Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

A área de Remoção de Malwares está aberta na Comunidade BABOO. LEIA AQUI

Ir para conteúdo
clmumber

Paginas aparecendo do nada

Mensagem Recomendada

Boa tarde,

 

Realizei os procedimentos,

 

segue o log hijack

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:21:48, on 30/05/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
C:\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?PC=ACJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PDFVPrinter] C:\Program Files (x86)\Classic PDF Editor\PDFVPrinter.exe
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Cleiton\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: http://*.webcompanion.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{22c53490-a62e-402c-b1d4-94029ca91b3e}: NameServer = 82.163.142.182 82.163.143.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{2863f81a-7d36-4e76-8c2b-9a761cbb13c2}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{29effb5f-324a-40d4-a8ea-7ca7bab42112}: NameServer = 82.163.142.182 82.163.143.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{3780f459-5d60-49a6-94e3-0a4fa42c8059}: NameServer = 82.163.142.182 82.163.143.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{59969b07-d747-4c56-ae92-bd8f72e222d6}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{5b685a62-da66-40f7-baa2-12d44f4df276}: NameServer = 82.163.142.182 82.163.143.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{720b7f5c-c05c-4548-baaa-d17522a44b12}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7e959cbd-4249-47cc-b49d-17d1e9ca0dd6}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}: NameServer = 82.163.142.182 82.163.143.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{aef4f2f9-9438-46a7-ba96-910d002ece57}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{beff52d0-eccd-11e7-a38d-806e6f6e6963}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{e4e2aeda-e5f2-4163-b11d-af9fc4103fee}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}: NameServer = 82.163.142.182 82.163.143.180
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.182 82.163.143.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{22c53490-a62e-402c-b1d4-94029ca91b3e}: NameServer = 82.163.142.182 82.163.143.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.182 82.163.143.180
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: WSISAllmytubechrome - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Technology Access Software Asset Manager (Intel(R) TA SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MTc1YW - Unknown owner - rundll32.exe (file missing)
O23 - Service: NativeDesktopMediaService - Unknown owner - C:\ProgramData\1418462950965527827\desktop_media_service.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\QASvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: TenorshareWinAdService - Tenorshare Co,Ltd - C:\Users\Cleiton\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)
O23 - Service: YWVkNWEyYzJiMGI - Unknown owner - C:\Program Files\YWVkNWEyYzJiMGI\NzUzOTlkOGE2.exe

--
End of file - 15656 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu Antivírus.

Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho)

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do Programa e selecione  executar-como-administrador.png

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde,

 

segue

 

~ ZHPCleaner v2019.5.29.79 by Nicolas Coolman (2019/05/29)
~ Run by Cleiton (Administrator)  (30/05/2019 14:58:08)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\Cleiton\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\Cleiton\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 17134)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (1)
FOUND data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\webcompanion.com\\http [Bad : Sensitive Websites]  =>PUP.Optional.LavasoftWebCompanion


