarks.html, Quarentena, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [247], [678404],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\_metadata\computed_hashes.json, Quarentena, [247], [655213],1.0.10792 PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\_metadata\verified_contents.json, Quarentena, [247], [655213],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [247], [655213],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [247], [655213],1.0.10792 Adware.MailRu.BatBitRst, C:\USERS\TURCA\DESKTOP\Искать в Интернете.URL, Quarentena, [330], [481462],1.0.10792 Adware.MailRu.BatBitRst, C:\USERS\TURCA\FAVORITES\Искать в Интернете.URL, Quarentena, [330], [648495],1.0.10792 Adware.IStartSurf, C:\USERS\TURCA\APPDATA\ROAMING\Microsoft\Windows\Recent\free-download-rootkhp-pro--manualroot.lnk, Quarentena, [533], [633882],1.0.10792 Adware.IStartSurf, D:\BOX\ROOT\FREE-DOWNLOAD-ROOTKHP-PRO--MANUALROOT.ZIP, Quarentena, [533], [633882],1.0.10792 Trojan.Yelloader, C:\USERS\TURCA\APPDATA\ROAMING\ZHP\QUARANTINE\VIEW.DIR\VIEWU.EXE, Quarentena, [2742], [682335],1.0.10792 Trojan.Yelloader, C:\USERS\TURCA\APPDATA\ROAMING\ZHP\QUARANTINE\VIEW.DIR\VIEW.EXE, Quarentena, [2742], [640258],1.0.10792 Trojan.Yelloader, C:\USERS\TURCA\APPDATA\ROAMING\ZHP\QUARANTINE\VIEW.EXE, Quarentena, [2742], [640258],1.0.10792 MachineLearning/Anomalous.100%, C:\USERS\TURCA\Desktop\ZHPCleaner.lnk, Quarentena, [0], [392687],1.0.10792 MachineLearning/Anomalous.100%, C:\USERS\TURCA\APPDATA\ROAMING\ZHP\ZHPCLEANER.EXE, Quarentena, [0], [392687],1.0.10792 Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\SMART APPLICATION CONTROLLER\SMAPPSCONTROLLER_UPDATE.EXE, Quarentena, [0], [392686],1.0.10792 Adware.SmartApplicationController, C:\USERS\TURCA\APPDATA\LOCAL\TEMP\8A09A390-5BE7-4663-9878-DC30B620AE04\8A09A390-5BE7-4663-9878-DC30B620AE04.EXE, Quarentena, [4278], [470278],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\TEMP\A11211F3-5B4E-4085-AA8D-2F99D8082CFE\A11211F3-5B4E-4085-AA8D-2F99D8082CFE.EXE, Quarentena, [247], [609065],1.0.10792 Generic.Malware/Suspicious, C:\USERS\TURCA\APPDATA\LOCAL\TEMP\05E16A10-C311-4E54-8688-DE26372CA985\05E16A10-C311-4E54-8688-DE26372CA985.EXE, Quarentena, [0], [392686],1.0.10792 Adware.ExtenBro.Generic, C:\USERS\TURCA\APPDATA\LOCAL\TEMP\E12ACB53-FF66-4CCF-B740-82F39D1ED6AC\E12ACB53-FF66-4CCF-B740-82F39D1ED6AC.EXE, Quarentena, [10440], [594856],1.0.10792 MachineLearning/Anomalous.100%, C:\USERS\TURCA\DESKTOP\ZHPCLEANER.EXE, Quarentena, [0], [392687],1.0.10792 Adware.MailRu.BatBitRst, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [330], [481467],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\js\background.js, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\_metadata\computed_hashes.json, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\_metadata\verified_contents.json, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\handy-tab_icon-16px.png, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\handy-tab_icon-256px.png, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\handy-tab_icon-32px.png, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\handy-tab_icon-96px.png, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\icon_default.png, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\manifest.json, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\000003.log, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\CURRENT, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOCK, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOG, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOG.old, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\MANIFEST-000001, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\000003.log, Falha ao remover, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\CURRENT, Falha ao remover, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOCK, Falha ao remover, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOG, Falha ao remover, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOG.old, Quarentena, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\MANIFEST-000001, Falha ao remover, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [226], [617104],1.0.10792 PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [226], [617104],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [247], [454830],1.0.10792 PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [226], [617104],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [247], [454830],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Substituído, [247], [454830],1.0.10792 PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Substituído, [247], [454830],1.0.10792 Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:26:13, on 27/05/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19355) Boot mode: Normal Running processes: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Users\TURCA\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_2B0C6B675BCD835F78CFFB4009EC0474] "C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Serviço do CryptoTab Update (cryptobrowser) (cryptobrowser) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe O23 - Service: Serviço do CryptoTab Update (cryptobrowserm) (cryptobrowserm) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KingoSoftService - Unknown owner - C:\Users\TURCA\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Panda VPN Service - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8069 bytes
  6. ~ ZHPCleaner v2019.5.27.72 by Nicolas Coolman (2019/05/27) ~ Run by TURCA (Administrator) (27/05/2019 15:04:15) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) FOUND data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\webcompanion.com\\http [Bad : Sensitive Websites] =>PUP.Optional.LavasoftWebCompanion ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (96) FOUND file: C:\Users\TURCA\Desktop\µTorrent.lnk [Bad : C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) FOUND file: C:\Users\TURCA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) FOUND folder: C:\Users\TURCA\AppData\Roaming\view =>Adware.Razy FOUND file: C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P) FOUND file: C:\Users\TURCA\Desktop\µTorrent.lnk =>BitTorrent (P2P) FOUND file: C:\Users\TURCA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk =>BitTorrent (P2P) FOUND file: C:\Windows\Temp\QRemover.exe [ - QRemover MFC Application] =>Heuristic.Suspect FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI13C1.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI15D1.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI1832.