.matiello 0 Denunciar post Postado Maio 5, 2016 Olá, gostaria de uma ajuda, meu pc ficou muito lento de uma hora pra outra. Acredito que tenha algum vírus com meu email do hotmail também e o alguns sites no google chrome não estão carregando ou dão crash. Obrigado, Henrique http://www.cjoint.com/c/FEfafvtiRVq http://www.cjoint.com/c/FEfaiNbWhHq Compartilhar este post Link para o post Compartilhar em outros sites
caedurodrigues 19 Denunciar post Postado Maio 20, 2016 Boa tarde, Baixe:<> <(...by eset.com)> Salve-a na Área de trabalho ! Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe. Aceite o contrato e marque: "Yes, I accept the Terms of Use" Clique: "Start". Marque as caixinhas como na imagem acima Clique "Change" e marque a caixa "Computador", de OK ! Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... ) Ao concluir,clique em "List of found threats". Copie e cole o conteúdo em sua próxima resposta.O relatório fica salvo em C:\Program Files\ESET\EsetOnlineScanner\log.txt Obs: Se nada for encontrado, nenhum log será gerado. Clique "Back" >> "Finish". Poste o Relatório! Compartilhar este post Link para o post Compartilhar em outros sites
.matiello 0 Denunciar post Postado Maio 21, 2016 Boa Tarde, segue o relatório ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7993ded1a461e04cb69ba981b24e7e7b # end=init # utc_time=2016-05-21 04:07:38 # local_time=2016-05-21 01:07:38 (-0300, E. South America Standard Time) # country="United States" # osver=6.2.9200 NT Update Init Update Download esets_scanner_update returned -1 esets_gle=37126 Update Finalize Updated modules version: 0 Old modules - leave modules Update Init Update Download esets_scanner_update returned -1 esets_gle=37126 Update Finalize Updated modules version: 0 Old modules - delete modules Update Init Update Download Update Finalize Updated modules version: 29545 Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 29545 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7993ded1a461e04cb69ba981b24e7e7b # end=updated # utc_time=2016-05-21 04:12:51 # local_time=2016-05-21 01:12:51 (-0300, E. South America Standard Time) # country="United States" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7993ded1a461e04cb69ba981b24e7e7b # engine=29545 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2016-05-21 06:19:53 # local_time=2016-05-21 03:19:53 (-0300, E. South America Standard Time) # country="United States" # lang=1033 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 16737430 16743736 0 0 # scanned=286954 # found=10 # cleaned=10 # scan_time=7621 sh=F69B708BAA723F00058FCBEB95AD7ED451AB3597 ft=1 fh=51dc34a13973cf56 vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\henri_000\AppData\Roaming\uTorrent\updates\3.4.2_33080.exe" sh=2657027A93960C70CCDF2BA68C359DF94C2438A0 ft=1 fh=e55004659c2efd53 vn="a variant of Win32/OpenCandy.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\henri_000\AppData\Roaming\uTorrent\updates\3.4.2_38656.exe" sh=5671C239B85EC01C33C4EB155CAA0DFA6C57E509 ft=1 fh=0a0eb9bfca15ed0f vn="a variant of MSIL/HackKMS.G potentially unsafe application (deleted)" ac=C fn="C:\Users\henri_000\Documents\SAMSUNG\office\# Crack\Microsoft Toolkit.exe" sh=B3D6C7751E31EE2EBF9F1482B340186C9A484B5E ft=1 fh=d35dd4922aa8d8b4 vn="a variant of Win32/OpenCandy.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\henri_000\Downloads\BitTorrent.exe" sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted)" ac=C fn="C:\Users\henri_000\Downloads\ccsetup416.exe" sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted)" ac=C fn="C:\Users\henri_000\Downloads\ccsetup508.exe" sh=8B1F53A9E0FFB090032A69312B1BC1121CB97601 ft=1 fh=9ae2658579d22504 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted)" ac=C fn="C:\Users\henri_000\Downloads\ccsetup515.exe" sh=2657027A93960C70CCDF2BA68C359DF94C2438A0 ft=1 fh=e55004659c2efd53 vn="a variant of Win32/OpenCandy.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\henri_000\Downloads\uTorrent.exe" sh=73632F7D4EA895C615C6AD71E0B4EB595F413F11 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application (deleted)" ac=C fn="C:\Users\henri_000\Downloads\AUTODESK.AUTOCAD.V2015.WIN64-ISO[rarbg]\ISOS\acad2015_x64.iso" sh=390F9E10B6DFA38817BBD3364592F203BDB2171B ft=1 fh=dd0171586faaf3fb vn="a variant of MSIL/HackKMS.H potentially unsafe application (deleted)" ac=C fn="C:\Windows\AutoKMS\AutoKMS.exe" Compartilhar este post Link para o post Compartilhar em outros sites
