[Resolvido] Verificação de Log

[.matiello 0]

Olá, gostaria de ajuda para verificação. Percebi que estou com algum tipo de vírus no meu email(hotmail). Recebi um email, vindo de mim mesmo. Passei o Malwarebytes e rodei o McAfee, mas a situação continua a mesma.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:38:44 PM, on 20-Jun-15

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.17840)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\puush\puush.exe

C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe

C:\Users\henri_000\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\BlueStacks\HD-Agent.exe

C:\Program Files (x86)\Dell Update\DellUpTray.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe

O4 - HKLM\..\Run: [GoPro Studio Importer] C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Users\henri_000\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\henri_000\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\henri_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [spotify] "C:\Users\henri_000\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

O4 - HKCU\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat

O4 - Global Startup: GoPro Importer.lnk = C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe

O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe

O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe

O23 - Service: Dell Product Registration Manager (DellProdRegManager) - Aviata, Inc. - C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe

O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe

O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe

O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe

O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: My Dell Client Framework - Dell Inc. - C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--

End of file - 16805 bytes

[DigRam 144]

/!\ Bom Dia! matiello /!\

> Aparentemente,não há malwares em execução!

> Abra o HijackThis.

> Clique: Do a system scan only

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\henri_000\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat

> Marque estas entradas que estão em vermelho! ( Assinale as caixinhas! )

> Clique,para finalizá-las,em Fix checked.

> Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )

> Ou aqui! << Link!

> Ou aqui! << Mirror!

> Se o download não iniciar,automáticamente,vá em "clique aqui",para outro link alternativo.

> Salve-o no disco local! ( C ou D )

> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

> Execute o ícone do pergaminho. ( ZHPDiag )

> Clique "COMPLETA" e aguarde a conclusão!

> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )

> Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

> Ou acesse: < >

> Maiores informações: < |Link| > << Hospedagem!

A+

[.matiello 0]

http://pjjoint.malekal.com/files.php?read=20150620_s8n12p8x6h5

A atividade de spam no hotmail seria detectado pelo hijack?

[DigRam 144]

/!\ Bom Dia! .matiello /!\

A atividade de spam no hotmail seria detectado pelo hijack?

> Não!

> Execute este script na ferramenta ZHPFix.

> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.

> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )

> À seguir,minimize o Bloco de Notas.

Script ZHPFix

FirewallRaz

EmptyPrefetch

EmptyCLSID

EmptyTemp

EmptyFlash

HiddenFix

[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001Core] (.Facebook Inc..) -- C:\Users\henri_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]

[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001UA] (.Facebook Inc..) -- C:\Users\henri_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]

[MD5.140237BA8BD1AAC665893A4A456ABDD9] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [3732480]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001Core.job [940]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001Core [940]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001UA.job [962]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001UA [962]

[HKCU\Software\AppDataLow\Software\BackgroundContainerV2]

[HKCU\Software\AppDataLow\Software\Smartbar]

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]

[HKCU\Software\AppDataLow\Toolbar]

[HKCU\Software\AppDataLow\Software\TbccintSearchScopes]

[HKCU\Software\AppDataLow\Software\Tbccint]

[HKCU\Software\AppDataLow\Toolbar]

[HKCU\Software\Conduit]

[HKLM\Software\Wow6432Node\Conduit]

[HKCU\Software\AppDataLow\Software\TbccintSearchScopes]

[HKCU\Software\AppDataLow\Software\Tbccint]

[HKCU\Software\Conduit]

[HKLM\Software\Wow6432Node\Conduit]

sysrestore

> Abra a ferramenta ZHPFix. < >

> Clique IMPORTAÇÃO >> OK.

> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.

> Clique "GO".

> Poste o relatório!