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI1FD4.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI21F1.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI2A89.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI31D8.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI3840.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI4143.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI427B.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI4DA2.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI54C3.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI54E5.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI5CA.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI650C.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI6586.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI65B4.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI6931.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI69CE.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI6A7A.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI7E43.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI7F8D.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI80B.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI84D8.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI8891.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI8AF3.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI928E.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI931B.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI95CC.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI960B.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI962C.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI9A2C.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIA1DA.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIA268.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIA41C.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIAA33.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIC3DA.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIC94C.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIDE3D.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIE0BE.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIE14C.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIE908.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIEB96.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIF097.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIF72A.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\romaster_default-large.png =>.SUP.Temporary.Picture FOUND file: C:\Users\TURCA\AppData\Local\Temp\~DF70C03966B6AB440D.TMP =>.SUP.Temporary.Other FOUND file: C:\Users\TURCA\AppData\Local\Temp\~DF7BC06D5023B05D18.TMP =>.SUP.Temporary.Other FOUND folder: C:\Program Files (x86)\Common Files\Tencent\QQDownload =>.SUP.Tencent FOUND folder: C:\Program Files (x86)\Common Files\Tencent =>.SUP.Tencent FOUND folder: C:\ProgramData\Tencent\Desktop =>.SUP.Tencent FOUND folder: C:\ProgramData\Tencent\QQDownload =>.SUP.Tencent FOUND folder: C:\ProgramData\Tencent =>.SUP.Tencent FOUND folder: C:\Users\TURCA\AppData\Roaming\Tencent\DeskUpdate =>.SUP.Tencent FOUND folder: C:\Users\TURCA\AppData\Roaming\Tencent\QQDownload =>.SUP.Tencent FOUND folder: C:\Users\TURCA\AppData\Roaming\Tencent\Tencentdl =>.SUP.Tencent FOUND folder: C:\Users\TURCA\AppData\Roaming\Tencent =>.SUP.Tencent FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir2728_25355 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir2944_30552 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3464_19913 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3580_27266 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3764_16764 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3828_4495 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir4184_15869 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir4932_26192 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir5280_31040 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir6472_22023 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir7760_15657 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir8120_2603 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir9072_983 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir9524_24048 =>.SUP.Temporary.Steam FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\002 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\003 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\004 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\006 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\007 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\009 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\010 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\014 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\015 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\016 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\017 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\018 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\019 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\020 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\view =>Adware.Razy FOUND file: C:\program files (x86)\common files\Tencent\qqdownload\135\tencentdl.exe [Tencent - 腾讯高速下载引擎] =>.SUP.Tencent ---\\ Registry ( Key, Value, Data) (12) FOUND value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_2B0C6B675BCD835F78CFFB4009EC0474 ["C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5] =>PUP.Optional.MyBrowser FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P) FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\view [GoldDay Corp] =>Adware.Razy FOUND key: [X64] HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman] =>PUP.Optional.Camec FOUND key: [X64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO [Search@Mail.Ru] =>Adware.RussAd FOUND key: [X64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1 [Search@Mail.Ru] =>Adware.RussAd FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman] =>PUP.Optional.Camec FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tencentdl_RASAPI32 [] =>.SUP.Tencent FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A6AE177E-D46B-4463-AA69-B9F818E0DC4A}_is1 [Smart Application Controller] =>.SUP.SmartApps FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [CRYPTOCOMPANY] =>Heuristic.Suspect FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{63C29816-8642-471B-BE7E-648448C992FF} [C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe] =>.SUP.Tencent FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{6D77F7A6-74E5-4804-8066-0AAC5966265D} [C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe] =>.SUP.Tencent ---\\ Summary of the elements found (14) https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://www.anti-malware.top/2016/11/04/adware-razy/ =>Adware.Razy https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Picture https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Other https://nicolascoolman.eu/2017/02/23/tencentadressbar/ =>.SUP.Tencent https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Steam https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Camec https://nicolascoolman.eu/2017/11/29/adware-russad/ =>Adware.RussAd https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.SmartApps ---\\ Result of repair ~ Any repair made ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 63578 ~ Items found : 159 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 483960 ~ End of search in 00h05mn52s ---\\ Reports (3) ZHPCleaner-[R]-02052019-12_25_17.txt ZHPCleaner--02052019-12_23_40.txt ZHPCleaner--27052019-15_10_07.txt ~ ZHPCleaner v2019.5.27.72 by Nicolas Coolman (2019/05/27) ~ Run by TURCA (Administrator) (27/05/2019 17:54:28) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\webcompanion.com\\http [Bad : Sensitive Websites] =>PUP.Optional.LavasoftWebCompanion ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (87) MOVED file: C:\Users\TURCA\Desktop\µTorrent.lnk [Bad : C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\TURCA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Windows\Temp\QRemover.exe [ - QRemover MFC Application] =>Heuristic.Suspect MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI13C1.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI15D1.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI1832.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI1FD4.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI21F1.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI2A89.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI31D8.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI3840.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI4143.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI427B.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI4DA2.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI54C3.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI54E5.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI5CA.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI650C.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI6586.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI65B4.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI6931.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI69CE.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI6A7A.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI7E43.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI7F8D.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI80B.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI84D8.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI8891.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI8AF3.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI928E.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI931B.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI95CC.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI960B.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI962C.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI9A2C.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIA1DA.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIA268.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIA41C.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIAA33.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIC3DA.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIC94C.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIDE3D.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIE0BE.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIE14C.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIE908.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIEB96.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIF097.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIF72A.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\TURCA\AppData\Local\Temp\romaster_default-large.png =>.SUP.Temporary.Picture MOVED file: C:\Users\TURCA\AppData\Local\Temp\~DF70C03966B6AB440D.TMP =>.SUP.Temporary.Other MOVED file: C:\Users\TURCA\AppData\Local\Temp\~DF7BC06D5023B05D18.TMP =>.SUP.Temporary.Other MOVED file: C:\program files (x86)\common files\Tencent\qqdownload\135\tencentdl.exe [Tencent - 腾讯高速下载引擎] =>.SUP.Tencent MOVED folder^: C:\Users\TURCA\AppData\Roaming\view =>Adware.Razy MOVED folder: C:\Program Files (x86)\Common Files\Tencent =>.SUP.Tencent MOVED folder: C:\ProgramData\Tencent =>.SUP.Tencent MOVED folder: C:\Users\TURCA\AppData\Roaming\Tencent =>.SUP.Tencent MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir2728_25355 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir2944_30552 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3464_19913 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3580_27266 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3764_16764 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3828_4495 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir4184_15869 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir4932_26192 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir5280_31040 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir6472_22023 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir7760_15657 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir8120_2603 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir9072_983 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir9524_24048 =>.SUP.Temporary.Steam MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\002 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\003 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\004 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\006 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\007 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\009 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\010 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\014 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\015 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\016 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\017 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\018 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\019 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\020 