Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

.matiello

[Resolvido] Pc lento, vírus email, google chrome não carregando

Recommended Posts

Boa tarde,

  •  

  • Baixe:<esetsmartinstaller_zps928ebc59.jpg> <(...by eset.com)>
  • Salve-a na Área de trabalho !
  • Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe.
  • Aceite o contrato e marque: "Yes, I accept the Terms of Use"
  • Clique: "Start".
    esetonlinescanner_zpsa27b8754.jpg
  • Marque as caixinhas como na imagem acima
  • Clique "Change" e marque a caixa "Computador", de OK !
  • Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
  • Ao concluir,clique em "List of found threats".
  • Copie e cole o conteúdo em sua próxima resposta.
    O relatório fica salvo em C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique "Back" >> "Finish".
  • Poste o Relatório!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Tarde, segue o relatório


ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=7993ded1a461e04cb69ba981b24e7e7b

# end=init

# utc_time=2016-05-21 04:07:38

# local_time=2016-05-21 01:07:38 (-0300, E. South America Standard Time)

# country="United States"

# osver=6.2.9200 NT

Update Init

Update Download

esets_scanner_update returned -1 esets_gle=37126

Update Finalize

Updated modules version: 0

Old modules - leave modules

Update Init

Update Download

esets_scanner_update returned -1 esets_gle=37126

Update Finalize

Updated modules version: 0

Old modules - delete modules

Update Init

Update Download

Update Finalize

Updated modules version: 29545

Update Init

Update Download

esets_scanner_update returned -1 esets_gle=53251

Update Finalize

Updated modules version: 29545

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=7993ded1a461e04cb69ba981b24e7e7b

# end=updated

# utc_time=2016-05-21 04:12:51

# local_time=2016-05-21 01:12:51 (-0300, E. South America Standard Time)

# country="United States"

# osver=6.2.9200 NT

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=7993ded1a461e04cb69ba981b24e7e7b

# engine=29545

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2016-05-21 06:19:53

# local_time=2016-05-21 03:19:53 (-0300, E. South America Standard Time)

# country="United States"

# lang=1033

# osver=6.2.9200 NT

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 16737430 16743736 0 0

# scanned=286954

# found=10

# cleaned=10

# scan_time=7621

sh=F69B708BAA723F00058FCBEB95AD7ED451AB3597 ft=1 fh=51dc34a13973cf56 vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\henri_000\AppData\Roaming\uTorrent\updates\3.4.2_33080.exe"

sh=2657027A93960C70CCDF2BA68C359DF94C2438A0 ft=1 fh=e55004659c2efd53 vn="a variant of Win32/OpenCandy.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\henri_000\AppData\Roaming\uTorrent\updates\3.4.2_38656.exe"

sh=5671C239B85EC01C33C4EB155CAA0DFA6C57E509 ft=1 fh=0a0eb9bfca15ed0f vn="a variant of MSIL/HackKMS.G potentially unsafe application (deleted)" ac=C fn="C:\Users\henri_000\Documents\SAMSUNG\office\# Crack\Microsoft Toolkit.exe"

sh=B3D6C7751E31EE2EBF9F1482B340186C9A484B5E ft=1 fh=d35dd4922aa8d8b4 vn="a variant of Win32/OpenCandy.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\henri_000\Downloads\BitTorrent.exe"

sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted)" ac=C fn="C:\Users\henri_000\Downloads\ccsetup416.exe"

sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted)" ac=C fn="C:\Users\henri_000\Downloads\ccsetup508.exe"

sh=8B1F53A9E0FFB090032A69312B1BC1121CB97601 ft=1 fh=9ae2658579d22504 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted)" ac=C fn="C:\Users\henri_000\Downloads\ccsetup515.exe"

sh=2657027A93960C70CCDF2BA68C359DF94C2438A0 ft=1 fh=e55004659c2efd53 vn="a variant of Win32/OpenCandy.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\henri_000\Downloads\uTorrent.exe"

sh=73632F7D4EA895C615C6AD71E0B4EB595F413F11 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application (deleted)" ac=C fn="C:\Users\henri_000\Downloads\AUTODESK.AUTOCAD.V2015.WIN64-ISO[rarbg]\ISOS\acad2015_x64.iso"

sh=390F9E10B6DFA38817BBD3364592F203BDB2171B ft=1 fh=dd0171586faaf3fb vn="a variant of MSIL/HackKMS.H potentially unsafe application (deleted)" ac=C fn="C:\Windows\AutoKMS\AutoKMS.exe"