---\\  Hosts file (1)
~ The hosts file is legitimate (11)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (138)
FOUND file: C:\Users\Cleiton\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
FOUND folder: C:\Users\Cleiton\AppData\Roaming\DRPNano  =>.SUP.DriverPack
FOUND folder: C:\Users\Cleiton\AppData\Roaming\DRPSu  =>.SUP.DriverPack
FOUND file: C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe [BitTorrent Inc. - µTorrent]  =>BitTorrent (P2P)
FOUND file: C:\Users\Cleiton\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk    =>BitTorrent (P2P)
FOUND file: C:\Windows\Prefetch\CLOUDPRINTER.EXE-5DE8B619.pf    =>.SUP.Linkury
FOUND file: C:\Windows\Prefetch\ONESYSTEMCARE.EXE-2CCD2217.pf    =>PUP.Optional.OneSystemCare
FOUND file: C:\Windows\Prefetch\QUOTEEX.EXE-D93407B1.pf    =>PUP.Optional.Graftor
FOUND file: C:\Windows\Installer\wix{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{3490D0B6-BB44-417E-8B82-F30C7B48E3F5}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{3540181E-340A-4E7A-B409-31663472B2F7}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{38103AAA-83CB-4540-B206-56800AE60A36}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{5095145F-A690-405A-9ABF-69C7A7319834}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{583882E7-EA75-4BF0-94FA-7DD5A3731C76}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{6044DB2C-08DE-4B8B-90AE-64D6FF604AC6}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{62F029AB-85F2-0000-866A-9FC0DD99DDBC}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{6B23CC2A-3660-4430-920B-E3C706A252E4}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{7CC317AF-84DC-4C6B-9894-453545969892}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{919CE8F2-C283-4FBE-B29F-3BEA088C37EA}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{B2E25355-C24E-4E7D-8AD3-455D59810838}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{B5E06417-A4AC-4225-B36E-7E34C91616E7}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{B6DCCCD3-520D-4485-B642-FCC136CE12C3}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{C4123106-B685-48E6-B9BD-E4F911841EB4}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{EBCCD2B7-FCA9-4714-97A4-CBC48E544BB2}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{F814D094-197F-43C8-87FA-3210BB780486}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{FBA3961B-D1DF-493C-BC1F-E67D3B832895}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\wix{FE4EC25E-CCE4-477C-80B4-C6B351EE1BC6}.SchedServiceConfig.rmi    =>.SUP.Empty
FOUND file: C:\Windows\Installer\MSI8198.tmp [ - IFilter]  =>.SUP.MSIInstaller
FOUND file: C:\Windows\Installer\MSIC455.tmp [ - IFilter]  =>.SUP.MSIInstaller
FOUND file: C:\Windows\Installer\18288a.msp    =>.SUP.Obsolete.Adobe
FOUND file: C:\Windows\Installer\24997c1.msp    =>.SUP.Obsolete.Adobe
FOUND file: C:\Windows\Installer\2595fe7e.msp    =>.SUP.Obsolete.Adobe
FOUND file: C:\Windows\Installer\85acf8c.msp    =>.SUP.Obsolete.Adobe
FOUND file: C:\Windows\Installer\8d25416.msp    =>.SUP.Obsolete.Adobe
FOUND file: C:\Windows\Installer\961e739.msp    =>.SUP.Obsolete.Adobe
FOUND file: C:\Windows\Installer\9828546.msp    =>.SUP.Obsolete.Adobe
FOUND file: C:\Windows\Installer\a6ee8b1.msp    =>.SUP.Obsolete.Adobe
FOUND file: C:\Windows\Installer\cacd8e.msp    =>.SUP.Obsolete.Adobe
FOUND file: C:\Users\Cleiton\AppData\Local\Temp\aria-debug-11364.log    =>.SUP.Temporary.OneDrive
FOUND file: C:\Users\Cleiton\AppData\Local\Temp\CVR96EF.tmp.cvr    =>.SUP.Temporary.Empty
FOUND file: C:\Users\Cleiton\AppData\Local\Temp\wct40B9.tmp    =>.SUP.Temporary.Office
FOUND file: C:\Users\Cleiton\AppData\Local\Temp\wct6FEA.tmp    =>.SUP.Temporary.Office
FOUND file: C:\Users\Cleiton\AppData\Local\Temp\wctAF34.tmp    =>.SUP.Temporary.Office
FOUND file: C:\Users\Cleiton\AppData\Local\Temp\wctCDAA.tmp    =>.SUP.Temporary.Office
FOUND file: C:\Users\Cleiton\AppData\Local\Temp\~DF2C682E584EE63F8B.TMP    =>.SUP.Temporary.Other
FOUND file: C:\Users\Cleiton\AppData\Local\Temp\~DFA791E0F68A13FABA.TMP    =>.SUP.Temporary.Other
FOUND file: C:\Users\Cleiton\AppData\Local\Temp\~DFFF69883CC45BF063.TMP    =>.SUP.Temporary.Other
FOUND file: C:\Users\Cleiton\Downloads\Office 2013\Ativador Office 2013 [ArphaNET]\ARQUIVOS\Microsoft Toolkit 2.5.2\Microsoft Toolkit 2.5.2.exe [CODYQX4 - Microsoft Toolkit]  =>HackTool.WinActivator
FOUND file: C:\Users\Cleiton\AppData\Local\ApplicationHosting.dat    =>PUP.Optional.ApplicationHosting
FOUND file: C:\Windows\SysWOW64\SSL    =>Trojan.Agent
FOUND file: C:\ProgramData\1418462950965527827\desktop_media_service.exe    =>Adware.CrossRider
FOUND file: C:\ProgramData\1418462950965527827\watchdog.exe    =>Adware.CrossRider
FOUND file: C:\ProgramData\Microsoft Toolkit\Settings.xml    =>HackTool.AutoKMS
FOUND folder: C:\ProgramData\Jetmedia\NativeDesktopMediaService  =>PUP.Optional.Jetmedia
FOUND folder: C:\ProgramData\1418462950965527827  =>Adware.CrossRider
FOUND folder: C:\ProgramData\Jetmedia  =>PUP.Optional.Jetmedia
FOUND folder: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
FOUND file: C:\Users\Cleiton\AppData\Roaming\50i55yc4izj\uhp133dzqf5.exe [Cal - Boulsis Setup]  =>Heuristic.Wizzcaster
FOUND file: C:\Users\Cleiton\AppData\Roaming\ghfxqljlpli\bgsnoxgdwha.exe [Cal - Boulsis Setup]  =>Heuristic.Wizzcaster
FOUND folder: C:\Users\Cleiton\AppData\Roaming\50i55yc4izj  =>Heuristic.Wizzcaster
FOUND folder: C:\Users\Cleiton\AppData\Roaming\ghfxqljlpli  =>Heuristic.Wizzcaster
FOUND folder: C:\ProgramData\IObit\ASCDownloader  =>.SUP.AdvancedSystemCare
FOUND folder: C:\ProgramData\Application Data\lavasoft\web companion  =>PUP.Optional.LavasoftWebCompanion
FOUND folder: C:\Users\Cleiton\AppData\Local\AdvinstAnalytics  =>.SUP.Various
FOUND folder: C:\Users\Cleiton\AppData\Local\{DEEBE8B7-FA43-840F-97DB-A1E7B3B35D7F}  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI16B.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI173B.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI175.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI17FA.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI1DAD.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI230A.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI2515.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI263.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI29AE.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI2A5A.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI2AD1.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI3823.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI3D52.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI3ED.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI400F.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI444D.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI4E6C.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI500D.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI5A2C.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI5C02.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI5E94.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI60D7.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI6C0F.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI6CFC.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI6FAD.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI737D.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI73C0.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI7885.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI7C3C.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI8160.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI83BE.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI8704.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI8772.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI8947.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI8AB4.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI8ECD.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI9318.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI987C.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI9A70.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSI9BF2.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIA2B3.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIA64E.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIA85C.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIB351.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIB526.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIBE80.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIC266.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIC30E.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIC934.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSICB4D.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSICBCB.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSICCF3.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSID621.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSID6E2.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIE2D9.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIE42A.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIF3F6.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIF562.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIF7C0.tmp-  =>.SUP.Empty
FOUND folder: C:\Windows\Installer\MSIFA6B.tmp-  =>.SUP.Empty
FOUND folder: C:\Users\Cleiton\AppData\LocalLow\EmieBrowserModeList  =>.SUP.Empty
FOUND folder: C:\Users\Cleiton\AppData\LocalLow\EmieSiteList  =>.SUP.Empty
FOUND folder: C:\Users\Cleiton\AppData\LocalLow\EmieUserList  =>.SUP.Empty
FOUND folder: C:\Users\Cleiton\AppData\LocalLow\VDownloader  =>.SUP.Empty


