Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá, gostaria de ajuda para verificação. Percebi que estou com algum tipo de vírus no meu email(hotmail). Recebi um email, vindo de mim mesmo. Passei o Malwarebytes e rodei o McAfee, mas a situação continua a mesma.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:38:44 PM, on 20-Jun-15
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
C:\Users\henri_000\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [GoPro Studio Importer] C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\henri_000\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\henri_000\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\henri_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [spotify] "C:\Users\henri_000\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat
O4 - Global Startup: GoPro Importer.lnk = C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
O23 - Service: Dell Product Registration Manager (DellProdRegManager) - Aviata, Inc. - C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe--
End of file - 16805 bytes
http://pjjoint.malekal.com/files.php?read=20150620_s8n12p8x6h5
A atividade de spam no hotmail seria detectado pelo hijack?
/!\ Bom Dia! .matiello /!\
A atividade de spam no hotmail seria detectado pelo hijack?
Não!
Execute este script na ferramenta ZHPFix.
Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
À seguir,minimize o Bloco de Notas.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyTemp
EmptyFlash
HiddenFix
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001Core] (.Facebook Inc..) -- C:\Users\henri_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001UA] (.Facebook Inc..) -- C:\Users\henri_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]Abra a ferramenta ZHPFix. < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_logo2_zpsea0f2aa4.jpg&key=d5542cfa8c2927966334db1e22757054447548c1fa99304069314737b6934181" alt="ZHPFix_logo2_zpsea0f2aa4.jpg" /> >
Clique IMPORTAÇÃO >> OK.
Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
Clique "GO".
Poste o relatório!
/applications/core/interface/imageproxy/imageproxy.php?img=http://r17.imgfast.net/users/1712/29/07/67/smiles/434264.gif&key=8b580fd8c41338fe0925cd84ba4dbbb4293b15fe6a04cbd03d242b4e86624720" alt="434264.gif" />
< Peço aos visitantes que não utilizem este script em seus computadores,sob risco de danos aos mesmos! >
A+
Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by henri_000 at 21-Jun-15 12:05:47 AM
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Recycle Bin emptied (07mn AMs)
Prefetcher emptied
========== Registry keys ==========
REMOVES: HKCU\Software\AppDataLow\Software\BackgroundContainerV2
REMOVES: HKCU\Software\AppDataLow\Software\Smartbar
REMOVES: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
REMOVES: HKCU\Software\AppDataLow\Toolbar
REMOVES: HKCU\Software\AppDataLow\Software\TbccintSearchScopes
REMOVES: HKCU\Software\AppDataLow\Software\Tbccint
REMOVES: HKCU\Software\Conduit
REMOVES: HKLM\Software\Wow6432Node\Conduit
========== Registry values ==========
ABSENT value Standard Profile: FirewallRaz :
ABSENT value Domain Profile: FirewallRaz :
REMOVES: FirewallRaz (Domain) : {9E3D57FC-7C37-4424-9352-4831E97D029D}
REMOVES: FirewallRaz (Domain) : {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}
========== Folders ==========
No folders empty CLSID Local user
Deletes temporary Windows (250)
REMOVES Flash Cookies (0)
========== Files ==========
Deletes temporary Windows (168) (101,597,675 octets)
REMOVES Flash Cookies (0) (0 octets)
========== Scheduled task ==========
REMOVES: FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001Core
REMOVES: FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001UA
REMOVES: AutoKMS
REMOVES: AutoKMS
REMOVES: AutoKMS
========== Hidden folders/files restored ==========
Mes images (My Pictures) : 27 restored successfully
Ma musique (My Music) : 295 restored successfully
Ma Video (My Video) : 34 restored successfully
Mes Favoris (My Favorites) : 2 restored successfully
Mes Documents (My Documents) : 13 restored successfully
Mon Bureau (My Desktop) : 9 restored successfully
Menu demarrer (Programs) : 8 restored successfully
Dossier utilisateur (AppData) : 24 restored successfully
Programmes (Program Files) : 6 restored successfully
========== System restore ==========
The system successfully created restore point
========== Summary ==========
8 : Registry keys
4 : Registry values
3 : Folders
2 : Files
5 : Scheduled task
418 : Hidden folders/files restored
1 : System restore
End of clean in 51mn AMs
========== Path to file report ==========
C:\Users\henri_000\AppData\Roaming\ZHP\ZHPFix[R1].txt - 21-Jun-15 12:05:55 AM [2453]
/!\ Boa Tarde! .matiello /!\
< Yahoo Mail >
Seu hotmail pode ter sido hackeado.