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\TURCA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\view =>Adware.Razy ---\\ Registry ( Key, Value, Data) (12) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\view [GoldDay Corp] =>Adware.Razy DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman] =>PUP.Optional.Camec DELETED key*: [X64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO [Search@Mail.Ru] =>Adware.RussAd DELETED key*: [X64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1 [Search@Mail.Ru] =>Adware.RussAd DELETED key**: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman] =>PUP.Optional.Camec DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tencentdl_RASAPI32 [] =>.SUP.Tencent DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A6AE177E-D46B-4463-AA69-B9F818E0DC4A}_is1 [Smart Application Controller] =>.SUP.SmartApps DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [CRYPTOCOMPANY] =>Heuristic.Suspect DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_2B0C6B675BCD835F78CFFB4009EC0474 ["C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5] =>PUP.Optional.MyBrowser DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{63C29816-8642-471B-BE7E-648448C992FF} [C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe] =>.SUP.Tencent DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{6D77F7A6-74E5-4804-8066-0AAC5966265D} [C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe] =>.SUP.Tencent ---\\ Summary of the elements found (14) https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Picture https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Other https://nicolascoolman.eu/2017/02/23/tencentadressbar/ =>.SUP.Tencent https://www.anti-malware.top/2016/11/04/adware-razy/ =>Adware.Razy https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Steam https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Camec https://nicolascoolman.eu/2017/11/29/adware-russad/ =>Adware.RussAd https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.SmartApps https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser ---\\ Other deletions. (10) ~ Registry Keys Tracing deleted (8) ~ Remove the old reports ZHPCleaner. (2) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 474 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 483960 ~ End of clean in 00h00mn34s ---\\ Reports (2) ZHPCleaner--27052019-15_10_07.txt ZHPCleaner-[R]-27052019-17_55_02.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:24:29, on 27/05/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19355) Boot mode: Normal Running processes: C:\Users\TURCA\AppData\Local\Mail.Ru\MailRuUpdater.exe C:\Program Files (x86)\Marcos Velasco Security\MV Defrag 1.9\MVDEFRAG.EXE C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Users\TURCA\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.ru/cnt/10445?gp=834423 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\TURCA\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll O4 - HKLM\..\Run: [CryptoTab Browser] C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [MailRuUpdater] C:\Users\TURCA\AppData\Local\Mail.Ru\MailRuUpdater.exe O4 - HKCU\..\Run: [view] C:\Users\TURCA\AppData\Roaming\view\viewU.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_2B0C6B675BCD835F78CFFB4009EC0474] "C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Serviço do CryptoTab Update (cryptobrowser) (cryptobrowser) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe O23 - Service: Serviço do CryptoTab Update (cryptobrowserm) (cryptobrowserm) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KingoSoftService - Unknown owner - C:\Users\TURCA\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mail.Ru Update Service (mrupdsrv) - Mail.Ru - C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater.Mail.Ru - Mail.Ru - C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8426 bytes
  7. turca

    PC travando demais

    PC esta travando muito, abrindo coisas e icones estranhos na tela Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:48:31, on 27/05/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19355) Boot mode: Normal Running processes: C:\Users\TURCA\AppData\Local\Mail.Ru\MailRuUpdater.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Users\TURCA\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.ru/cnt/10445?gp=834423 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\TURCA\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll O4 - HKLM\..\Run: [CryptoTab Browser] C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_2B0C6B675BCD835F78CFFB4009EC0474] "C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKCU\..\Run: [MailRuUpdater] C:\Users\TURCA\AppData\Local\Mail.Ru\MailRuUpdater.exe O4 - HKCU\..\Run: [view] C:\Users\TURCA\AppData\Roaming\view\viewU.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248286\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248286\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406111\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406111\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248384\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248384\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406190\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406190\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248466\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP (User '?') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406366\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP (User '?') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248910\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248910\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406838\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406838\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Serviço do CryptoTab Update (cryptobrowser) (cryptobrowser) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe O23 - Service: Serviço do CryptoTab Update (cryptobrowserm) (cryptobrowserm) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KingoSoftService - Unknown owner - C:\Users\TURCA\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mail.Ru Update Service (mrupdsrv) - Mail.Ru - C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater.Mail.Ru - Mail.Ru - C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10753 bytes
  8. Obrigado, acredito em você, mas é que pesquisamos na net e falam que é tipo virus isso do aliexpress, mas obrigado, mas agora analisando no Internet Explorer abrindo as mesmas paginas no link nao fica best, somente no google chrome, não é estranho?