caedurodrigues 19 Denunciar post Postado Maio 25, 2016 Boa noite, Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos. Baixe o Stinger e salve em sua Área de trabalho (Desktop). 32 bit (86) ou 64 bit (x64) Dê um duplo clique em Stinger.exe Windows Vista, 7 e 8, clique com o botão direito e depois em Clique no botão “I Accept” Na nova janela clique em “Advanced” e depois “Settings” Em configurações deixe conforme imagem abaixo e clique no botão “Save” Clique em “Customize my Scan” Selecione as unidades do sistema e em seguida clique no botão “Scan” Ao final clique em “View log”, será aberto uma janela com o log em seu navegador. Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
.matiello 0 Denunciar post Postado Maio 25, 2016 McAfee Stinger Scan Results McAfee® Labs Stinger™ Version 12.1.0.2020 built on May 25 2016 at 12:37:33 Copyright© 2015, McAfee, Inc. All Rights Reserved. AV Engine version v5800.7501 for Windows. Virus data file v1000.0 created on May 25, 2016 Ready to scan for 9784 viruses, trojans and variants. Custom scan initiated on Wednesday, May 25, 2016 15:32:29 Rootkit scan result : Clean. C:\Program Files (x86)\Slimi\Counter Strike 1.6\steamclient.dll [MD5:6405ba3d220031e2886d3ea838e66671] is infected with Artemis!6405BA3D2200 C:\Program Files (x86)\Slimi\Counter Strike 1.6\steamclient.dll has been Deleted Summary Report on C: File(s) TotalFiles:............ 551279 Clean:................. 274687 Not Scanned:........... 276591 Possibly Infected:..... 1 Time: 02:12:45 Scan completed on Wednesday, May 25, 2016 17:45:14 Compartilhar este post Link para o post Compartilhar em outros sites
caedurodrigues 19 Denunciar post Postado Junho 8, 2016 Boa tarde, Atualize o Malwarebytes. Escolha Configurações >> Detecção e proteção >> Marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados), selecione Tratar detecções como malware. Clique em Verificar. Em seguida Verificar Ameaça e por fim em Iniciar Verificação. Começara então o escaneamento. Aguarde pois pode demorar. Ao concluir, se houver ítens encontrados, clique no botão Remover Selecionados Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. O log é automaticamente salvo pelo MBAM, e para vê-lo clique na aba Histórico >> Registro de aplicativos>> Registro de Verificação na janela principal do programa. Depois clique no botão Exportar. Utilize o formato .txt para exportar o log e salve-o na área de trabalho. NÃO UTILIZAR O FORMATO .XML PARA EXPORTAR O LOG. O log de Proteção e desnecessário para uma Análise, exporte sempre o log Correto. NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC. Compartilhar este post Link para o post Compartilhar em outros sites
.matiello 0 Denunciar post Postado Junho 11, 2016 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10-Jun-16 Scan Time: 11:39 AM Logfile: malwar.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.10.03 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: henri_000 Scan Type: Custom Scan Result: Completed Objects Scanned: 615983 Time Elapsed: 3 hr, 6 min, 58 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Compartilhar este post Link para o post Compartilhar em outros sites
caedurodrigues 19 Denunciar post Postado Junho 12, 2016 Boa noite poste um novo relatório da FRST. Compartilhar este post Link para o post Compartilhar em outros sites
.matiello 0 Denunciar post Postado Junho 19, 2016 http://www.cjoint.com/c/FFtoku3yytL http://www.cjoint.com/c/FFtolfoIawL Compartilhar este post Link para o post Compartilhar em outros sites