< Peço aos visitantes que não utilizem este script em seus computadores,sob risco de danos aos mesmos! >

A+

[.matiello 0]

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015

Fichier d'export Registre :

Run by henri_000 at 21-Jun-15 12:05:47 AM

High Elevated Privileges : OK

Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Recycle Bin emptied (07mn AMs)

Prefetcher emptied

========== Registry keys ==========

REMOVES: HKCU\Software\AppDataLow\Software\BackgroundContainerV2

REMOVES: HKCU\Software\AppDataLow\Software\Smartbar

REMOVES: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

REMOVES: HKCU\Software\AppDataLow\Toolbar

REMOVES: HKCU\Software\AppDataLow\Software\TbccintSearchScopes

REMOVES: HKCU\Software\AppDataLow\Software\Tbccint

REMOVES: HKCU\Software\Conduit

REMOVES: HKLM\Software\Wow6432Node\Conduit

========== Registry values ==========

ABSENT value Standard Profile: FirewallRaz :

ABSENT value Domain Profile: FirewallRaz :

REMOVES: FirewallRaz (Domain) : {9E3D57FC-7C37-4424-9352-4831E97D029D}

REMOVES: FirewallRaz (Domain) : {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}

========== Folders ==========

No folders empty CLSID Local user

Deletes temporary Windows (250)

REMOVES Flash Cookies (0)

========== Files ==========

Deletes temporary Windows (168) (101,597,675 octets)

REMOVES Flash Cookies (0) (0 octets)

========== Scheduled task ==========

REMOVES: FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001Core

REMOVES: FacebookUpdateTaskUserS-1-5-21-2481831376-2314398108-120359188-1001UA

REMOVES: AutoKMS

REMOVES: AutoKMS

REMOVES: AutoKMS

========== Hidden folders/files restored ==========

Mes images (My Pictures) : 27 restored successfully

Ma musique (My Music) : 295 restored successfully

Ma Video (My Video) : 34 restored successfully

Mes Favoris (My Favorites) : 2 restored successfully

Mes Documents (My Documents) : 13 restored successfully

Mon Bureau (My Desktop) : 9 restored successfully

Menu demarrer (Programs) : 8 restored successfully

Dossier utilisateur (AppData) : 24 restored successfully

Programmes (Program Files) : 6 restored successfully

========== System restore ==========

The system successfully created restore point

========== Summary ==========

8 : Registry keys

4 : Registry values

3 : Folders

2 : Files

5 : Scheduled task

418 : Hidden folders/files restored

1 : System restore

End of clean in 51mn AMs

========== Path to file report ==========

C:\Users\henri_000\AppData\Roaming\ZHP\ZHPFix[R1].txt - 21-Jun-15 12:05:55 AM [2453]

[DigRam 144]

/!\ Boa Tarde! .matiello /!\

< Yahoo Mail >

> Seu hotmail pode ter sido hackeado.

> Utilize o Yahoo Mail,por um período,até que esta situação seja sanada!

> Baixe: < > ( ... par Xplode )

> Ou daqui: < AdwCleaner >

> Ao acessar,clique em "Download Now".

> Salve-o no desktop!

< >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

> Ps: D� início ao scan,clicando em "Examinar".

> Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.

> Copie o log ou clique "Relatorio".

> Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

A+

[.matiello 0]

# AdwCleaner v4.206 - Logfile created 21/06/2015 at 10:29:30

# Updated 01/06/2015 by Xplode

# Database : 2015-06-17.1 [server]

# Operating system : Windows 8.1 (x64)

# Username : henri_000 - MATIELLO

# Running from : C:\Users\henri_000\Desktop\AdwCleaner.exe

# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\henri_000\AppData\LocalLow\Tbccint

File Deleted : C:\END

File Deleted : C:\Users\henri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage

File Deleted : C:\Users\henri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.124

[C:\Users\henri_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] :