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.
  • Baixe o Stinger e salve em sua Área de trabalho (Desktop).
  • Dê um duplo clique em Stinger.exe
  • Windows Vista, 7 e 8, clique com o botão direito e depois em run_as_adm1_zps9c608e64.png
  • Clique no botão “I Accept
Stinger%201_zpsbfkuemdh.png
  • Na nova janela clique em “Advanced” e depois “Settings
Stinger%202_zps1k39yneq.png
  • Em configurações deixe conforme imagem abaixo e clique no botão “Save
Stinger%203_zpsp64cxwsc.png
  • Clique em “Customize my Scan
Stinger%204_zpsbyjm2gtp.png
  • Selecione as unidades do sistema e em seguida clique no botão “Scan
Stinger%205_zps6atue4gt.png
  • Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

McAfee Stinger Scan Results

McAfee® Labs Stinger™ Version 12.1.0.2020 built on May 25 2016 at 12:37:33

Copyright© 2015, McAfee, Inc. All Rights Reserved.

 

AV Engine version v5800.7501 for Windows.

Virus data file v1000.0 created on May 25, 2016

Ready to scan for 9784 viruses, trojans and variants.

 

Custom scan initiated on Wednesday, May 25, 2016 15:32:29

 

 

Rootkit scan result : Clean.

 

 

C:\Program Files (x86)\Slimi\Counter Strike 1.6\steamclient.dll [MD5:6405ba3d220031e2886d3ea838e66671] is infected with Artemis!6405BA3D2200

C:\Program Files (x86)\Slimi\Counter Strike 1.6\steamclient.dll has been Deleted

 

Summary Report on C:

File(s)

TotalFiles:............ 551279

Clean:................. 274687

Not Scanned:........... 276591

Possibly Infected:..... 1

 

Time: 02:12:45

 

Scan completed on Wednesday, May 25, 2016 17:45:14

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde,

  • Atualize o Malwarebytes.
  • Escolha Configurações >> Detecção e proteção >> Marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados), selecione Tratar detecções como malware.
  • Clique em Verificar. Em seguida Verificar Ameaça e por fim em Iniciar Verificação.
  • Começara então o escaneamento. Aguarde pois pode demorar.
  • Ao concluir, se houver ítens encontrados, clique no botão Remover Selecionados
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.
  • O log é automaticamente salvo pelo MBAM, e para vê-lo clique na aba Histórico >> Registro de aplicativos>> Registro de Verificação na janela principal do programa.
  • Depois clique no botão Exportar. Utilize o formato .txt para exportar o log e salve-o na área de trabalho.
2mwt7yh_zps23f34f56_1.jpg
  • NÃO UTILIZAR O FORMATO .XML PARA EXPORTAR O LOG.
  • O log de Proteção e desnecessário para uma Análise, exporte sempre o log Correto.
NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez).
Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Malwarebytes Anti-Malware

www.malwarebytes.org


Scan Date: 10-Jun-16

Scan Time: 11:39 AM

Logfile: malwar.txt

Administrator: Yes


Version: 2.2.1.1043

Malware Database: v2016.06.10.03

Rootkit Database: v2016.05.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled


OS: Windows 10

CPU: x64

File System: NTFS

User: henri_000


Scan Type: Custom Scan

Result: Completed

Objects Scanned: 615983

Time Elapsed: 3 hr, 6 min, 58 sec


Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled


Processes: 0

(No malicious items detected)


Modules: 0

(No malicious items detected)


Registry Keys: 0

(No malicious items detected)


Registry Values: 0

(No malicious items detected)


Registry Data: 0

(No malicious items detected)


Folders: 0

(No malicious items detected)


Files: 0

(No malicious items detected)


Physical Sectors: 0

(No malicious items detected)



(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia,

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

  • Copie estas informações que estão em vermelho,para o Bloco de Notas.
  • Salve-a com o nome fixlist.txt
  • Salve-a no mesmo local em que se encontra a FRST
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2481831376-2314398108-120359188-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1398804259&from=tugs&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF118870488704"
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
C:\Users\henri_000\AppData\Local\Temp\avguirn_081027104738.exe
C:\Users\henri_000\AppData\Local\Temp\avguirn_08487356464.exe
Task: {2D32DF12-2213-45A0-8392-6EED5B120CE6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {32E303B4-187D-436C-A27D-434774478D5A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {43CCCCEA-5CCE-4B89-9B44-E82FC75D17B3} - \SaferUpdateTaskSCUD -> No File <==== ATTENTION
Task: {570158C0-D42D-4818-A1D6-4C59BDEC0C69} - System32\Tasks\123 => C:\Windows\System32\shutdown.exe [2015-10-30] (Microsoft Corporation) <==== ATTENTION
Task: {59BB724A-8481-458E-B0A3-45E77F4CDE7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7072023E-1C27-4CEA-BA91-4BAC39999DFD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7112E2D4-DCD9-475A-A5A5-3054E499C173} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9A59FB58-3CE1-4FB3-94F7-592F98BEFC6F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A3FC7AE0-C1D6-4472-B748-E340C2FBEE29} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C25DF5A7-ADD0-4D0D-9A94-B96E9C41D929} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DB6DB6DC-894B-484E-885C-ECFF69D5D99A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DE9C8D04-070D-404F-AA4B-1F57F865EEE4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F9CF9A74-787E-4A61-AEF4-DEADA793BFB0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
HOSTS:
Removeproxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
  • Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
  • Poste o relatório! (Fixlog.txt)
Um grande abraço.
hi9K69W_zpsewgin980.gif Esse script foi elaborado somente para este computador, de acordo com os
arquivos e chaves presentes.
Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia,

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01

Ran by henri_000 (2016-06-22 11:30:55) Run:1
Running from C:\Users\henri_000\Desktop
Loaded Profiles: henri_000 (Available Profiles: henri_000)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2481831376-2314398108-120359188-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1398804259&from=tugs&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF118870488704"
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
C:\Users\henri_000\AppData\Local\Temp\avguirn_081027104738.exe
C:\Users\henri_000\AppData\Local\Temp\avguirn_08487356464.exe
Task: {2D32DF12-2213-45A0-8392-6EED5B120CE6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {32E303B4-187D-436C-A27D-434774478D5A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {43CCCCEA-5CCE-4B89-9B44-E82FC75D17B3} - \SaferUpdateTaskSCUD -> No File <==== ATTENTION
Task: {570158C0-D42D-4818-A1D6-4C59BDEC0C69} - System32\Tasks\123 => C:\Windows\System32\shutdown.exe [2015-10-30] (Microsoft Corporation) <==== ATTENTION
Task: {59BB724A-8481-458E-B0A3-45E77F4CDE7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7072023E-1C27-4CEA-BA91-4BAC39999DFD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7112E2D4-DCD9-475A-A5A5-3054E499C173} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9A59FB58-3CE1-4FB3-94F7-592F98BEFC6F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A3FC7AE0-C1D6-4472-B748-E340C2FBEE29} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C25DF5A7-ADD0-4D0D-9A94-B96E9C41D929} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DB6DB6DC-894B-484E-885C-ECFF69D5D99A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DE9C8D04-070D-404F-AA4B-1F57F865EEE4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F9CF9A74-787E-4A61-AEF4-DEADA793BFB0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
HOSTS:
Removeproxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-2481831376-2314398108-120359188-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully
Chrome StartupUrls => removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Unable to stop service.
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
C:\Users\henri_000\AppData\Local\Temp\avguirn_081027104738.exe => moved successfully
C:\Users\henri_000\AppData\Local\Temp\avguirn_08487356464.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D32DF12-2213-45A0-8392-6EED5B120CE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D32DF12-2213-45A0-8392-6EED5B120CE6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32E303B4-187D-436C-A27D-434774478D5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32E303B4-187D-436C-A27D-434774478D5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{43CCCCEA-5CCE-4B89-9B44-E82FC75D17B3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43CCCCEA-5CCE-4B89-9B44-E82FC75D17B3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaferUpdateTaskSCUD => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{570158C0-D42D-4818-A1D6-4C59BDEC0C69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{570158C0-D42D-4818-A1D6-4C59BDEC0C69}" => key removed successfully
C:\WINDOWS\System32\Tasks\123 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\123" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59BB724A-8481-458E-B0A3-45E77F4CDE7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59BB724A-8481-458E-B0A3-45E77F4CDE7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7072023E-1C27-4CEA-BA91-4BAC39999DFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7072023E-1C27-4CEA-BA91-4BAC39999DFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7112E2D4-DCD9-475A-A5A5-3054E499C173}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7112E2D4-DCD9-475A-A5A5-3054E499C173}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A59FB58-3CE1-4FB3-94F7-592F98BEFC6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A59FB58-3CE1-4FB3-94F7-592F98BEFC6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3FC7AE0-C1D6-4472-B748-E340C2FBEE29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3FC7AE0-C1D6-4472-B748-E340C2FBEE29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C25DF5A7-ADD0-4D0D-9A94-B96E9C41D929}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C25DF5A7-ADD0-4D0D-9A94-B96E9C41D929}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB6DB6DC-894B-484E-885C-ECFF69D5D99A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB6DB6DC-894B-484E-885C-ECFF69D5D99A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE9C8D04-070D-404F-AA4B-1F57F865EEE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE9C8D04-070D-404F-AA4B-1F57F865EEE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9CF9A74-787E-4A61-AEF4-DEADA793BFB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9CF9A74-787E-4A61-AEF4-DEADA793BFB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2481831376-2314398108-120359188-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2481831376-2314398108-120359188-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to cancel {1C42AA22-7B64-44CD-BD52-5D36267487DC}.
Unable to cancel {CDBF7D85-3829-4C09-AF95-3B4BB369B6CB}.
Unable to cancel {383F5082-AC16-4822-ABAA-26B95CB05957}.
Unable to cancel {FD6BE74F-A6E6-488F-9E08-2A27A322AFED}.
Unable to cancel {683A6EDA-794D-433D-9B5C-5F94AF165683}.
Unable to cancel {0BEEAE24-9419-4261-8C45-7E186444828A}.
Unable to cancel {77773762-292C-46BE-BD1B-0C59DD54BD8E}.
Unable to cancel {2D8F904E-A70E-4E22-B8D9-84EBE8330393}.
{4391B610-6283-4421-9D96-07B9C1B72071} canceled.
1 out of 9 jobs canceled.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 39136 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 107361302 B
Java, Flash, Steam htmlcache => 33081878 B
Windows/system/drivers => 255242055 B
Edge => 15280 B
Chrome => 831251387 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 36084 B
NetworkService => 10698 B
henri_000 => 354739530 B
RecycleBin => 41529028792 B
EmptyTemp: => 40.2 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 11:33:08 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde,

  • Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: run_as_adm1_zps9c608e64.png
  • Aguarde enquanto a ferramenta faz o exame.
  • Ao final abrirá um log: SecurityCheck.txt.
  • Este log é salvo em C: (Disco local) na pasta SecurityCheck que foi criada.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]

WebSite: www.safezone.cc

DateLog: 24.06.2016 15:02:12

Path starting: C:\Users\henri_000\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe

Log directory: C:\SecurityCheck\

IsAdmin: True

User: henri_000

VersionXML: 3.13is-24.06.2016

___________________________________________________________________________


Windows 10(6.3.10586) (x64) Core Lang: English(0409)

Installation date OS: 28.12.2015 17:37:46

LicenseStatus: Windows®, Core edition The machine is permanently activated.

LicenseStatus: Office 15, OfficeProPlusVL_KMS_Client edition Volume activation will expire : 32314 minutes

Boot Mode: Normal

Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

SystemDrive: C: FS: [NTFS] Capacity: [919.4 Gb] Used: [586 Gb] Free: [333.4 Gb]

------------------------------- [ Windows ] -------------------------------

Internet Explorer 11.420.10586.0

User Account Control enabled

Automatic download and scheduled installation

Windows Update (wuauserv) - The service has stopped

Security Center (wscsvc) - The service is running

Remote Registry (RemoteRegistry) - The service has stopped

SSDP Discovery (SSDPSRV) - The service is running

Remote Desktop Services (TermService) - The service has stopped

Windows Remote Management (WS-Management) (WinRM) - The service has stopped

------------------------------ [ MS Office ] ------------------------------

Microsoft Office 2013 x86 v.15.0.4569.1506

Microsoft Office 2013 x64 v.15.0.4420.1017

---------------------------- [ Antivirus_WMI ] ----------------------------

Windows Defender (disabled and up to date)

AVG AntiVirus Free Edition (enabled and up to date)

--------------------------- [ FirewallWindows ] ---------------------------

Windows Firewall (MpsSvc) - The service is running

--------------------------- [ AntiSpyware_WMI ] ---------------------------

Windows Defender (disabled and up to date)

AVG AntiVirus Free Edition (enabled and up to date)

---------------------- [ AntiVirusFirewallInstall ] -----------------------

ESET Online Scanner v3

-------------------------- [ SecurityUtilities ] --------------------------

Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043

HiJackThis v.1.0.0

--------------------------- [ OtherUtilities ] ----------------------------

WinRAR 5.11 beta 1 (64-bit) v.5.11.1 Warning! Download Update

--------------------------------- [ IM ] ----------------------------------

Skype™ 7.18 v.7.18.109 Warning! Download Update

^Optional update.^

--------------------------------- [ P2P ] ---------------------------------

µTorrent v.3.4.7.42330 Warning! P2P-client.

-------------------------------- [ Java ] ---------------------------------

Java 7 Update 71 v.7.0.710 Warning! This software is no longer supported. Please uninstall it and use Java SE 8.

--------------------------- [ AppleProduction ] ---------------------------

Bonjour v.3.1.0.1

iTunes v.12.3.3.17 Warning! Download Update

^Please use Apple Software Update tool.^

Bonjour Service (Bonjour Service) - The service is running

--------------------------- [ AdobeProduction ] ---------------------------

Adobe Flash Player 18 PPAPI v.18.0.0.194 Warning! Download Update

------------------------------- [ Browser ] -------------------------------

Google Chrome v.52.0.2743.49 [+]

--------------------------- [ RunningProcess ] ----------------------------

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.52.0.2743.49

------------------ [ AntivirusFirewallProcessServices ] -------------------

AvgAMPS (AvgAMPS) - The service has stopped

C:\Program Files (x86)\AVG\Av\avgrsa.exe v.16.81.0.7640

C:\Program Files (x86)\AVG\Av\avgcsrva.exe v.16.81.0.7640

AVGIDSAgent (AVGIDSAgent) - The service is running

AVG Service (avgsvc) - The service is running

C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe v.1.102.2.23246

AVG Service (avgsvc) - The service is running

AVG WatchDog (avgwd) - The service is running

C:\Program Files (x86)\AVG\Av\avgwdsvca.exe v.16.81.0.7640

C:\Program Files (x86)\AVG\Av\avgnsa.exe v.16.81.0.7640

C:\Program Files (x86)\AVG\Av\avgemca.exe v.16.81.0.7640

C:\Program Files (x86)\AVG\Av\avgui.exe v.16.81.0.7640

C:\Program Files (x86)\AVG\Framework\Common\avguix.exe v.1.102.2.23246

McAfee Validation Trust Protection Service (mfevtp) - The service is running

C:\Windows\System32\mfevtps.exe

Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped

Windows Defender Service (WinDefend) - The service has stopped

Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped

---------------------------- [ UnwantedApps ] -----------------------------

Popcorn Time v.5.4.1.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by Xplode). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!

----------------------------- [ End of Log ] ------------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite, o pc está normal. Você saberia me informar como faço para parar spam do meu email? Continuo recebendo emails de mim mesmo, sobre bancos, alertas, etc.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite, isso é conhecido como spoofing. Não há muito o que fazer à esse respeito. Leia o artigo abaixo para que você possa compreender melhor sobre o assunto:

 

http://tecnologia.uol.com.br/noticias/redacao/2013/04/23/spoofing-vitimas-de-golpe-recebem-mensagem-com-seu-proprio-endereco-de-e-mail.htm

 


Siga os passos abaixo para encerrar o tópico.
Agora vamos remover as ferramentas utilizadas na desinfecção.
  • Baixe: <Delfix_Icon_zps70636ef3.jpg> (...par Xplode)
  • Salve-a na sua área de trabalho.
  • Dê dois cliques no delfix.exe para executá-lo.
  • Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo delfix.exe,depois clique em: run_as_adm1_zps9c608e64.png
Delfix_Icon01_zpsfffb6571.jpg
  • Marque as caixinhas, de acordo com a imagem.
  • Clique no botão Executar.
  • Reinicie o computador!
  • Tudo OK ?

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Para finalizar siga as instruções abaixo:




logo_cartilha_zpspxuqlp72.png




  • Leia as várias dicas que estão contidas na Cartilha de Segurança e fique livre de infecções!


  • Instale a extensão Adblock, para se ver livre das propagandas:

>> chrome_zpsz8om8goa.png Para Google Chrome clique aqui

>> icon_firefox_zpsrpwhoyf1.gif Para Firefox clique aqui

>> 1929t__ie9b_Icon_zpsk9kxcehd.png Para Internet Explorer: 32 bits clique aqui 64 bits clique aqui



  • worm_zpsggmqtwdn.pngWorms USB (Vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay. O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.

Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

Para criar um arquivo autorun.inf protegido: Panda USB Vacine.



  • Iconunchecky.png_zps8nwjz3ds.jpegPrevina-se da instalação de PUPs com o Unchecky.

Existe um vídeo demonstrando o programa.





  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner,

clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo >> pasta e crie uma nova pasta; coloque o nome de backups!


  • Abra o programa e clique em Executar Limpeza;


  • clique no botão Registro >> Procurar Erros >> Corrigir erro(s) selecionados(s).

Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!



  • Update_Icon.png_zpssubbycb7.jpeg Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.

Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).

Basta clicar no Download Update de cada aviso, que irá para o site do desenvolvedor.



  • iconwu_zpst4ftler0.pngVisite o Windows Update regularmente e verifique por atualizações.

Novas brechas de segurança são descobertas com frequência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.

Por isso é fundamental manter o seu sistema atualizado.



Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.