caedurodrigues 19 Denunciar post Postado Junho 20, 2016 Bom dia, Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos. Copie estas informações que estão em vermelho,para o Bloco de Notas. Salve-a com o nome fixlist.txt Salve-a no mesmo local em que se encontra a FRST start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2481831376-2314398108-120359188-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1398804259&from=tugs&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF118870488704" R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X] C:\Users\henri_000\AppData\Local\Temp\avguirn_081027104738.exe C:\Users\henri_000\AppData\Local\Temp\avguirn_08487356464.exe Task: {2D32DF12-2213-45A0-8392-6EED5B120CE6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {32E303B4-187D-436C-A27D-434774478D5A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {43CCCCEA-5CCE-4B89-9B44-E82FC75D17B3} - \SaferUpdateTaskSCUD -> No File <==== ATTENTION Task: {570158C0-D42D-4818-A1D6-4C59BDEC0C69} - System32\Tasks\123 => C:\Windows\System32\shutdown.exe [2015-10-30] (Microsoft Corporation) <==== ATTENTION Task: {59BB724A-8481-458E-B0A3-45E77F4CDE7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {7072023E-1C27-4CEA-BA91-4BAC39999DFD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {7112E2D4-DCD9-475A-A5A5-3054E499C173} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {9A59FB58-3CE1-4FB3-94F7-592F98BEFC6F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {A3FC7AE0-C1D6-4472-B748-E340C2FBEE29} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {C25DF5A7-ADD0-4D0D-9A94-B96E9C41D929} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {DB6DB6DC-894B-484E-885C-ECFF69D5D99A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {DE9C8D04-070D-404F-AA4B-1F57F865EEE4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {F9CF9A74-787E-4A61-AEF4-DEADA793BFB0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION HOSTS: Removeproxy: CMD: bitsadmin /reset /allusers CMD: ipconfig /flushdns emptytemp: end Execute FRST/FRST64 >> Clique "Fix". << Aguarde! Poste o relatório! (Fixlog.txt) Um grande abraço. Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes. Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema. Compartilhar este post Link para o post Compartilhar em outros sites
.matiello 0 Denunciar post Postado Junho 22, 2016 Bom dia, Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01 Ran by henri_000 (2016-06-22 11:30:55) Run:1 Running from C:\Users\henri_000\Desktop Loaded Profiles: henri_000 (Available Profiles: henri_000) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2481831376-2314398108-120359188-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1398804259&from=tugs&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF118870488704" R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X] C:\Users\henri_000\AppData\Local\Temp\avguirn_081027104738.exe C:\Users\henri_000\AppData\Local\Temp\avguirn_08487356464.exe Task: {2D32DF12-2213-45A0-8392-6EED5B120CE6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {32E303B4-187D-436C-A27D-434774478D5A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {43CCCCEA-5CCE-4B89-9B44-E82FC75D17B3} - \SaferUpdateTaskSCUD -> No File <==== ATTENTION Task: {570158C0-D42D-4818-A1D6-4C59BDEC0C69} - System32\Tasks\123 => C:\Windows\System32\shutdown.exe [2015-10-30] (Microsoft Corporation) <==== ATTENTION Task: {59BB724A-8481-458E-B0A3-45E77F4CDE7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {7072023E-1C27-4CEA-BA91-4BAC39999DFD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {7112E2D4-DCD9-475A-A5A5-3054E499C173} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {9A59FB58-3CE1-4FB3-94F7-592F98BEFC6F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {A3FC7AE0-C1D6-4472-B748-E340C2FBEE29} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {C25DF5A7-ADD0-4D0D-9A94-B96E9C41D929} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {DB6DB6DC-894B-484E-885C-ECFF69D5D99A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {DE9C8D04-070D-404F-AA4B-1F57F865EEE4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {F9CF9A74-787E-4A61-AEF4-DEADA793BFB0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION HOSTS: Removeproxy: CMD: bitsadmin /reset /allusers CMD: ipconfig /flushdns emptytemp: end ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully "HKU\S-1-5-21-2481831376-2314398108-120359188-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully Chrome StartupUrls => removed successfully PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Unable to stop service. PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully C:\Users\henri_000\AppData\Local\Temp\avguirn_081027104738.exe => moved successfully C:\Users\henri_000\AppData\Local\Temp\avguirn_08487356464.exe => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D32DF12-2213-45A0-8392-6EED5B120CE6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D32DF12-2213-45A0-8392-6EED5B120CE6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32E303B4-187D-436C-A27D-434774478D5A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32E303B4-187D-436C-A27D-434774478D5A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{43CCCCEA-5CCE-4B89-9B44-E82FC75D17B3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43CCCCEA-5CCE-4B89-9B44-E82FC75D17B3}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaferUpdateTaskSCUD => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{570158C0-D42D-4818-A1D6-4C59BDEC0C69}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{570158C0-D42D-4818-A1D6-4C59BDEC0C69}" => key removed successfully C:\WINDOWS\System32\Tasks\123 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\123" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59BB724A-8481-458E-B0A3-45E77F4CDE7A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59BB724A-8481-458E-B0A3-45E77F4CDE7A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7072023E-1C27-4CEA-BA91-4BAC39999DFD}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7072023E-1C27-4CEA-BA91-4BAC39999DFD}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7112E2D4-DCD9-475A-A5A5-3054E499C173}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7112E2D4-DCD9-475A-A5A5-3054E499C173}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A59FB58-3CE1-4FB3-94F7-592F98BEFC6F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A59FB58-3CE1-4FB3-94F7-592F98BEFC6F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3FC7AE0-C1D6-4472-B748-E340C2FBEE29}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3FC7AE0-C1D6-4472-B748-E340C2FBEE29}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C25DF5A7-ADD0-4D0D-9A94-B96E9C41D929}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C25DF5A7-ADD0-4D0D-9A94-B96E9C41D929}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB6DB6DC-894B-484E-885C-ECFF69D5D99A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB6DB6DC-894B-484E-885C-ECFF69D5D99A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE9C8D04-070D-404F-AA4B-1F57F865EEE4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE9C8D04-070D-404F-AA4B-1F57F865EEE4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9CF9A74-787E-4A61-AEF4-DEADA793BFB0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9CF9A74-787E-4A61-AEF4-DEADA793BFB0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-2481831376-2314398108-120359188-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-2481831376-2314398108-120359188-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.8.10586 ] BITS administration utility. © Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {1C42AA22-7B64-44CD-BD52-5D36267487DC}. Unable to cancel {CDBF7D85-3829-4C09-AF95-3B4BB369B6CB}. Unable to cancel {383F5082-AC16-4822-ABAA-26B95CB05957}. Unable to cancel {FD6BE74F-A6E6-488F-9E08-2A27A322AFED}. Unable to cancel {683A6EDA-794D-433D-9B5C-5F94AF165683}. Unable to cancel {0BEEAE24-9419-4261-8C45-7E186444828A}. Unable to cancel {77773762-292C-46BE-BD1B-0C59DD54BD8E}. Unable to cancel {2D8F904E-A70E-4E22-B8D9-84EBE8330393}. {4391B610-6283-4421-9D96-07B9C1B72071} canceled. 1 out of 9 jobs canceled. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 39136 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 107361302 B Java, Flash, Steam htmlcache => 33081878 B Windows/system/drivers => 255242055 B Edge => 15280 B Chrome => 831251387 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 36084 B NetworkService => 10698 B henri_000 => 354739530 B RecycleBin => 41529028792 B EmptyTemp: => 40.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 11:33:08 ==== Compartilhar este post Link para o post Compartilhar em outros sites