---\\  Registry ( Key, Value, Data) (34)
FOUND key: HKCU\Software\WajIEnhance []  =>PUP.Optional.Wajam
FOUND key: HKEY_USERS\S-1-5-21-4085650246-1502467932-1502206782-1001\SOFTWARE\WajIEnhance []  =>PUP.Optional.WaEnhance
FOUND key: HKCU\Software\WajIEnhance []  =>PUP.Optional.WaEnhance
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net []  =>.SUP.AkamaiHD
FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net [2068]  =>.SUP.AkamaiHD
FOUND key: [X64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [_IReiEngineEvents]  =>PUP.Optional.Legacy
FOUND key: [X64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [IReiEngine]  =>PUP.Optional.Legacy
FOUND key: [X64] HKLM\SOFTWARE\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 []  =>PUP.Optional.Wajam
FOUND key: [X64] HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A [Online Application]  =>.SUP.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502 [NativeDesktopMediaService]  =>PUP.Optional.Jetmedia
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{22c53490-a62e-402c-b1d4-94029ca91b3e}\\NameServer [Bad : 82.163.142.182 82.163.143.180]  =>Adware.DNSUnlocker
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29effb5f-324a-40d4-a8ea-7ca7bab42112}\\NameServer [Bad : 82.163.142.182 82.163.143.180]  =>Adware.DNSUnlocker
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3780f459-5d60-49a6-94e3-0a4fa42c8059}\\NameServer [Bad : 82.163.142.182 82.163.143.180]  =>Adware.DNSUnlocker
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5b685a62-da66-40f7-baa2-12d44f4df276}\\NameServer [Bad : 82.163.142.182 82.163.143.180]  =>Adware.DNSUnlocker
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}\\NameServer [Bad : 82.163.142.182 82.163.143.180]  =>Adware.DNSUnlocker
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}\\NameServer [Bad : 82.163.142.182 82.163.143.180]  =>Adware.DNSUnlocker
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{22c53490-a62e-402c-b1d4-94029ca91b3e}\\DhcpNameServer [Bad : 82.163.142.182]  =>Adware.DNSUnlocker
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3780f459-5d60-49a6-94e3-0a4fa42c8059}\\DhcpNameServer [Bad : 82.163.142.182]  =>Adware.DNSUnlocker
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5b685a62-da66-40f7-baa2-12d44f4df276}\\DhcpNameServer [Bad : 82.163.142.182]  =>Adware.DNSUnlocker
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}\\DhcpNameServer [Bad : 82.163.142.182]  =>Adware.DNSUnlocker
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}\\DhcpNameServer [Bad : 82.163.142.182]  =>Adware.DNSUnlocker
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\NameServer [Bad : 82.163.142.182 82.163.143.180]  =>Adware.DNSUnlocker
FOUND key: [X64] HKLM\SOFTWARE\SrcAAAesom Browser Enhancer []  =>PUP.Optional.Wajam
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QuoteexU []  =>PUP.Optional.Graftor
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Jetmedia []  =>PUP.Optional.Jetmedia
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\SrcAAAesom Browser Enhancer []  =>PUP.Optional.Wajam
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 []  =>PUP.Optional.Wajam
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [_IReiEngineEvents]  =>PUP.Optional.Legacy
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [IReiEngine]  =>PUP.Optional.Legacy
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\QuoteexU []  =>PUP.Optional.Graftor
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20} [Jetmedia]  =>PUP.Optional.Jetmedia
FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Cleiton\Downloads\ZHPCleaner.exe.FriendlyAppName [ZHPCleaner]  =>.SUP.Orphan.MUICache
FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Cleiton\Downloads\ZHPCleaner.exe.ApplicationCompany [Nicolas Coolman]  =>.SUP.Orphan.MUICache