  9. C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00084b Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting D:\BOX\IMEI Cleaner\Demo.zip a variant of Win32/Packed.NoobyProtect.S suspicious application deleted D:\BOX\IMEI Cleaner\Demo\IMEI Cleaner Demo.exe a variant of Win32/Packed.NoobyProtect.S suspicious application cleaned by deleting D:\BOX\IPOWER X\FILE_21D167-B2EB69-38C88F-7706EE-7F9A78-BC82CE.rar a variant of Win32/Packed.VMProtect.AB trojan deleted D:\BOX\IPOWER X\iREWORK_&_iPOWER_X_V3.0_EN_Installer.exe a variant of Win32/Packed.VMProtect.AB trojan cleaned by deleting D:\BOX\IPOWER X\iREWORK_&_iPOWER_X_V3.0_EN_Installer.rar a variant of Win32/Packed.VMProtect.AB trojan deleted D:\BOX\IPOWER X\IRW_CN.exe a variant of Win32/Packed.VMProtect.AB trojan cleaned by deleting D:\BOX\IPOWER X\IRW_EN.exe a variant of Win32/Packed.VMProtect.AB trojan cleaned by deleting D:\BOX\IPOWER X\IRW_V3.1.rar a variant of Win32/Packed.VMProtect.AB trojan deleted D:\BOX\RIFFBOX\RiffBoxDealerAdminClient_1.08_8080.exe Win32/Virut.NBP virus cleaned D:\BOX\VOLCANO\VolcanoUtility_v2.8.3_Volcano Yellowstone.rar multiple threats deleted D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module.rar a variant of Win32/Packed.VMProtect.ABO trojan deleted D:\BOX\VOLCANO\VolcanoUtility_v3.1.0_Volcano Module.rar a variant of Win32/Packed.VMProtect.ABO trojan deleted D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\VolcanoTool.exe a variant of Win32/Packed.VMProtect.ABO trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\VolcanoUtility.exe a variant of Win32/Packed.VMProtect.ABO trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin\FlashTool.exe a variant of Win32/Packed.Themida.CSH trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin\HTCCALC.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin\XESevice.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin2\FlashTool.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin3\MtkAndroid.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin4\android_mtk.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin6\FlashTool.exe a variant of Win32/Packed.Themida.CSH trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin8\SamsungModule.exe a variant of Win32/Packed.VMProtect.ABO trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\rootfiles\Superuser.apk Android/Spy.Agent.BK trojan deleted D:\PROGRAMAS PC\dfsetup222.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting D:\PROGRAMAS PC\driver_booster_setup.exe a variant of Win32/IObit.U potentially unwanted application cleaned by deleting D:\PROGRAMAS PC\Sketchup+Pro+2016+++Crack[filewarez.tv].rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted D:\PROGRAMAS PC\DRIVER PC\driverdr_for_tl-wn321g_100324.exe a variant of MSIL/DriverNavigator.A potentially unwanted application cleaned by deleting D:\PROGRAMAS PC\REPARO REGISTRO\ccsetup556.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting D:\PROGRAMAS PC\REPARO REGISTRO\delfix_1.010.exe Win32/Virut.NBP virus cleaned D:\PROGRAMAS PC\REPARO REGISTRO\FRST.exe Win32/Virut.NBP virus cleaned D:\TABLET\Android Multi Tools v1.02b AzimBahar\Android Multi Tools v1.02b Azim Bahar.exe Win32/Virut.NBP virus cleaned D:\TABLET\Android Multi Tools v1.02b AzimBahar\fastboot.exe Win32/Virut.NBP virus cleaned D:\TABLET\ORANGE\TB755+\PhoenixCard_V3.0.9_20121211\PhoenixCard.exe Win32/Virut.NBP virus cleaned D:\TABLET\ORANGE\TB755+\PhoenixCard_V3.0.9_20121211\UpdateVer.exe Win32/Virut.NBP virus cleaned D:\TURCATTO\10-09-18\Download\DriverDr_for_TL-WN321G_100324.exe a variant of MSIL/DriverNavigator.A potentially unwanted application cleaned by deleting Pagina best.aliexpress ainda continua, vou usa rum PC para ver travamentos, mas o quue me deixa preocupado essa pagina do aliexpress que nao fica normal