[C:\Users\henri_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [startup_URLs] : 37D9568D348EDF77F73A1F3B60F5F1DC09EC5836273DBFD66B1861B28A7DF3A3"},"software_reporter":{"prompt_reason":"0A3B07BAE36CA2D73D136CCD3274D8D147C1F8DB2A45A9E0EFF9CB91A2D0D7BF","prompt_seed":"B92681C4F460C884C06B644CE183287A00277DF0B915BA2655D31E35D49CAAD7","prompt_version":"4D7B1E0830276285685D136008D1257DD2646E40075D625BF90A7F0524AE40C8"},"sync":{"remaining_rollback_tries":"5A360A4BDB99EAE5A7815F84710BD9A008F6A465BECEBE95DBE4635EB9AD6F5C"}},"super_mac":"E9C66AA2DDC8BEB524F90044DB9B7370D7F24D237FAA78D302E320FDAFA9983E"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://istart.webssearches.com/?type=hppp&ts=1398804259&from=tugs&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF118870488704

*************************

AdwCleaner[R0].txt - [7047 bytes] - [21/06/2015 10:24:50]

AdwCleaner[s0].txt - [2204 bytes] - [21/06/2015 10:29:30]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2263 bytes] ##########

[DigRam 144]

/!\ Boa Noite! .matiello /!\

 

> Abra a ferramenta AdwCleaner e clique em "Desinstalar".

> Confirme a solicitação!

> Baixe: < > ( ... by Oleg N. Scherbakov )

> Salve-o no desktop!

> Desabilite seu antivírus!

> Para Windows 7,clique direito em JRT.exe e execute-o ...

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

 

[.matiello 0]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 7.0.3 (06.19.2015:1)