---\\  Summary of the elements found (29)
https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P)
https://nicolascoolman.eu/2018/07/04/sup-driverpack/ =>.SUP.DriverPack
https://nicolascoolman.eu/2017/09/07/pup-optional-salus/ =>.SUP.Linkury
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.OneSystemCare
https://nicolascoolman.eu/2017/03/30/adware-graftor/ =>PUP.Optional.Graftor
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.MSIInstaller
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.Adobe
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Office
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Other
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.ApplicationHosting
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Trojan.Agent
https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/ =>Adware.CrossRider
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS
https://nicolascoolman.eu/2019/05/22/pup-optional-jetmedia/ =>PUP.Optional.Jetmedia
https://nicolascoolman.eu/2017/09/15/adware-wizzcaster/ =>Heuristic.Wizzcaster
https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/ =>.SUP.AdvancedSystemCare
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Various
https://nicolascoolman.eu/2017/02/24/pup-optional-wajam/ =>PUP.Optional.Wajam
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.WaEnhance
https://nicolascoolman.eu/2017/12/26/sup-akamaihd/ =>.SUP.AkamaiHD
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Legacy
https://nicolascoolman.eu/2017/12/24/sup-microleaves/ =>.SUP.Microleaves
https://nicolascoolman.eu/2017/09/27/adware-dnsunlocker/ =>Adware.DNSUnlocker
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Orphan.MUICache


---\\ Result of repair
~ Any repair made
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 124537
~ Items found : 183
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 156237


~ End of search in 00h27mn11s

---\\  Reports (5)
ZHPCleaner-[R]-30082017-13_16_08.txt
ZHPCleaner-[R]-30082017-15_46_28.txt
ZHPCleaner--30082017-11_55_51.txt
ZHPCleaner--30082017-15_45_27.txt
ZHPCleaner--30052019-15_25_19.txt

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:34:06, on 30/05/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Acer\Acer Power Management\ePowerWMPRemoteCtrl.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?PC=ACJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PDFVPrinter] C:\Program Files (x86)\Classic PDF Editor\PDFVPrinter.exe
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Cleiton\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{2863f81a-7d36-4e76-8c2b-9a761cbb13c2}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{59969b07-d747-4c56-ae92-bd8f72e222d6}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{720b7f5c-c05c-4548-baaa-d17522a44b12}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7e959cbd-4249-47cc-b49d-17d1e9ca0dd6}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{aef4f2f9-9438-46a7-ba96-910d002ece57}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{beff52d0-eccd-11e7-a38d-806e6f6e6963}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{e4e2aeda-e5f2-4163-b11d-af9fc4103fee}: NameServer = 8.8.8.8
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: WSISAllmytubechrome - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Technology Access Software Asset Manager (Intel(R) TA SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MTc1YW - Unknown owner - rundll32.exe (file missing)
O23 - Service: NativeDesktopMediaService - Unknown owner - C:\ProgramData\1418462950965527827\desktop_media_service.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\QASvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: TenorshareWinAdService - Tenorshare Co,Ltd - C:\Users\Cleiton\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)
O23 - Service: YWVkNWEyYzJiMGI - Unknown owner - C:\Program Files\YWVkNWEyYzJiMGI\NzUzOTlkOGE2.exe

--
End of file - 14780 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mbam-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde,

Segue os logs

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:58, on 03/06/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?PC=ACJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PDFVPrinter] C:\Program Files (x86)\Classic PDF Editor\PDFVPrinter.exe
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Cleiton\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [OneDrive] "C:\Users\Cleiton\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User '?')
O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" (User '?')
O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [uTorrent] "C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED (User '?')
O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR (User '?')
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{22c53490-a62e-402c-b1d4-94029ca91b3e}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{2863f81a-7d36-4e76-8c2b-9a761cbb13c2}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{29effb5f-324a-40d4-a8ea-7ca7bab42112}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{3780f459-5d60-49a6-94e3-0a4fa42c8059}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{59969b07-d747-4c56-ae92-bd8f72e222d6}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{5b685a62-da66-40f7-baa2-12d44f4df276}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{720b7f5c-c05c-4548-baaa-d17522a44b12}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7e959cbd-4249-47cc-b49d-17d1e9ca0dd6}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{aef4f2f9-9438-46a7-ba96-910d002ece57}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{beff52d0-eccd-11e7-a38d-806e6f6e6963}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{e4e2aeda-e5f2-4163-b11d-af9fc4103fee}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{22c53490-a62e-402c-b1d4-94029ca91b3e}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: WSISAllmytubechrome - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Technology Access Software Asset Manager (Intel(R) TA SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\QASvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: TenorshareWinAdService - Tenorshare Co,Ltd - C:\Users\Cleiton\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)

--
End of file - 16629 bytes

 

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 03/06/2019
Hora da análise: 14:36
Arquivo de registro: 8a5284ae-862e-11e9-9bd4-0250f2d6bf59.json

-Informação do software-
Versão: 3.7.1.2839
Versão de componentes: 1.0.586
Versão do pacote de definições: 1.0.10886
Licença: Gratuita

-Informação do sistema-
Sistema operacional: Windows 10 (Build 17134.765)
CPU: x64
Sistema de arquivos: NTFS
Usuário: Cleitinho\Cleiton

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 402133
Ameaças detectadas: 80
Ameaças em quarentena: 78
Tempo decorrido: 27 min, 32 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 1
Adware.Wajam.Generic, C:\Windows\VIZAVLVPWMPLHSTHTOB.VIZ, Quarentena, [4890], [580247],1.0.10886

Chave de registro: 12
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarentena, [517], [-1],0.0.0
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\YWVkNWEyYzJiMGI, Quarentena, [517], [556539],1.0.10886
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarentena, [2945], [260247],1.0.10886
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MTc1YW, Quarentena, [4890], [580247],1.0.10886
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarentena, [2945], [260247],1.0.10886
Adware.NetAdapter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NATIVEDESKTOPMEDIASERVICE, Quarentena, [1038], [683133],1.0.10886
Adware.Adposhel, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\C2282038-984E-572F-689D-0E040B5A7334, Quarentena, [485], [690145],1.0.10886
Adware.Adposhel, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D997E213-5469-473F-B7AC-0AE34698DC51}, Quarentena, [485], [690145],1.0.10886
Adware.Adposhel, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{D997E213-5469-473F-B7AC-0AE34698DC51}, Quarentena, [485], [690145],1.0.10886
Adware.NetAdapter, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{E8C0E438-37AD-46BE-B3EF-E4820E1CF138}, Quarentena, [1038], [683129],1.0.10886
Adware.NetAdapter, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{66996631-D5C7-472D-84C3-2F7B6D07C7F3}, Quarentena, [1038], [683129],1.0.10886
Adware.NetAdapter, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{66996631-D5C7-472D-84C3-2F7B6D07C7F3}, Quarentena, [1038], [683129],1.0.10886