  10. Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 02/05/2019 Hora da análise: 20:28 Arquivo de registro: 6ad6b710-6d3a-11e9-9d71-14dae9bc5ab7.json -Informação do software- Versão: 3.7.1.2839 Versão de componentes: 1.0.586 Versão do pacote de definições: 1.0.10440 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: TURCA-PC\TURCA -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 242044 Ameaças detectadas: 0 Ameaças em quarentena: 0 Tempo decorrido: 2 min, 38 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 0 (Nenhum item malicioso detectado) Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:32:29, on 02/05/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19326) Boot mode: Normal Running processes: C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\TURCA\Desktop\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O4 - HKCU\..\Run: [Google Update] C:\Users\TURCA\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6517 bytes
  11. ~ ZHPCleaner v2019.5.2.58 by Nicolas Coolman (2019/05/02) ~ Run by TURCA (Administrator) (02/05/2019 12:19:28) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (14) FOUND file: C:\Windows\Installer\wix{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI43A4.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI4B61.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI69D9.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB71E.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB837.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB980.tmp =>.SUP.Temporary.Empty FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\002 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\003 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\004 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\005 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Update =>Heuristic.Suspect ---\\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. ---\\ Summary of the elements found (4) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Result of repair ~ Any repair made ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 60081 ~ Items found : 14 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 0 ~ End of search in 00h04mn12s ---\\ Reports (0) ZHPCleaner--02052019-12_23_40.txt ~ ZHPCleaner v2019.5.2.58 by Nicolas Coolman (2019/05/02) ~ Run by TURCA (Administrator) (02/05/2019 12:19:28) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (14) FOUND file: C:\Windows\Installer\wix{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI43A4.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI4B61.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI69D9.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB71E.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB837.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB980.tmp =>.SUP.Temporary.Empty FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\002 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\003 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\004 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\005 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Update =>Heuristic.Suspect ---\\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. ---\\ Summary of the elements found (4) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Result of repair ~ Any repair made ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 60081 ~ Items found : 14 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 0 ~ End of search in 00h04mn12s ---\\ Reports (0) ZHPCleaner--02052019-12_23_40.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:27:27, on 02/05/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19326) Boot mode: Normal Running processes: C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Users\TURCA\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O4 - HKCU\..\Run: [Google Update] C:\Users\TURCA\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6214 bytes
  12. Direciona para essa pagina: https://www.nicolascoolman.com/fr/wp-updates/ZHPCleaner.exe e da isso aqui: 403 Forbidden nginx tentei pelo internent explorer tb mersmo erro
  13. turca

    best.aliexpress.com

    Formatei PC e ta lento travando, abro a pagina do aliexpress e abre essa best.aliexpress.com, pesquisando ouvi falar que é vírus, me ajudem desde já agradeço Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:20:00, on 01/05/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17840) Boot mode: Normal Running processes: C:\Users\TURCA\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O4 - HKCU\..\Run: [Google Update] C:\Users\TURCA\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5720 bytes
×
×
  • Criar Novo...