OS: Windows 8.1 x64

Ran by henri_000 on 21-Jun-15 at 13:34:53.25

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr

Successfully deleted: [Folder] C:\Users\henri_000\AppData\Roaming\pcdr

Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin

~~~ Chrome

[C:\Users\henri_000\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\henri_000\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\henri_000\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\henri_000\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21-Jun-15 at 13:45:13.29

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[DigRam 144]

/!\ Bom Dia! .matiello /!\

 

> Baixe: < > ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< Farbar Recovery Scan Tool 64-Bit >

> No link àcima,é para sistemas 64bits!

> Salve-o no desktop! (Área de trabalho ...)

> Execute a ferramenta! Clique "Yes" >> "Scan".

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.

> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".

> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.

> Poste os relatórios! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à >

> Clique no botão Parcourir...

> Busque o relatório e clique no botão Abrir.

> Clique no botão "Créer le lien Cjoint".

> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

[.matiello 0]

http://www.cjoint.com/c/EFwhGWdsxeR

http://www.cjoint.com/c/EFwhIdaqcIR

[DigRam 144]

/!\ Bom Dia! .matiello /!\

> Baixe: < > ( ... de Pierre 13 )

> Caso encontre dificuldades ou bloqueio ao realizar o download,utilize o navegador Internet Explorer.

> Salve-a no desktop!

> Para Windows 7 e 8,execute-a com clique direito do mouse.

> Desabilite seu antivírus!

> Escolha: Executar como administrador! ( Windows Vista, 7 ,8 e 8.1 ) (32 e 64 bits)

> Para Windows XP,basta duplo-clique em CTR.exe.

> Aguarde a finalização,que é rápida!

> Poste o relatório! ( CTR.txt )

> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-as com o nome fixlist. << Texto!

> Salve-as no desktop! ( Área de trabalho ... ) -/- C:\Users\henri_000\Desktop <<

start

CloseProcesses:

emptytemp:

HKU\S-1-5-21-2481831376-2314398108-120359188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

2015-06-21 13:45 - 2015-06-21 13:45 - 00001422 _____ C:\Users\henri_000\Desktop\JRT.txt

2015-06-21 13:35 - 2015-06-21 13:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MATIELLO-Windows-8.1-(64-bit).dat

2015-06-21 13:32 - 2015-06-21 13:33 - 02950750 _____ (Thisisu) C:\Users\henri_000\Desktop\JRT.exe

2015-06-21 00:05 - 2015-06-21 00:05 - 00002539 _____ C:\Users\henri_000\Desktop\ZHPFixReport.txt

2015-06-20 21:59 - 2015-06-20 21:59 - 00122900 _____ C:\Users\henri_000\Desktop\ZHPDiag.txt

2015-06-20 21:57 - 2015-06-20 21:57 - 00000512 _____ C:\PhysicalDisk0_MBR.bin

2015-06-20 21:52 - 2015-06-21 00:05 - 00000000 ____D C:\Users\henri_000\AppData\Roaming\ZHP

2015-06-20 21:52 - 2015-06-20 21:52 - 00002005 _____ C:\Users\henri_000\Desktop\ZHPFix.lnk

2015-06-20 21:52 - 2015-06-20 21:52 - 00001874 _____ C:\Users\henri_000\Desktop\ZHPDiag.lnk

2015-06-20 21:52 - 2015-06-20 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

2015-06-20 21:52 - 2015-06-20 21:52 - 00000000 ____D C:\Program Files (x86)\ZHPDiag

2015-06-20 21:50 - 2015-06-20 21:51 - 06880102 _____ (Nicolas Coolman ) C:\Users\henri_000\Downloads\ZHPDiag2.exe

2015-06-20 17:30 - 2015-06-20 17:30 - 00000000 ____D C:\Users\henri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2015-06-20 17:30 - 2015-06-20 17:30 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2015-06-20 17:27 - 2015-06-20 17:38 - 00000000 ____D C:\HijackThis

CreateRestorePoint:

Reboot:

end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+

[.matiello 0]

Fix result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01

Ran by henri_000 at 2015-06-23 12:21:47 Run:1

Running from C:\Users\henri_000\Desktop

Loaded Profiles: henri_000 (Available Profiles: henri_000)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CloseProcesses:

emptytemp:

HKU\S-1-5-21-2481831376-2314398108-120359188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

2015-06-21 13:45 - 2015-06-21 13:45 - 00001422 _____ C:\Users\henri_000\Desktop\JRT.txt

2015-06-21 13:35 - 2015-06-21 13:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MATIELLO-Windows-8.1-(64-bit).dat

2015-06-21 13:32 - 2015-06-21 13:33 - 02950750 _____ (Thisisu) C:\Users\henri_000\Desktop\JRT.exe

2015-06-21 00:05 - 2015-06-21 00:05 - 00002539 _____ C:\Users\henri_000\Desktop\ZHPFixReport.txt

2015-06-20 21:59 - 2015-06-20 21:59 - 00122900 _____ C:\Users\henri_000\Desktop\ZHPDiag.txt

2015-06-20 21:57 - 2015-06-20 21:57 - 00000512 _____ C:\PhysicalDisk0_MBR.bin

2015-06-20 21:52 - 2015-06-21 00:05 - 00000000 ____D C:\Users\henri_000\AppData\Roaming\ZHP