Valor de registro: 10
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [517], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-4085650246-1502467932-1502206782-1001\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [517], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [517], [-1],0.0.0
Adware.NetAdapter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{9E658FE0-EEA9-4643-A5E6-FC1EF19A2EEA}, Quarentena, [1038], [683134],1.0.10886
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MTc1YW|IMAGEPATH, Quarentena, [4890], [580247],1.0.10886
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarentena, [7101], [676881],1.0.10886
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, Quarentena, [7101], [676880],1.0.10886
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarentena, [7101], [676881],1.0.10886
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, Quarentena, [7101], [676880],1.0.10886
Adware.NetAdapter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NATIVEDESKTOPMEDIASERVICE|IMAGEPATH, Quarentena, [1038], [683133],1.0.10886

Dados de registro: 23
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{22c53490-a62e-402c-b1d4-94029ca91b3e}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{22c53490-a62e-402c-b1d4-94029ca91b3e}|DhcpNameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2863f81a-7d36-4e76-8c2b-9a761cbb13c2}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{29effb5f-324a-40d4-a8ea-7ca7bab42112}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{29effb5f-324a-40d4-a8ea-7ca7bab42112}|DhcpNameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3780f459-5d60-49a6-94e3-0a4fa42c8059}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3780f459-5d60-49a6-94e3-0a4fa42c8059}|DhcpNameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{59969b07-d747-4c56-ae92-bd8f72e222d6}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{59969b07-d747-4c56-ae92-bd8f72e222d6}|DhcpNameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5b685a62-da66-40f7-baa2-12d44f4df276}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5b685a62-da66-40f7-baa2-12d44f4df276}|DhcpNameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{720b7f5c-c05c-4548-baaa-d17522a44b12}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{7e959cbd-4249-47cc-b49d-17d1e9ca0dd6}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}|DhcpNameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{aef4f2f9-9438-46a7-ba96-910d002ece57}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{aef4f2f9-9438-46a7-ba96-910d002ece57}|DhcpNameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{beff52d0-eccd-11e7-a38d-806e6f6e6963}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e4e2aeda-e5f2-4163-b11d-af9fc4103fee}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}|NameServer, Substituído, [2945], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}|DhcpNameServer, Substituído, [2945], [-1],0.0.0

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 2
Adware.Wajam, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\wjmE045.tmp, Quarentena, [517], [511084],1.0.10886
Adware.Wajam, C:\PROGRAM FILES\YWVkNWEyYzJiMGI, Quarentena, [517], [556539],1.0.10886

Arquivo: 32
Adware.Zdengo, C:\Windows\System32\drivers\YjJhYWZiYTFkNDdi, Quarentena, [518], [671707],0.0.0
PUP.Optional.FFHijacker.Generic, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS, Quarentena, [5347], [505085],1.0.10886
Adware.Wajam, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\wjmE045.tmp\update.exe, Quarentena, [517], [511084],1.0.10886
Adware.Wajam, C:\PROGRAM FILES\YWVkNWEyYzJiMGI\WBE_uninstall.dat, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\MjRiYjg.exe, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\mozcrt19.dll, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\NDY1MDA1M, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\nspr4.dll, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\nss3.dll, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\NzUzOTlkOGE2.exe, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\ODBlNTEzNzBjN.ico, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\plc4.dll, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\plds4.dll, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\service.dat, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\service_64.dat, Quarentena, [517], [556539],1.0.10886
Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\softokn3.dll, Quarentena, [517], [556539],1.0.10886
Adware.Wajam.Generic, C:\Windows\VIZAVLVPWMPLHSTHTOB.VIZ, Quarentena, [4890], [580247],1.0.10886
MachineLearning/Anomalous.100%, C:\Windows\MGZHY.EXE, Quarentena, [0], [392687],1.0.10886
Adware.Adposhel, C:\Windows\SYSTEM32\TASKS\C2282038-984E-572F-689D-0E040B5A7334, Quarentena, [485], [690145],1.0.10886
Adware.Adposhel, C:\PROGRA~3\3C101F~1\{570C0~1, Quarentena, [485], [690145],1.0.10886
Adware.Adposhel, C:\PROGRAMDATA\3C101F24-47AE-572F-DA82-F298922D6474\{570C05AA-6BD6-1720-8E1A-1C6B782C0F40}, Quarentena, [485], [690145],1.0.10886
Adware.NetAdapter, C:\Windows\SYSTEM32\TASKS\{E8C0E438-37AD-46BE-B3EF-E4820E1CF138}, Quarentena, [1038], [683129],1.0.10886
Spyware.PasswordStealer, C:\USERS\CLEITON\APPDATA\ROAMING\MICROSOFT\Windows\FCITWADR\ECTFIAEB.EXE, Quarentena, [494], [689143],1.0.10886
Adware.Adposhel, C:\USERS\CLEITON\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\1418462950965527827\DESKTOP_MEDIA_SERVICE.EXE, Quarentena, [485], [690296],1.0.10886
Adware.Csdimonetize, C:\USERS\CLEITON\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\GHFXQLJLPLI\BGSNOXGDWHA.EXE, Quarentena, [2917], [688678],1.0.10886
Adware.Csdimonetize, C:\USERS\CLEITON\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\50I55YC4IZJ\UHP133DZQF5.EXE, Quarentena, [2917], [688678],1.0.10886
Adware.Adposhel, C:\USERS\CLEITON\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\1418462950965527827\WATCHDOG.EXE, Quarentena, [485], [690148],1.0.10886
Adware.Adposhel, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\{B320D06C-B020-EE7B-B828-BC34CE6A1F5D}\NA.EXE, Quarentena, [485], [688270],1.0.10886
Adware.Zdengo, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\NSN137C.TMP\HQVJVHNOWNS.DLL, Quarentena, [518], [689439],1.0.10886
Adware.Zdengo, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\NSG2A4F.TMP\HQVJVHNOWNS.DLL, Quarentena, [518], [689439],1.0.10886
Adware.Adposhel, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\3A5AC2D049644DF9, Quarentena, [485], [690145],1.0.10886
Adware.Zdengo, C:\Windows\TEMP\NSS2D4D.TMP\HQVJVHNOWNS.DLL, Quarentena, [518], [689439],1.0.10886

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bem infectado seu PC hein...trojan.gif

Desative temporariamente seu Antivírus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu Desktop (Área de Trabalho).

Dê um duplo clique no seu ícone no Desktop.

Marque "YES, I accept the Terms of Use." Clique em Start.

Aceite qualquer Aviso de Segurança de seu Navegador

Marque as Opções abaixo:

Enable detection of potencially unwanted applications.

Clique em Hide advanced settings e marque:

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology 

Clique Change e marque também a caixa Computador.

Clique em Start.

Ele vai atualizar por conta própria, e escanear o Computador. Tenha paciência, o processo pode demorar horas. Quando o Scan terminar, clique em List Threats.

Clique em Export to text file e salve o Log na sua Área de Trabalho.

Copie e cole o conteúdo em sua próxima resposta.

Obs: Se nada for encontrado, nenhum Log será gerado.

Clique em Back.

Clique em Finish.

Informe a situação atual do PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde

 

Segue o log

 

