Computer Hope
Software => Computer viruses and spyware => Topic started by: renatinha2018 on November 20, 2018, 11:17:26 PM
-
Hello, I have a problem with my machine, it is slow, so I decided to download and run adwCleanner and it reported the following infections to me. I deleted but I noticed that some mentioned files remain in the directory and were not deleted. What should I do?
***** [ Tasks ] *****
Deleted C:\Windows\Tasks\Online Application V2G5.job
Deleted C:\Windows\Tasks\Online Application V2G4.job
Deleted C:\Windows\Tasks\Online Application V2G6.job
Deleted C:\Windows\System32\Tasks\c486adfb4a29c5ec7892b1f03b80162b
Deleted C:\Windows\System32\Tasks\ErrorFixKIT
Deleted C:\Windows\Tasks\Online Application V2G2.job
Deleted C:\Windows\Tasks\Online Application V2G3.job
Deleted C:\Windows\Tasks\Online Application V2G1.job
Deleted C:\Windows\Tasks\Updater_Online_Application.job
Deleted C:\Windows\System32\Tasks\Updater_Online_Application
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKLM\Software\Wow6432Node\Microleaves
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD51A354-6FD4-4745-98A7-106F94A30B96}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD51A354-6FD4-4745-98A7-106F94A30B96}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12A60691-24DA-497B-9D4B-23B6D6DE88EF}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12A60691-24DA-497B-9D4B-23B6D6DE88EF}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3069DE66-30A2-4812-BFE3-48738E8C05D3}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3069DE66-30A2-4812-BFE3-48738E8C05D3}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c486adfb4a29c5ec7892b1f03b80162b
Deleted HKCU\Software\Microsoft\BigTime
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2608E6E1-03D5-47F4-8598-585BCC87EB8A}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShadowsocksS
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B597A0A-1735-4330-8C01-3256831A6E07}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaCieS
Deleted HKLM\Software\Wow6432Node\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
Deleted HKLM\Software\ErrorFixKIT
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7AFF413-F6A2-45A7-B95C-D66F57952A78}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ErrorFixKIT
Deleted HKCU\Software\EpicNet Inc.
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Plumbytes Anti-Malware
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CommonToolkitTray_Solvusoft
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|CommonToolkitTray_Solvusoft
Deleted HKLM\Software\Microsoft\DMunversion
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{396BFFBE-20E6-4026-B19D-DB957681453D}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E57FCA0A-052E-4EC2-AA7D-6C8AA5C4E52D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4FC6F45-CCC6-4A55-8C2B-4E8DB832BC6C}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4FC6F45-CCC6-4A55-8C2B-4E8DB832BC6C}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52B76188-DBE7-4BBF-9C09-4E43B5D2EC32}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52B76188-DBE7-4BBF-9C09-4E43B5D2EC32}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5204C58-E652-4180-A3DE-E7130AB21942}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5204C58-E652-4180-A3DE-E7130AB21942}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pandasecurity.mystart.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystart.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15F72B59-D3ED-49AC-813D-E9E79DBFEF7D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15F72B59-D3ED-49AC-813D-E9E79DBFEF7D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKLM\Software\Plumbytes Software
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\Solvusoft
Deleted HKLM\Software\Wow6432Node\Solvusoft
Deleted HKLM\Software\Solvusoft
Deleted HKLM\SOFTWARE\CLASSES\APPLICATIONS\SolvusoftTray.exe
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\WinThruster.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinThruster.exe
Deleted HKCU\Software\System Healer
Deleted HKCU\Software\MICROSOFT\wewewe
Deleted HKLM\Software\Wow6432Node\SrcAAAesom Browser Enhancer
Deleted HKLM\Software\SrcAAAesom Browser Enhancer
Deleted HKCU\Software\WajIEnhance
Deleted HKLM\Software\Wow6432Node\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted HKLM\Software\Microsoft\PrIncub
Deleted HKLM\Software\Microsoft\MPrForShutT
Deleted HKLM\Software\Microsoft\PrAmNP
Deleted HKLM\Software\Microsoft\NSaveA
Deleted HKLM\Software\Microsoft\APreSam
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{773A8CA8-3876-4AA1-AB78-EECA231BFF3A}
Deleted HKLM\Software\Common Toolkit Suite
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8AC8A37767831AA4BA87EEAC32B1FFA3
Deleted HKLM\Software\Classes\Installer\Products\8AC8A37767831AA4BA87EEAC32B1FFA3
Deleted HKLM\Software\Classes\Installer\Features\8AC8A37767831AA4BA87EEAC32B1FFA3
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5556309623D8EAC478D3B24F6A68D7B0
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\5556309623D8EAC478D3B24F6A68D7B0
***** [ Chromium (and derivatives) ] *****
Deleted Chrome Cleaner Pro
Deleted Chrome Cleaner Pro
Deleted MSN Homepage & Bing Search Engine
Deleted MSN Homepage & Bing Search Engine
Deleted Panda Safe Web
Deleted Panda Safe Web
Deleted Search Manager
***** [ Chromium URLs ] *****
Deleted Ask Brasil
Deleted Ask Brasil
Deleted Ask Brasil
Deleted http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
Deleted http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
Deleted http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
Deleted http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
Deleted http://www.sweet-page.com/?type=hp&ts=1413550733&from=cor&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
Deleted https://bucetas.blog/categoria/brasileirinhas/
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Deleted http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10477_728_181119
*************************
- Delete Tracing Keys
- Reset Winsock
*************************
AdwCleaner[S00].txt - [16218 octets] - [21/11/2018 03:56:48]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Thank you any advanced
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Download and install: Please download Malwarebytes' scanner (http://downloads.malwarebytes.org/file/mbam) to your desktop.
Double Click mbam-setup.exe to install the application.
- It should update automatically if the computer is connected to the internet.
- Click on Threat Scan and click on Scan Now.
- The scan may take some time to finish,so please be patient.
- When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
- Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
- When disinfection is completed you can click on "Copy to Clipboard".
- Paste the log in you next reply (CTRL+ V)
*************************************************
Download Security Check by screen317 from the following link and save it to your desktop.
Security Check (http://www.bleepingcomputer.com/download/securitycheck/)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************
Please run AdwCleaner again and post the log.
-
Thank you for your prompt response and attention. It follows the malwarebytes log it encountered 116 threats form all quarantined.
Malwarebytes
www.malwarebytes.com
-Detalhes de registro-
Data da análise: 21/11/2018
Hora da análise: 17:38
Arquivo de registro: f6750f92-edc4-11e8-ac91-3497f68ea388.json
-Informação do software-
Versão: 3.6.1.2711
Versão de componentes: 1.0.482
Versão do pacote de definições: 1.0.7959
Licença: Versão de Avaliação
-Informação do sistema-
Sistema operacional: Windows 10 (Build 14393.2608)
CPU: x64
Sistema de arquivos: NTFS
Usuário: DESKTOP-7UU2GVM\---------\u00c3\u00a3o
-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 373716
Ameaças detectadas: 116
Ameaças em quarentena: 116
Tempo decorrido: 2 min, 30 seg
-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar
-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)
Módulo: 0
(Nenhum item malicioso detectado)
Chave de registro: 18
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A9A5E827-F7ED-4987-8243-DC3B2A93E37C}_is1, Quarentena, [567], [485109],1.0.7959
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarentena, [475], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarentena, [6385], [425124],1.0.7959
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\TASKENG.EXE, Quarentena, [6385], [425125],1.0.7959
PUP.Optional.InstallCore, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\CSASTATS\ic, Quarentena, [408], [586068],1.0.7959
Adware.Tuto4PC, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\SOFTWARE\MICROSOFT\EWMON, Quarentena, [2782], [411543],1.0.7959
PUP.Optional.InstallCore, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\PRODUCTSETUP, Quarentena, [408], [481004],1.0.7959
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XnrW3hoDOzjF Updater, Quarentena, [3159], [494177],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MPrForWeathI, Quarentena, [2782], [572664],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_B, Quarentena, [2782], [572665],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_Qn, Quarentena, [2782], [572666],1.0.7959
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Quarentena, [433], [518476],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreAm, Quarentena, [2782], [572667],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreIc, Quarentena, [2782], [572668],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreJ, Quarentena, [2782], [572669],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreShM, Quarentena, [2782], [572670],1.0.7959
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MjNkYWU, Quarentena, [4874], [580236],1.0.7959
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\YzYwODk5MWEwMDI5N, Quarentena, [475], [488914],1.0.7959
Valor de registro: 16
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-1100052066-766834226-2942838772-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
PUP.Optional.SLOWPCfighter, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEASSOCIATION\NOSTARTPAGEAPPUSERMODELIDS|FIGHTERS.SLOW-PCFIGHTER.UNINSTALL, Quarentena, [1012], [405390],1.0.7959
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarentena, [6385], [425124],1.0.7959
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarentena, [6385], [425126],1.0.7959
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarentena, [6385], [425125],1.0.7959
Adware.Tuto4PC, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\SOFTWARE\MICROSOFT\EWMON|PARTNER, Quarentena, [2782], [411543],1.0.7959
PUP.Optional.InstallCore, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\PRODUCTSETUP|TB, Quarentena, [408], [481004],1.0.7959
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XnrW3hoDOzjF Updater|IMAGEPATH, Quarentena, [3159], [494177],1.0.7959
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MjNkYWU|IMAGEPATH, Quarentena, [4874], [580236],1.0.7959
Adware.Csdimonetize, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|ymxx1adg2cd, Quarentena, [2866], [592870],1.0.7959
Dados de registro: 11
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{07b1e0e9-123e-4939-b98f-7b923fd63848}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{07b1e0e9-123e-4939-b98f-7b923fd63848}|DhcpNameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3a5013bf-98c4-413a-911b-3c6287a8a803}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3a5013bf-98c4-413a-911b-3c6287a8a803}|DhcpNameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3b997b47-9d5b-4dc6-b795-a29738e98016}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{98e9be1c-19cb-4fb2-add7-5f2ec6d8e1b6}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{98ff3d37-ee13-4ab2-82a7-74e5dca09e0e}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9cfc04c1-9c5c-42ac-b7e0-bf0e24133b6f}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{efea9dcc-eb35-4e26-a58c-759e97cd1f1a}|NameServer, Substituído, [3159], [-1],0.0.0
Fluxo de dados: 0
(Nenhum item malicioso detectado)
Pasta: 14
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\HowToRemove, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\USERS\-------------------\APPDATA\LOCAL\{3D4E0B12-19E6-67AA-747E-42425016BEDA}, Quarentena, [712], [484244],1.0.7959
Trojan.BitCoinMiner, C:\PROGRAM FILES\SHADOWSOCKS, Quarentena, [567], [485109],1.0.7959
Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\D2BNS985I5, Quarentena, [2782], [487472],1.0.7959
Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\UINVN0MU49, Quarentena, [2782], [487472],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm5690.tmp, Quarentena, [475], [511084],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm6F17.tmp, Quarentena, [475], [511084],1.0.7959
PUP.Optional.MyStart, C:\USERS\-------------------\APPDATA\ROAMING\SEARCH THE WEB, Quarentena, [228], [594135],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm7C8F.tmp, Quarentena, [475], [511084],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm9752.tmp, Quarentena, [475], [511084],1.0.7959
Adware.Neoreklami.TskLnk, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\ZJVJYDILXTAAIFNHI, Quarentena, [1224], [597936],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\_metadata, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CDFGFNCDANFPLMKHEHIJMCENHOKBAAIK, Quarentena, [4618], [443118],1.0.7959
Arquivo: 57
PUP.Optional.GoodGame, C:\USERS\-------------------\DESKTOP\GOODGAME EMPIRE.URL, Quarentena, [3884], [261883],1.0.7959
PUP.Optional.SearchManager, C:\USERS\-------------------\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarentena, [255], [260989],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\USERS\-------------------\APPDATA\LOCAL\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\cica, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\HowToRemove\HowToRemove.html, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\bapi_chmm.dat, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\bapi_ff.dat, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\bapi_ie.dat, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\install.log, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\lele, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\refe, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\sole.dat, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\sota, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\Sqlite3.dll, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\tora.cfg, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\uninst.dat, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\uninst.exe, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\uninstp.dat, Quarentena, [712], [484244],1.0.7959
Trojan.BitCoinMiner, C:\PROGRAM FILES\SHADOWSOCKS\UNINS000.DAT, Quarentena, [567], [485109],1.0.7959
Trojan.BitCoinMiner, C:\Program Files\Shadowsocks\unins000.exe, Quarentena, [567], [485109],1.0.7959
Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\D2BNS985I5\up.exe.config, Quarentena, [2782], [487472],1.0.7959
Adware.Tuto4PC, C:\Users\-------------------\AppData\Local\Temp\D2BNS985I5\up.exe, Quarentena, [2782], [487472],1.0.7959
Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\UINVN0MU49\up.exe.config, Quarentena, [2782], [487472],1.0.7959
Adware.Tuto4PC, C:\Users\-------------------\AppData\Local\Temp\UINVN0MU49\up.exe, Quarentena, [2782], [487472],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm5690.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm6F17.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
PUP.Optional.MyStart, C:\USERS\-------------------\APPDATA\ROAMING\SEARCH THE WEB\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}.ico, Quarentena, [228], [594135],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm7C8F.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm9752.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
Adware.Linkury.Generic, C:\USERS\-------------------\APPDATA\LOCAL\SHAM.DB, Quarentena, [3733], [516191],1.0.7959
Adware.Wajam.Generic, C:\WINDOWS\IXMIXFACA.IXML, Quarentena, [4874], [580236],1.0.7959
MachineLearning/Anomalous.100%, C:\WINDOWS\ACABC898A0EA38066A77971B0E7EC412.EXE, Quarentena,
PUP.Optional.WinYahoo, C:\USERS\-------------------\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWM8OJQU.DEFAULT\PREFS.JS, Substituído, [232], [303324],1.0.7959
PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Substituído, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CDFGFNCDANFPLMKHEHIJMCENHOKBAAIK\0.8_0\REDIRECT.JS, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\_metadata\computed_hashes.json, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\_metadata\verified_contents.json, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\background.js, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\manifest.json, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\popup.html, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\redirect.html, Quarentena, [4618], [443118],1.0.7959
Adware.Wajam, C:\WINDOWS\SYSTEM32\DRIVERS\YZYWODK5MWEWMDI5N, Quarentena, [475], [488914],1.0.7959
Adware.Csdimonetize, C:\PROGRAM FILES (X86)\XRRX\241267232.EXE, Quarentena, [2866], [592870],1.0.7959
PUP.Optional.InstallCore.Generic, C:\USERS\-------------------\DESKTOP\ATUBE_CATCHER_0656998135.EXE, Quarentena, [6143], [512134],1.0.7959
Trojan.BitCoinMiner, C:\PROGRAM FILES (X86)\CORE\VIDEOCARD.EXE, Quarentena, [567], [475355],1.0.7959
Adware.Csdimonetize, C:\PROGRAM FILES (X86)\XRRX\374534056.EXE, Quarentena, [2866], [592870],1.0.7959
Adware.Csdimonetize, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-TNFA0.TMP\DAZED.EXE, Quarentena, [2866], [592870],1.0.7959
PUP.Optional.BundleInstaller, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\BIT401C.TMP.EXE, Quarentena, [422], [601328],1.0.7959
PUP.Optional.InstallCore.Generic, C:\USERS\ENVIA\DOWNLOADS\ATUBE_CATCHER_0550002805.EXE, Quarentena, [6143], [512134],1.0.7959
Adware.OxyPumper, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\E7E3Y1C0\O8N5Y3V0.EXE, Quarentena, [4230], [601660],1.0.7959
Adware.Agent, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-93C8K.TMP\CRSWGVH.DLL, Quarentena, [101], [594543],1.0.7959
Adware.Csdimonetize, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-NGBU2.TMP\DAZED.EXE, Quarentena, [2866], [592870],1.0.7959
Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-TFEQP.TMP\SETUP.EXE, Quarentena, [2782], [601384],1.0.7959
Adware.Zdengo, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\NSUDA27.TMP\KNNUPMGIILB.DLL, Quarentena, [7763], [600697],1.0.7959
PUP.Optional.WinThruster, C:\WINDOWS\INSTALLER\75209.MSI, Quarentena, [1487], [461217],1.0.7959
Generic.Malware/Suspicious, C:\USERS\-------------------\DOWNLOADS\BITCOMET_1.44_SETUP.EXE, Quarentena,
Setor físico: 0
(Nenhum item malicioso detectado)
Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)
(end)
Security Check answer this for me! Image below
What should I do?
-
Could you please run AdwCleaner again and post the log?
-
I think it's fixed! Thank you very much
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-19.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-22-2018
# Duration: 00:00:00
# OS: Windows 10 Enterprise 2016 LTSB
# Cleaned: 2
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
Deleted Chrome Cleaner Pro
Deleted MSN Homepage & Bing Search Engine
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
- Delete Tracing Keys
- Reset Winsock
*************************
AdwCleaner[S00].txt - [16218 octets] - [21/11/2018 03:56:48]
AdwCleaner[C00].txt - [13635 octets] - [21/11/2018 03:59:14]
AdwCleaner[S01].txt - [1471 octets] - [21/11/2018 04:21:40]
AdwCleaner[C01].txt - [1619 octets] - [21/11/2018 04:21:55]
AdwCleaner[S02].txt - [1593 octets] - [22/11/2018 02:50:22]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
-
ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.
Download and execute ESET OnlineScan (http://eset.com/onlinescan) (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :
Enable detection of potentially unwanted applications;
Scan archives;
Scan for potentially unsafe applications;
Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;
(http://i424.photobucket.com/albums/pp322/digistar/Lilp6C2_1.png) (http://s424.photobucket.com/user/digistar/media/Lilp6C2_1.png.html)
After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
(http://i424.photobucket.com/albums/pp322/digistar/PbI6QoP_1.png) (http://s424.photobucket.com/user/digistar/media/PbI6QoP_1.png.html)
Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
(http://i424.photobucket.com/albums/pp322/digistar/iYk249p_1.png) (http://s424.photobucket.com/user/digistar/media/iYk249p_1.png.html)
After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
(http://i424.photobucket.com/albums/pp322/digistar/SQWS56I.png) (http://s424.photobucket.com/user/digistar/media/SQWS56I.png.html)
Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
(http://i424.photobucket.com/albums/pp322/digistar/OkgGDKc_1.png) (http://s424.photobucket.com/user/digistar/media/OkgGDKc_1.png.html)
Once you're done, click on the Back button;
Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;