2015-06-20 21:52 - 2015-06-20 21:52 - 00002005 _____ C:\Users\henri_000\Desktop\ZHPFix.lnk

2015-06-20 21:52 - 2015-06-20 21:52 - 00001874 _____ C:\Users\henri_000\Desktop\ZHPDiag.lnk

2015-06-20 21:52 - 2015-06-20 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

2015-06-20 21:52 - 2015-06-20 21:52 - 00000000 ____D C:\Program Files (x86)\ZHPDiag

2015-06-20 21:50 - 2015-06-20 21:51 - 06880102 _____ (Nicolas Coolman ) C:\Users\henri_000\Downloads\ZHPDiag2.exe

2015-06-20 17:30 - 2015-06-20 17:30 - 00000000 ____D C:\Users\henri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2015-06-20 17:30 - 2015-06-20 17:30 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2015-06-20 17:27 - 2015-06-20 17:38 - 00000000 ____D C:\HijackThis

CreateRestorePoint:

Reboot:

end

*****************

Processes closed successfully.

HKU\S-1-5-21-2481831376-2314398108-120359188-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully

PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Service removed successfully

C:\Users\henri_000\Desktop\JRT.txt => moved successfully.

C:\Windows\tweaking.com-regbackup-MATIELLO-Windows-8.1-(64-bit).dat => moved successfully.

C:\Users\henri_000\Desktop\JRT.exe => moved successfully.

C:\Users\henri_000\Desktop\ZHPFixReport.txt => moved successfully.

C:\Users\henri_000\Desktop\ZHPDiag.txt => moved successfully.

C:\PhysicalDisk0_MBR.bin => moved successfully.

C:\Users\henri_000\AppData\Roaming\ZHP => moved successfully.

C:\Users\henri_000\Desktop\ZHPFix.lnk => moved successfully.

C:\Users\henri_000\Desktop\ZHPDiag.lnk => moved successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP => moved successfully.

C:\Program Files (x86)\ZHPDiag => moved successfully.

C:\Users\henri_000\Downloads\ZHPDiag2.exe => moved successfully.

C:\Users\henri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis => moved successfully.

C:\Program Files (x86)\Trend Micro => moved successfully.

C:\HijackThis => moved successfully.

Restore point was successfully created.

EmptyTemp: => 2 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 12:23:06 ====

[DigRam 144]

/!\ Bom Dia! .matiello /!\

 

> Poste o relatório da ferramenta CTR.

 

> Baixe: < SFTGC > ( ... de Pierre13 )

> Tendo dificuldades no download,utilize o navegador Internet Explorer.

> Salve-o no desktop!

> Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

> Execute-o e clique "Go".

> Aguarde seu término,que é rápido.

> Poste o relatório! ( SFT.txt )

> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!

> Acesse,para esta tarefa! < >

A+

[.matiello 0]

http://www.cjoint.com/c/EFxlchcE78R

[DigRam 144]

/!\ Bom Dia! .matiello /!\

 

> O relatório da ferramenta CTR,pode ser colado diretamente em seu Post.

 

> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!

> Baixe: < > ( ... de Xplode )

> Link alternativo: < delfix_1.010.exe >

> Estando na página,clique em Download Now.

> Salve-a em um local conveniente! ( desktop! )

> Feche aplicativos que estejam abertos.

> Remover ferramentas de desinfecção

> Criar backup do registro

> Limpar pontos da restauração do sistema

> Redefinir as configurações do sistema

> Com estas caixinhas marcadas,clique Executar!

> Reinicie o computador ao concluir!

> Tudo Ok?

A+

[.matiello 0]

Rapport de Contrôle restrictions Pierre13 (CTR version 2.0.0.2 ) du 23\06\2015 à 12:19:03

PC de henri_000

Windows 8.1 (64 bits)

Réparation erreur 2203 effectuée.

Contrôle présence restrictions

[TROJ_POWELIKS.B] clé feature_browser_emulation supprimée.

[bKDR_BLACKEN.A] clé Check_Associations supprimée.

[bKDR_BLACKEN.A] clé DisableFirstRunCustomize supprimée.

[bKDR_BLACKEN.A] clé WarnOnClose corrigée.

Autorisation installation sponsor Java(x86) supprimée.

Autorisation installation sponsor Java(x64) supprimée.

Restriction Affichage Documents récents supprimée.

Restriction Affichage Documents supprimée.

Restriction synchronisation en arrière-plan des flux d’informations et des Web Slices supprimée.

Restriction découverte des flux RSS et des Web Slices supprimée.

Pavé numérique activé.

Restriction utilisateur pour Windows Installer supprimée.

Recherche Windows Update rétablie.

Service Pare feu Windows activé.

Paramètres Pare feu Windows rétablis par défaut et activé.

237 restrictions contrôlées.

14 restriction(s) réparée(s).

Re démarrer le PC pour prendre en compte la ou les réparations.

Le rapport est sur le bureau (C:\Users\henri_000\Desktop\CTR.txt)

[DigRam 144]

/!\ Olá! .matiello /!\

 

> Seus logs estão limpos! :)

> Seu hotmail ainda apresenta problemas?

 

A+

[.matiello 0]

Olá, até agora não. Posso excluir o delfix, sftgc e ctr?

[DigRam 144]

/!\ Olá! .matiello /!\

 

> Normalmente a DelFix autodesinstala durante sua execução!

> Quanto ao SFTGC e CTR,pode excluir pastas,arquivos ou atalhos!

 

> Bom trabalho!

 

Abs!