C:\IObit\IObitLauncher.exe    a variant of Win32/IObit.L potentially unwanted application    cleaned by deleting
C:\Program Files\VIJFO7FIQX\FUG1RXAL5.exe    a variant of MSIL/Kryptik.LML trojan    cleaned by deleting
C:\Program Files (x86)\4KDownload\4kvideodownloader\4k.video.downloader stogram YouTube.to.mp3-patch.v.2.3-WD.exe    a variant of Win32/HackTool.Patcher.A potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\Atari\Test Drive Unlimited 2\rld.dll    Win32/HackTool.Crack.CY potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\Atari\Test Drive Unlimited 2\steam_api.dll    a variant of Win32/HackTool.Crack.EN potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\Common Files\Hotlattip\uninstall.exe    a variant of Win32/TrojanDropper.Addrop.CL trojan    cleaned by deleting
C:\Program Files (x86)\IObit\LiveUpdate\IObitLauncher.exe    a variant of Win32/IObit.L potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Seed Trade\Seed\seed.exe    a variant of Win32/Kryptik.GTMF trojan    cleaned by deleting
C:\Users\Cleiton\AppData\Local\Mozilla\Firefox\Profiles\03zygwdv.default\cache2\entries\5F4EBB5CDC0A6118C64A88FC2E9F989F25F9AACA    a variant of Win32/Kryptik.GTLM trojan    deleted
C:\Users\Cleiton\AppData\Local\Mozilla\Firefox\Profiles\03zygwdv.default\cache2\entries\7F9DB68C7C83BBD7969E3200CA1FB50D7C27FF60    Win32/InstallCore.AYH potentially unwanted application    cleaned by deleting
C:\Users\Cleiton\AppData\Local\Mozilla\Firefox\Profiles\03zygwdv.default\cache2\entries\C030CFEB5089CA218F39D114D015E0AA2BBF6A1B    HTML/ScrInject.B trojan    deleted
C:\Users\Cleiton\AppData\Local\Mozilla\Firefox\Profiles\03zygwdv.default\cache2\entries\EED00DB56A8D2F5DA750D77406F698BB552F5594    Win32/InstallCore.Gen.A potentially unwanted application    cleaned by deleting
C:\Users\Cleiton\AppData\Local\Temp\RiVxsKOJ.exe.part    Win32/InstallCore.AYH potentially unwanted application    cleaned by deleting
C:\Users\Cleiton\AppData\Roaming\uTorrent\updates\3.5.3_44428.exe    a variant of MSIL/WebCompanion.A potentially unwanted application    cleaned by deleting
C:\Users\Cleiton\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\Microsoft Toolkit 2.5.2.exe    a variant of MSIL/HackKMS.G potentially unsafe application    cleaned by deleting
C:\Users\Cleiton\Downloads\4K Video Downloader Crack v4 With Serial Key Full Version Download.zip    a variant of Win32/Kryptik.GNDZ trojan    deleted
C:\Users\Cleiton\Downloads\ccsetup552.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Cleiton\Downloads\ccsetup557.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Cleiton\Downloads\phonerescue_3.7_70339a2-1010.zip    a variant of Win32/DownloadAssistant.S potentially unwanted application    deleted
C:\Users\Cleiton\Downloads\wondershare-drfone-v103023-final-crack-download_5db9bf6-1123.zip    a variant of Win32/DownloadAssistant.S potentially unwanted application    deleted
C:\Users\Cleiton\Downloads\4K Video Downloader 4.4.2.2255 + Crack [CracksNow]\Patch\Patch.zip    a variant of Win32/HackTool.Patcher.A potentially unsafe application    deleted
C:\Users\Cleiton\Downloads\4K Video Downloader 4.4.2.2255 + Crack [CracksNow]\Patch\Patch\4k.video.downloader stogram YouTube.to.mp3-patch.v.2.3-WD.exe    a variant of Win32/HackTool.Patcher.A potentially unsafe application    cleaned by deleting
C:\Users\Cleiton\Downloads\ATIVADOR 4K-VIDEO\Crack\4K Video Downloader Crack .exe    a variant of MSIL/HackTool.StuffFull.F potentially unsafe application    cleaned by deleting
C:\Users\Cleiton\Downloads\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen [SadeemPC]\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen [SadeemPC]\CDGSX8.iso    a variant of Win32/Keygen.PE potentially unsafe application    deleted
C:\Users\Cleiton\Downloads\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen [SadeemPC]\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen [SadeemPC]\Crack\Keygen.exe    a variant of Win32/Keygen.PE potentially unsafe application    cleaned by deleting
C:\Users\Cleiton\Downloads\Office 2013\Daemon Tools Lite 2014 - 4491-0356.exe    Win32/DownWare.L potentially unwanted application    cleaned by deleting
C:\Users\Cleiton\Downloads\Office 2013\Ativador Office 2013 [ArphaNET]\ARQUIVOS\Microsoft Toolkit 2.5.2.rar    a variant of MSIL/HackKMS.G potentially unsafe application    deleted
C:\Windows\Installer\90a1a79.msi    a variant of Win32/Adware.Adposhel.CC application    deleted


 computador esta melhor, mas ainda aparece algumas paginas do nada!

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
2 horas atrás, clmumber disse:

 computador esta melhor, mas ainda aparece algumas paginas do nada!

Foi feita uma grande limpeza no seu Computador, é só ver o tamanho e quantidade de infecções gerados nos Logs dos Programas usados..

Sendo assim, nada mais a fazer por aqui, sugiro que você faça backup e reinstale o Windows do zero.

Boa sorte!


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...