Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa tarde,
O windows localizou um Hacktoll:win64/AutoKMS durante o scan.
Já examinei com o malwarebytes e não foi removido.
Encontrei esse tópico com um problema semelhante e fiz o primeiro passo recomendado:
Envio os links dos resultados do Farbar 64 bits.
http://www.cjoint.com/c/GIrun0YOgkm
http://www.cjoint.com/c/GIruox72Bpm
Agradeço desde já a atenção.
Nossa, DigRAM, preciso desinstalar os 2 programas?
Após esses processos eu posso reinstalar ou o erro voltará a aparecer?
Quais os riscos que corro se não desinstalar esses programas?
Desculpe, sou leiga nessa área...
/_ chrisroveran _\
> Tudo bem! Pode mantê-los já que não apresentam muito risco ao PC.
> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPCleaner_zps71d274df.jpg&key=dfc2cbaf1226075546950032c506270c0439c57203ca7c527f7221c835e7cf3f" class="ipsImage" alt="ZHPCleaner_zps71d274df.jpg" /> > ( /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/6LcRokv.jpg&key=4684c965737c18f7476fe10aa0d12f9a5f0279583460e462d3bcad9875ed3ea0" class="ipsImage" alt="6LcRokv.jpg" /> ... de Nicolas Coolman )
> Ou |Aqui!| << Mirror!
>
https://www.youtube.com/watch?v=8olWT8u5RYQ
> Caso tenha algum impedimento ao download,assista este tutorial que foi postado no YouTube,para desativar o Windows SmartScreen.
> Estando na página,clique /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/7ukwnm8.jpg&key=411680a7552ecf5560e81caa8178fc7cb71e09190a8cbd96b9b9f256cdfd3139" class="ipsImage" alt="7ukwnm8.jpg" />
> Salve-a no desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/psizeTv.jpg&key=1c335172bd8813ee2a17270ffc592714466fd22e6a0d02e01289ff5a950048d6" class="ipsImage" alt="psizeTv.jpg" />
> Clique "Eu".
> Clique Scanner.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/ljOOETD.jpg&key=17f616a66a0ac1f98d58b7ad72fc71eb684f7e9613c302777e420d4af6d64274" class="ipsImage" alt="ljOOETD.jpg" />
> Aguarde a conclusão!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/9g2LW3p.jpg&key=0e1bebfae36cbb4c260bebf282446e492aa1234bbb6cdf835ba00e03c61990c3" class="ipsImage" alt="9g2LW3p.jpg" />
> Ao concluir,clique Reparar.
> Surgirão guias que estarão em vermelho,indicando problemas a serem reparados.
> Clique Reparar.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/fN86PG8.jpg&key=0627b2d6ba9a8d38506700f60ee02989c4346b5b8c2a5f812deb142e1dc5d4dd" class="ipsImage" alt="fN86PG8.jpg" />
> Ao concluir,clique Relatório!
> Poste o log de reparo: ~ Type : Reparo
[Abs]
OK, aqui vai o relatório após o reparo.
Esse programa é bom manter para usar com uma certa frequência?
Grata
~ ZHPCleaner v2017.9.20.164 by Nicolas Coolman (2017/09/20)
~ Run by bibi_ (Administrator) (20/09/2017 23:16:38)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparo
~ Report : C:\Users\bibi_\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\bibi_\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit (Build 15063)
---\\ Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.
---\\ Navegadores de Internet (2)
SUPRIMIDO dados: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;<local>] =>Hijacker.Proxy
ENCONTRADO PARAMS: ProxyServer [proxy.ima.sp.gov.br:3128] (User.Validation)
---\\ Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)
---\\ Tarefas automáticas agendadas. (2)
SUPRIMIDO tarefas: [DropboxUpdateTaskMachineCore] [C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job (Not File) ] =>PUP.Optional.MySearch
SUPRIMIDO tarefas: [DropboxUpdateTaskMachineUA] [C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job (Not File) ] =>PUP.Optional.MySearch
---\\ Explorer ( Arquivos, Pastas) (13)
MOVIDO pasta: C:\Users\bibi_\Desktop\Popcorn-Time.lnk [Bad : C:\Users\bibi_\AppData\Local\Popcorn-Time\Popcorn-Time.exe](.The NWJS Community.) =>.SUP.PopcornTime
MOVIDO pasta: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job =>PUP.Optional.MySearch
MOVIDO pasta: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job =>PUP.Optional.MySearch
MOVIDO pasta: C:\Windows\Prefetch\KMS-R@1NHOOK.EXE-572109D9.pf =>HackTool.AutoKMS
MOVIDO pasta: C:\Windows\Prefetch\POPCORN-TIME.EXE-427539BB.pf =>.SUP.PopcornTime
MOVIDO pasta: C:\Users\bibi_\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_broffice.softonic.com.br_0.localstorage =>.SUP.Softonic
MOVIDO pasta: C:\Users\bibi_\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pt.socialnewpages.com_0.localstorage =>.SUP.SocialNewPages
MOVIDO pasta: C:\Users\bibi_\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.socialnewpagessearch.com_0.localstorage =>.SUP.SocialNewPages
MOVIDO pasta: C:\Users\bibi_\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_virtual-clonedrive.softonic.com.br_0.localstorage =>.SUP.Softonic
MOVIDO pasta: C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator
MOVIDO arquivo*: C:\Users\bibi_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time =>.SUP.PopcornTime
MOVIDO arquivo*: C:\Users\bibi_\Music\Foster The People - Torches =>.SUP.Torch
MOVIDO arquivo*: C:\Users\bibi_\AppData\Local\Popcorn-Time =>.SUP.PopcornTime
---\\ Registro ( Chaves, Valores, Dados ) (9)
SUPRIMIDO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a3c13200-d2cb-4ecf-bbf7-041e9ee246af}\\DhcpNameServer [Bad : 172.21.0.197 172.21.0.198] =>Hijacker.Browser
SUPRIMIDO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ba7e5809-1f84-464c-a002-ee43f01749e4}\\DhcpNameServer [Bad : 172.21.0.197 172.21.0.198] =>Hijacker.Browser
SUPRIMIDO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e947a716-ef47-4f91-9ded-222f2e43b08a}\\DhcpNameServer [Bad : 172.21.0.197 172.21.0.198] =>Hijacker.Browser
SUPRIMIDO chave*: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BlueStacks Packages [BlueStacks Packages] =>Adware.InstallCore
SUPRIMIDO chave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn-Time [Popcorn Time] =>.SUP.PopcornTime
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\atwola.com [] =>.SUP.Atwola
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ol.at.atwola.com [412] =>.SUP.Atwola
SUPRIMIDO chave*: HKCU\Software\undefined [] =>.SUP.Downloader
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1 [Vitzo Limited] =>Adware.OpenCandy
---\\ Resumo dos elementos encontrados na sua estação de trabalho (13)
[https://nicolascoolman.eu/2017/04/03/hijacker-proxy/](https://nicolascoolman.eu/2017/04/03/hijacker-proxy/) =>Hijacker.Proxy
[https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/](https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/) =>PUP.Optional.MySearch[https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/](https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/) =>Hijacker.Browser
[https://nicolascoolman.eu/2017/09/19/adware-installcore-3/](https://nicolascoolman.eu/2017/09/19/adware-installcore-3/) =>Adware.InstallCore[https://nicolascoolman.eu/2017/02/24/adware-opencandy/](https://nicolascoolman.eu/2017/02/24/adware-opencandy/) =>Adware.OpenCandy
---\\ Dodatkowe oczyszczenie. (25)
~ Chave de registro Tracing Supprimido (25)
~ Remover os relatórios antigos ZHPCleaner. (0)
---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)
---\\ Estatísticas
~ Items scan : 1198
~ Items encontrado : 1
~ items cancelados : 0
~ Items réparo : 25
~ End of clean in 00h02mn48s
~====================
ZHPCleaner-[R]-20092017-23_19_26.txt
ZHPCleaner--20092017-23_10_29.txt/_ Bom Dia! chrisroveran _\
>
7 horas atrás, chrisroveran disse:
OK, aqui vai o relatório após o reparo.
Esse programa é bom manter para usar com uma certa frequência?
Grata
> Caso queira,podes ficar com a ZHPCleaner para usos ocasionais.
> Mas... você esqueceu de postar o relatório Fixlog,que resulta do script executado pela FRST.
[]s
Ah, desculpe.
Mas o problema foi resolvido.
Agradeço muito a atenção!
/_ Boa Noite! chrisroveran _\
---\\ Resumo dos elementos encontrados na sua estação de trabalho (13)[https://nicolascoolman.eu/2017/02/02/hacktool-autokms/](https://nicolascoolman.eu/2017/02/02/hacktool-autokms/) =>HackTool.AutoKMS
---
---[https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/](https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/) =>HackTool.WinActivator
>
>
> Como **você** não tinha rodado o ***script***,a **remoção** ficou **ao encargo** da** ZHPCleaner**.>
https://www.bleepingcomputer.com/download/delfix/
> Remova seus Pontos de Restauração com a DelFix.
> Bom trabalho!
[]s
Caso Resolvido!
Para sua Segurança!
Leia as dicas ou orientações contidas na Cartilha de Segurança para Internet.
Caso Resolvido!
/_ Boa Noite! chrisroveran _\
> Desinstale: <2>
BlueStacks Packages (HKU\S-1-5-21-1849708004-2261678134-3419513933-1001\...\BlueStacks Packages) (Version: - )
Popcorn-Time (HKU\S-1-5-21-1849708004-2261678134-3419513933-1001\...\Popcorn-Time) (Version: 0.3.10 - Popcorn Time)
>
Start
CloseProcesses:
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
GroupPolicy: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
HKU\S-1-5-21-1849708004-2261678134-3419513933-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://it-mg42.mail.yahoo.com/neo/launch?.rand=dhpvbsqibfa6l
HKU\S-1-5-21-1849708004-2261678134-3419513933-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://blu181.mail.live.com/?fid=flinbox
SearchScopes: HKU\S-1-5-21-1849708004-2261678134-3419513933-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1849708004-2261678134-3419513933-1001 -> {14FF4D56-9DB2-49CA-9001-E124A693E056} URL =
SearchScopes: HKU\S-1-5-21-1849708004-2261678134-3419513933-1001 -> {8480B1E8-A45C-45F9-B59B-4AE37D2C9612} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1849708004-2261678134-3419513933-1001 -> {A16113BC-2031-4602-81FB-96B1E6E68B2D} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-10-20] () [Arquivo não assinado]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
2017-09-17 16:29 - 2017-06-18 18:48 - 000000000 ____D C:\AdwCleaner
2017-08-31 21:08 - 2017-01-15 17:22 - 000002236 _____ C:\Users\bibi_\Desktop\Popcorn-Time.lnk
2016-10-16 21:15 - 2016-10-16 21:15 - 000000000 _____ () C:\Users\bibi_\AppData\Local\{2104E200-A49E-4DCC-8452-E1D47511642B}
2016-10-20 12:50 - 2016-10-20 12:50 - 000026112 _____ () C:\Windows\KMS-R@1n.exe
2017-06-04 22:29 - 2017-06-04 22:29 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
Task: {976AF8F4-4922-4AC3-B3F3-D38B5C7DAD31} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate]
ShortcutWithArgument: C:\Users\bibi_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Sticky Notes.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=nbjdhgkkhefpifbifjiflpaajchdkhpg
ShortcutWithArgument: C:\Users\bibi_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Enfermeiras - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5"
ShortcutWithArgument: C:\Users\bibi_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Enf GO Telos 3 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\bibi_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\ChrisRoveran - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\bibi_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\CS Boa Vista - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
2017-09-17 16:35 - 2017-09-17 16:35 - 000088064 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\_ctypes.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000918528 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\_hashlib.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000098816 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32api.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000110080 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\pywintypes27.dll
2017-09-17 16:35 - 2017-09-17 16:35 - 000364544 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\pythoncom27.dll
2017-09-17 16:35 - 2017-09-17 16:35 - 000686080 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\unicodedata.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000320512 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32com.shell.shell.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 001177088 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\wx._core_.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000806912 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\wx._gdi_.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000816640 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\wx._windows_.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 001067520 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\wx._controls_.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000733696 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\wx._misc_.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000736256 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\pysqlite2._sqlite.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000119808 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32file.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000108544 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32security.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000007168 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\hashobjs_ext.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000017920 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\thumbnails_ext.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000082432 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\usb_ext.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000013824 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\common.time34.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000018432 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32event.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000088576 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\windows.volumes.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000017408 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\windows.winwrap.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000167936 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32gui.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000046080 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\_socket.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 001309696 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\_ssl.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000129536 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\_elementtree.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000127488 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\pyexpat.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000038912 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32inet.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000077824 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\wx._html2.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000036864 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\_psutil_windows.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000524248 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\windows._lib_cacheinvalidation.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000011264 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32crypt.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000218624 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\PIL._imaging.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000027648 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\_multiprocessing.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000020480 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\_yappi.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000035840 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32process.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000024064 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32pipe.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000010240 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\select.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000025600 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32pdh.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000058880 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\windows.device_monitor.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000017408 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32profile.pyd
2017-09-17 16:35 - 2017-09-17 16:35 - 000022528 _____ () C:\Users\bibi_\AppData\Local\Temp\_MEI90242\win32ts.pyd
C:\Windows\KMS-R@1n.exe
EmptyTemp:
Hosts:
Reboot:
end
> Execute FRST/FRST64.exe >> Clique "Corrigir" << Aguarde!
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool". (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs
/applications/core/interface/imageproxy/imageproxy.php?img=http://r17.imgfast.net/users/1712/29/07/67/smiles/434264.gif&key=8b580fd8c41338fe0925cd84ba4dbbb4293b15fe6a04cbd03d242b4e86624720" class="ipsImage" alt="434264.gif" />
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >
[Abs]