Utilize o Yahoo Mail,por um período,até que esta situação seja sanada!
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Logo2_zps580bcd78.jpg&key=71530441ef1621c6398a69f0f5fae6f7f5c87897579baf8487ec306c4e109626" alt="AdwCleaner_Logo2_zps580bcd78.jpg" /> > ( ... par Xplode )
Ou daqui: < AdwCleaner >
Ao acessar,clique em "Download Now".
Salve-o no desktop!
< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" /> >
Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/AdwCleaner_Examinar_zps828ed634.jpg&key=ab3daa6c25adcfd393aa42949dcd0177a1c4f1dba193cc7c9704843f6ef97402" alt="AdwCleaner_Examinar_zps828ed634.jpg" />
Ps: D� início ao scan,clicando em "Examinar".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Limpar_zps06005ae9.jpg&key=e03b122437ba41a51aeb80130d87464e234beda92d71d6cab1205ee84e50d78e" alt="AdwCleaner_Limpar_zps06005ae9.jpg" />
Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
Copie o log ou clique "Relatorio".
Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >
A+
*** [ Services ] ***
*** [ Files / Folders ] ***
Folder Deleted : C:\Users\henri_000\AppData\LocalLow\Tbccint
File Deleted : C:\END
File Deleted : C:\Users\henri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\henri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
*** [ Scheduled tasks ] ***
*** [ Shortcuts ] ***
*** [ Registry ] ***
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
*** [ Web browsers ] ***
-\\ Internet Explorer v11.0.9600.17840
-\\ Google Chrome v43.0.2357.124
[C:\Users\henri_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] :
[C:\Users\henri_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [startup_URLs] : 37D9568D348EDF77F73A1F3B60F5F1DC09EC5836273DBFD66B1861B28A7DF3A3"},"software_reporter":{"prompt_reason":"0A3B07BAE36CA2D73D136CCD3274D8D147C1F8DB2A45A9E0EFF9CB91A2D0D7BF","prompt_seed":"B92681C4F460C884C06B644CE183287A00277DF0B915BA2655D31E35D49CAAD7","prompt_version":"4D7B1E0830276285685D136008D1257DD2646E40075D625BF90A7F0524AE40C8"},"sync":{"remaining_rollback_tries":"5A360A4BDB99EAE5A7815F84710BD9A008F6A465BECEBE95DBE4635EB9AD6F5C"}},"super_mac":"E9C66AA2DDC8BEB524F90044DB9B7370D7F24D237FAA78D302E320FDAFA9983E"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://istart.webssearches.com/?type=hppp&ts=1398804259&from=tugs&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF118870488704
*************************
AdwCleaner[R0].txt - [7047 bytes] - [21/06/2015 10:24:50]
AdwCleaner[s0].txt - [2204 bytes] - [21/06/2015 10:29:30]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2263 bytes] ##########
/!\ Boa Noite! .matiello /!\
Abra a ferramenta AdwCleaner e clique em "Desinstalar".
Confirme a solicitação!
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/1268r49.png&key=be85c7a026af0cb092d2f868777759c6b4bd667a01f00e36e91558a667424520" alt="1268r49.png" /> > ( ... by Oleg N. Scherbakov )
Salve-o no desktop!
Desabilite seu antivírus!
Para Windows 7,clique direito em JRT.exe e execute-o ...
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
Aguarde a conclusão e poste o relatório. ( JRT.txt )
A+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.3 (06.19.2015:1)
OS: Windows 8.1 x64
Ran by henri_000 on 21-Jun-15 at 13:34:53.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\henri_000\AppData\Roaming\pcdr
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
~~~ Chrome
[C:\Users\henri_000\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\henri_000\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\henri_000\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\henri_000\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21-Jun-15 at 13:45:13.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/!\ Bom Dia! .matiello /!\
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/FRST_Logo.jpg&key=c15718bb8dd09587f9609594b5c08ed5e52c3c9d1c882702f6697f6f447d11bc" alt="FRST_Logo.jpg" /> > ( ... by Farbar )
No banner àcima,é para sistemas 32bits!
< Farbar Recovery Scan Tool 64-Bit >
No link àcima,é para sistemas 64bits!
Salve-o no desktop! (Área de trabalho ...)
Execute a ferramenta! Clique "Yes" >> "Scan".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/FRST_Addition_Scan_zpsa9fe21c8.jpg&key=57413e2cacfcda8498eac29552ca9f75b4e4f153241a12d409a31b0737393661" alt="FRST_Addition_Scan_zpsa9fe21c8.jpg" />
Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
Poste os relatórios! (FRST.txt + Addition.txt)
Como o log será extenso,envie-o à /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/EUE4tdb.jpg&key=a1493902e025170e24c1db9b5cbad8c87dbfb6dcd8089f17bcd66f77da7e54c1" alt="EUE4tdb.jpg" />
Clique no botão Parcourir...
Busque o relatório e clique no botão Abrir.
Clique no botão "Créer le lien Cjoint".
Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acrVh6GY.jpg&key=a98031df11d71116e6fc6fe6586a03c4ab49a7be484751ed5881cb409d37ce42" alt="acrVh6GY.jpg" />
O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Copierlelien_zpsd51f499f.jpg&key=660428e74964025a431cba1b51ee2132f7bbee4aaf74172bd3f0a3be25c5b2b1" alt="Copierlelien_zpsd51f499f.jpg" />
Ou clique "**Copier le lien (*)" e cole o link ao seu Post**.
A+
/!\ Bom Dia! .matiello /!\
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/CTR_Logo_zpsd76553a2.jpg&key=ce4b68a6b3c6a8966a5bf17fa2db486536539d5a79aef725baeea1d0ad4c160b" alt="CTR_Logo_zpsd76553a2.jpg" /> > ( ... de Pierre 13 )
Caso encontre dificuldades ou bloqueio ao realizar o download,utilize o navegador Internet Explorer.
Salve-a no desktop!
Para Windows 7 e 8,execute-a com clique direito do mouse.
Desabilite seu antivírus!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i39.tinypic.com/8vq7ma.jpg&key=54cd86231d1d8260cccd74af55605b09525bc49350c2e15616b9be0763b25942" alt="8vq7ma.jpg" />
Escolha: Executar como administrador! ( Windows Vista, 7 ,8 e 8.1 ) (32 e 64 bits)
Para Windows XP,basta duplo-clique em CTR.exe.
Aguarde a finalização,que é rápida!
Poste o relatório! ( CTR.txt )
Copie estas informações que estão em vermelho,para o Bloco de Notas.
Salve-as com o nome fixlist. << Texto!
Salve-as no desktop! ( ***Área de trabalho ...* ) -/- C:\Users\henri_000\Desktop **<<
start
CloseProcesses:
emptytemp:
HKU\S-1-5-21-2481831376-2314398108-120359188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
2015-06-21 13:45 - 2015-06-21 13:45 - 00001422 _____ C:\Users\henri_000\Desktop\JRT.txt
2015-06-21 13:35 - 2015-06-21 13:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MATIELLO-Windows-8.1-(64-bit).dat
2015-06-21 13:32 - 2015-06-21 13:33 - 02950750 _____ (Thisisu) C:\Users\henri_000\Desktop\JRT.exe
2015-06-21 00:05 - 2015-06-21 00:05 - 00002539 _____ C:\Users\henri_000\Desktop\ZHPFixReport.txt
2015-06-20 21:59 - 2015-06-20 21:59 - 00122900 _____ C:\Users\henri_000\Desktop\ZHPDiag.txt
2015-06-20 21:57 - 2015-06-20 21:57 - 00000512 _____ C:\PhysicalDisk0_MBR.bin
2015-06-20 21:52 - 2015-06-21 00:05 - 00000000 ____D C:\Users\henri_000\AppData\Roaming\ZHP
2015-06-20 21:52 - 2015-06-20 21:52 - 00002005 _____ C:\Users\henri_000\Desktop\ZHPFix.lnk
2015-06-20 21:52 - 2015-06-20 21:52 - 00001874 _____ C:\Users\henri_000\Desktop\ZHPDiag.lnk
2015-06-20 21:52 - 2015-06-20 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-06-20 21:52 - 2015-06-20 21:52 - 00000000 ____D C:\Program Files (x86)\ZHPDiag
2015-06-20 21:50 - 2015-06-20 21:51 - 06880102 _____ (Nicolas Coolman ) C:\Users\henri_000\Downloads\ZHPDiag2.exe
2015-06-20 17:30 - 2015-06-20 17:30 - 00000000 ____D C:\Users\henri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-06-20 17:30 - 2015-06-20 17:30 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2015-06-20 17:27 - 2015-06-20 17:38 - 00000000 ____D C:\HijackThis
CreateRestorePoint:
Reboot:
end
Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
Na mensagem,clique Executar.
Poste o relatório! (Fixlog.txt)
/applications/core/interface/imageproxy/imageproxy.php?img=http://r17.imgfast.net/users/1712/29/07/67/smiles/434264.gif&key=8b580fd8c41338fe0925cd84ba4dbbb4293b15fe6a04cbd03d242b4e86624720" alt="434264.gif" />
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >
A+
Fix result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by henri_000 at 2015-06-23 12:21:47 Run:1
Running from C:\Users\henri_000\Desktop
Loaded Profiles: henri_000 (Available Profiles: henri_000)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
emptytemp:
HKU\S-1-5-21-2481831376-2314398108-120359188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
2015-06-21 13:45 - 2015-06-21 13:45 - 00001422 _____ C:\Users\henri_000\Desktop\JRT.txt
2015-06-21 13:35 - 2015-06-21 13:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MATIELLO-Windows-8.1-(64-bit).dat
2015-06-21 13:32 - 2015-06-21 13:33 - 02950750 _____ (Thisisu) C:\Users\henri_000\Desktop\JRT.exe
2015-06-21 00:05 - 2015-06-21 00:05 - 00002539 _____ C:\Users\henri_000\Desktop\ZHPFixReport.txt
2015-06-20 21:59 - 2015-06-20 21:59 - 00122900 _____ C:\Users\henri_000\Desktop\ZHPDiag.txt
2015-06-20 21:57 - 2015-06-20 21:57 - 00000512 _____ C:\PhysicalDisk0_MBR.bin
2015-06-20 21:52 - 2015-06-21 00:05 - 00000000 ____D C:\Users\henri_000\AppData\Roaming\ZHP
2015-06-20 21:52 - 2015-06-20 21:52 - 00002005 _____ C:\Users\henri_000\Desktop\ZHPFix.lnk
2015-06-20 21:52 - 2015-06-20 21:52 - 00001874 _____ C:\Users\henri_000\Desktop\ZHPDiag.lnk
2015-06-20 21:52 - 2015-06-20 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-06-20 21:52 - 2015-06-20 21:52 - 00000000 ____D C:\Program Files (x86)\ZHPDiag
2015-06-20 21:50 - 2015-06-20 21:51 - 06880102 _____ (Nicolas Coolman ) C:\Users\henri_000\Downloads\ZHPDiag2.exe
2015-06-20 17:30 - 2015-06-20 17:30 - 00000000 ____D C:\Users\henri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-06-20 17:30 - 2015-06-20 17:30 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2015-06-20 17:27 - 2015-06-20 17:38 - 00000000 ____D C:\HijackThis
CreateRestorePoint:
Reboot:
end
*****************
Processes closed successfully.
HKU\S-1-5-21-2481831376-2314398108-120359188-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Service removed successfully
C:\Users\henri_000\Desktop\JRT.txt => moved successfully.
C:\Windows\tweaking.com-regbackup-MATIELLO-Windows-8.1-(64-bit).dat => moved successfully.
C:\Users\henri_000\Desktop\JRT.exe => moved successfully.
C:\Users\henri_000\Desktop\ZHPFixReport.txt => moved successfully.
C:\Users\henri_000\Desktop\ZHPDiag.txt => moved successfully.
C:\PhysicalDisk0_MBR.bin => moved successfully.
C:\Users\henri_000\AppData\Roaming\ZHP => moved successfully.
C:\Users\henri_000\Desktop\ZHPFix.lnk => moved successfully.
C:\Users\henri_000\Desktop\ZHPDiag.lnk => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP => moved successfully.
C:\Program Files (x86)\ZHPDiag => moved successfully.
C:\Users\henri_000\Downloads\ZHPDiag2.exe => moved successfully.
C:\Users\henri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis => moved successfully.
C:\Program Files (x86)\Trend Micro => moved successfully.
C:\HijackThis => moved successfully.Restore point was successfully created.
EmptyTemp: => 2 GB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 12:23:06 ====
/!\ Bom Dia! .matiello /!\
Poste o relatório da ferramenta CTR.
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1377.photobucket.com/albums/ah43/caedurodrigues/Removal%2520Tools/SFT_Icon_zpsf8e1bf56.png&key=50ea599a4148658ca55b3ee0c7481356f54733c2bc24a6e3f86d76dad34561da" alt="SFT_Icon_zpsf8e1bf56.png" />SFTGC > ( ... de Pierre13 )
Tendo dificuldades no download,utilize o navegador Internet Explorer.
Salve-o no desktop!
Para Windows Vista e 7,execute "SFTGC.exe" como administrador!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/SFTGC_Go_zps151dad06.jpg&key=1b6242bb716a1a228385ec3e75d2bd83e0dff6646ff08e4d73d5097c9c6f66c5" alt="SFTGC_Go_zps151dad06.jpg" />
Execute-o e clique "Go".
Aguarde seu término,que é rápido.
Poste o relatório! ( SFT.txt )
Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
Acesse,para esta tarefa! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >
A+
/!\ Bom Dia! .matiello /!\
O relatório da ferramenta CTR,pode ser colado diretamente em seu Post.
Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/delfix_108_zps75ef8ba4.jpg&key=b39e23e6b61919a1a815c38e03726a9072afe4f3d0095f800f63e2e4ac1f671e" alt="delfix_108_zps75ef8ba4.jpg" /> > ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/DelFix_Download_zpsb5d944c7.jpg&key=c11cd63c68a67a8bcd0443a3fe0e716fc51d8e7a80122a3b6bf3a92bc1cfea40" alt="DelFix_Download_zpsb5d944c7.jpg" />
Link alternativo: < delfix_1.010.exe >
Estando na página,clique em Download Now.
Salve-a em um local conveniente! ( ***desktop!* **)
Feche aplicativos que estejam abertos.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/a2UgMDf.jpg&key=ab405929aa62c01b3dadd7e07428eea8c5abca0b4b4e065703141e5722a8d294" alt="a2UgMDf.jpg" />
Remover ferramentas de desinfecção
Criar backup do registro
Limpar pontos da restauração do sistema
Redefinir as configurações do sistema
Com estas caixinhas marcadas,clique Executar!
Reinicie o computador ao concluir!
Tudo Ok?
A+
Rapport de Contrôle restrictions Pierre13 (CTR version 2.0.0.2 ) du 23\06\2015 à 12:19:03
PC de henri_000
Windows 8.1 (64 bits)
Réparation erreur 2203 effectuée.
Contrôle présence restrictions
[TROJ_POWELIKS.B] clé feature_browser_emulation supprimée.
[bKDR_BLACKEN.A] clé Check_Associations supprimée.
[bKDR_BLACKEN.A] clé DisableFirstRunCustomize supprimée.
[bKDR_BLACKEN.A] clé WarnOnClose corrigée.
Autorisation installation sponsor Java(x86) supprimée.
Autorisation installation sponsor Java(x64) supprimée.
Restriction Affichage Documents récents supprimée.
Restriction Affichage Documents supprimée.
Restriction synchronisation en arrière-plan des flux d’informations et des Web Slices supprimée.
Restriction découverte des flux RSS et des Web Slices supprimée.
Pavé numérique activé.
Restriction utilisateur pour Windows Installer supprimée.
Recherche Windows Update rétablie.
Service Pare feu Windows activé.
Paramètres Pare feu Windows rétablis par défaut et activé.
237 restrictions contrôlées.
14 restriction(s) réparée(s).
Re démarrer le PC pour prendre en compte la ou les réparations.
Le rapport est sur le bureau (C:\Users\henri_000\Desktop\CTR.txt)
/!\ Olá! .matiello /!\
Seus logs estão limpos! :)
Seu hotmail ainda apresenta problemas?
A+
Olá, até agora não. Posso excluir o delfix, sftgc e ctr?
/!\ Olá! .matiello /!\
Normalmente a DelFix autodesinstala durante sua execução!
Quanto ao SFTGC e CTR,pode excluir pastas,arquivos ou atalhos!
Bom trabalho!
Abs!
Muito obrigado pela ajuda!
< Cartilha de Segurança > << Link!
Leiam as várias dicas que estão contidas na Cartilha de Segurança e fiquem livres de infecções!
< /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/D6VX88q.jpg&key=f89675165232d371403bf1ecc584d81336db290b7287ca57be8f66c7818c71ed" alt="D6VX88q.jpg" />Avira Browser Safety > << Link!
Instale este complemento ao Google Chrome ou Spark e navegue tranquilamente!
< /applications/core/interface/imageproxy/imageproxy.php?img=https://noscript.net/noscript/logo.png&key=9195d0cc245706787252cb9154acc56cd3111a80ae4b93d8c09b0a4d6462f017" alt="logo.png" /> direct download link for NoScript 2.6.9.21 > << Link!
Instale este complemento ao Firefox e navegue tranquilamente!
/applications/core/interface/imageproxy/imageproxy.php?img=http://rammichael.com/wp-content/uploads/2014/10/unchecky_0.3_notification_icon.png&key=b5b10ad1a908fe024d77081e2bb1ad9690273a4b824d9dcfae2e322957a41591" alt="unchecky_0.3_notification_icon.png" />
Previna-se da instalação de PUPs com o Unchecky. << Link!
Utilizem o SpywareBlaster para proteger o Internet Explorer de Exploits e scripts maliciosos.
Podem reparar,que proteções adicionais são oferecidas ao Mozilla Firefox e Google Chrome.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/g6KS3Wb.jpg&key=54b2a66a37733e8ea7be6e6c36230f993bc1be772096aaaa7896b38a8b23228b" alt="g6KS3Wb.jpg" />
> Baixe: < SpywareBlaster 5.0 >
Salve-o em Arquivos de programas.
Após instalar o SB,vá em "Protection Status" >> Clique em "Enable All Protection"
Atualize o SB,clicando em "Updates" >> "Check for Updates" >> Aguarde!
Terminando,clique novamente em "Enable All Protection".
Ps: À cada 10 dias,busque atualizar seu banco de definições.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/tmmJyxa.jpg&key=d3cbcd2e68906581bf6c71dcd19b1a82ab43d9cd8bee440764b62a81c00a18af" alt="tmmJyxa.jpg" />
Outra boa solução para exploits,seria a instalação do Malwarebytes Anti-Exploit Free.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/rYESBio.jpg&key=a6626db3646830da7e2ec27e21a933a31ce93dd27633a03f2c474260de813c02" alt="rYESBio.jpg" />
Mantenham o Hosts e Internet Explorer protegidos,com o WinPatrol.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/2VNx3WO.jpg&key=ab74b27f588d8d654abfd3b5941700c6a9aa0c37644c3587d718822fa59a6187" alt="2VNx3WO.jpg" />
O WinPatrol ao detectar solicitações de mudanças ao Hosts,lhes darão as opções de aceitarem ou rejeitarem as alterações.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/8ixYlsp.jpg&key=9881c0c5506991b41f3702f0a7c4adaec7c2752231b27e4a958570ff5a3f5659" alt="8ixYlsp.jpg" />
Para o download,cliquem: "Download WinPatrolToGo 2014"
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/cCTJ6FJ.jpg&key=d738d5ec5e9a1edaeac74d2a0e2fa9e27c601e2c7a8d9824a6fbd4d13e477839" alt="cCTJ6FJ.jpg" />
Desinfecte seus pendrives,com o Flash Disinfector.
Ao executar,cliquem OK na 1ª e 2ª mensagem!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/BxDHuwS.jpg&key=743f8a3ea4493363530621b0a454019f85a1ecede626b5b381deb0d2a0086f4a" alt="BxDHuwS.jpg" />
Mantenham o Java e Flash Player,atualizados!
Para o Java,execute sua instalação off-line. ( Windows Off-line )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/gvIx5kz.jpg&key=ededce124d2a4380bd211d3ee91f6c86d529ff6e8954ca98c17d7ebf4776238b" alt="gvIx5kz.jpg" />
Ps: Durante sua instalação,desmarquem as caixas de instalação da Ask Toolbar.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/chd4hOU.jpg&key=ecd78d9a477697ca7cd6d8c916e0a04d5b3b4d619ac8911bda82305c01519d56" alt="chd4hOU.jpg" />
Mantenham seus computadores atualizados,visitando regularmente o Windows Update.
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
/!\ Bom Dia! matiello /!\
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\henri_000\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/pSGTOt0.jpg&key=c025ad22eb7b311e78e340f8e1eaeaf29ee05f56c9d0b8d7e5a876fa0a3e37c3" alt="pSGTOt0.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pergaminho2_zps6e758639.jpg&key=6ea716e3ff0c1e80fdbb9b821ab86cbec4d10a8ec6466840625e1b7577bb9e18" alt="ZHPDiag_Pergaminho2_zps6e758639.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://9.t.imgbox.com/Vnc4TryL.jpg&key=95d2236a6bb65f85938db2fa2f2931d2b3e7431e2cb91cb7f09c5f51e3d6bda7" alt="Vnc4TryL.jpg" />
A+