caedurodrigues 19 Denunciar post Postado Junho 22, 2016 Boa tarde, Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop). Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: Aguarde enquanto a ferramenta faz o exame. Ao final abrirá um log: SecurityCheck.txt. Este log é salvo em C: (Disco local) na pasta SecurityCheck que foi criada. Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
.matiello 0 Denunciar post Postado Junho 24, 2016 SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16] WebSite: www.safezone.cc DateLog: 24.06.2016 15:02:12 Path starting: C:\Users\henri_000\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: henri_000 VersionXML: 3.13is-24.06.2016 ___________________________________________________________________________ Windows 10(6.3.10586) (x64) Core Lang: English(0409) Installation date OS: 28.12.2015 17:37:46 LicenseStatus: Windows®, Core edition The machine is permanently activated. LicenseStatus: Office 15, OfficeProPlusVL_KMS_Client edition Volume activation will expire : 32314 minutes Boot Mode: Normal Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe SystemDrive: C: FS: [NTFS] Capacity: [919.4 Gb] Used: [586 Gb] Free: [333.4 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.420.10586.0 User Account Control enabled Automatic download and scheduled installation Windows Update (wuauserv) - The service has stopped Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service has stopped SSDP Discovery (SSDPSRV) - The service is running Remote Desktop Services (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2013 x86 v.15.0.4569.1506 Microsoft Office 2013 x64 v.15.0.4420.1017 ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (disabled and up to date) AVG AntiVirus Free Edition (enabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Windows Firewall (MpsSvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Windows Defender (disabled and up to date) AVG AntiVirus Free Edition (enabled and up to date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- ESET Online Scanner v3 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043 HiJackThis v.1.0.0 --------------------------- [ OtherUtilities ] ---------------------------- WinRAR 5.11 beta 1 (64-bit) v.5.11.1 Warning! Download Update --------------------------------- [ IM ] ---------------------------------- Skype™ 7.18 v.7.18.109 Warning! Download Update ^Optional update.^ --------------------------------- [ P2P ] --------------------------------- µTorrent v.3.4.7.42330 Warning! P2P-client. -------------------------------- [ Java ] --------------------------------- Java 7 Update 71 v.7.0.710 Warning! This software is no longer supported. Please uninstall it and use Java SE 8. --------------------------- [ AppleProduction ] --------------------------- Bonjour v.3.1.0.1 iTunes v.12.3.3.17 Warning! Download Update ^Please use Apple Software Update tool.^ Bonjour Service (Bonjour Service) - The service is running --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 18 PPAPI v.18.0.0.194 Warning! Download Update ------------------------------- [ Browser ] ------------------------------- Google Chrome v.52.0.2743.49 [+] --------------------------- [ RunningProcess ] ---------------------------- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.52.0.2743.49 ------------------ [ AntivirusFirewallProcessServices ] ------------------- AvgAMPS (AvgAMPS) - The service has stopped C:\Program Files (x86)\AVG\Av\avgrsa.exe v.16.81.0.7640 C:\Program Files (x86)\AVG\Av\avgcsrva.exe v.16.81.0.7640 AVGIDSAgent (AVGIDSAgent) - The service is running AVG Service (avgsvc) - The service is running C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe v.1.102.2.23246 AVG Service (avgsvc) - The service is running AVG WatchDog (avgwd) - The service is running C:\Program Files (x86)\AVG\Av\avgwdsvca.exe v.16.81.0.7640 C:\Program Files (x86)\AVG\Av\avgnsa.exe v.16.81.0.7640 C:\Program Files (x86)\AVG\Av\avgemca.exe v.16.81.0.7640 C:\Program Files (x86)\AVG\Av\avgui.exe v.16.81.0.7640 C:\Program Files (x86)\AVG\Framework\Common\avguix.exe v.1.102.2.23246 McAfee Validation Trust Protection Service (mfevtp) - The service is running C:\Windows\System32\mfevtps.exe Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped Windows Defender Service (WinDefend) - The service has stopped Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped ---------------------------- [ UnwantedApps ] ----------------------------- Popcorn Time v.5.4.1.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by Xplode). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!! ----------------------------- [ End of Log ] ------------------------------ Compartilhar este post Link para o post Compartilhar em outros sites
caedurodrigues 19 Denunciar post Postado Junho 26, 2016 Boa noite, informe como esta o PC ? Compartilhar este post Link para o post Compartilhar em outros sites
.matiello 0 Denunciar post Postado Junho 29, 2016 Boa noite, o pc está normal. Você saberia me informar como faço para parar spam do meu email? Continuo recebendo emails de mim mesmo, sobre bancos, alertas, etc. Compartilhar este post Link para o post Compartilhar em outros sites
caedurodrigues 19 Denunciar post Postado Junho 29, 2016 Boa noite, isso é conhecido como spoofing. Não há muito o que fazer à esse respeito. Leia o artigo abaixo para que você possa compreender melhor sobre o assunto: http://tecnologia.uol.com.br/noticias/redacao/2013/04/23/spoofing-vitimas-de-golpe-recebem-mensagem-com-seu-proprio-endereco-de-e-mail.htm Siga os passos abaixo para encerrar o tópico. Agora vamos remover as ferramentas utilizadas na desinfecção. Baixe: <> (...par Xplode) Salve-a na sua área de trabalho. Dê dois cliques no delfix.exe para executá-lo. Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo delfix.exe,depois clique em: Marque as caixinhas, de acordo com a imagem. Clique no botão Executar. Reinicie o computador! Tudo OK ? Compartilhar este post Link para o post Compartilhar em outros sites
caedurodrigues 19 Denunciar post Postado Junho 29, 2016 Para finalizar siga as instruções abaixo: Cartilha de Segurança > << Link! Leia as várias dicas que estão contidas na Cartilha de Segurança e fique livre de infecções! Instale a extensão Adblock, para se ver livre das propagandas: >> Para Google Chrome clique aqui >> Para Firefox clique aqui >> Para Internet Explorer: 32 bits clique aqui 64 bits clique aqui Worms USB (Vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay. O Autoplay precisa de um arquivo chamado autorun.inf para funcionar. Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM. Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso. Para criar um arquivo autorun.inf protegido: Panda USB Vacine. Previna-se da instalação de PUPs com o Unchecky. Existe um vídeo demonstrando o programa. Baixe o programa Ccleaner: IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo >> pasta e crie uma nova pasta; coloque o nome de backups! Abra o programa e clique em Executar Limpeza; clique no botão Registro >> Procurar Erros >> Corrigir erro(s) selecionados(s). Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima! Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema. Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério). Basta clicar no Download Update de cada aviso, que irá para o site do desenvolvedor. Visite o Windows Update regularmente e verifique por atualizações. Novas brechas de segurança são descobertas com frequência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações. Por isso é fundamental manter o seu sistema atualizado. Compartilhar este post Link para o post Compartilhar em outros sites
.matiello 0 Denunciar post Postado Julho 1, 2016 ok, obrigado pela ajuda! Compartilhar este post Link para o post Compartilhar em outros sites
caedurodrigues 19 Denunciar post Postado Julho 4, 2016 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites