Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14394 usuários registrados
O último usuário registrado atende pelo nome de graftt

Os nossos membros postaram um total de 34753 mensagens em 3538 assuntos
Últimos assuntos
» virus adware malware
por joram Hoje à(s) 07:42

Quem está conectado
5 usuários online :: 1 usuário cadastrado, Nenhum Invisível e 4 Visitantes :: 2 Motores de busca

Ademir

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Abril 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930

Calendário Calendário


PC com vírus de pendrive e propagandas

Página 1 de 3 1, 2, 3  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 10:33

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:40, on 04/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marineide\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files\SaveSense\SaveSenseIE.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BeatTool - {95ffef7e-d5b7-4afb-9b49-da6f9ee962d0} - C:\Program Files\BeatTool\BeatToolbho.dll (file missing)
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Você precisa estar registrado e conectado para ver este link.]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs:  C:\PROGRA~1\MOVIES~1\SAFETY~1\SAFETY~2.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update BeatTool - Unknown owner - C:\Program Files\BeatTool\updateBeatTool.exe (file missing)
O23 - Service: Util BeatTool - Unknown owner - C:\Program Files\BeatTool\bin\utilBeatTool.exe (file missing)
O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\ProgramData\WPM\wprotectmanager.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 8280 bytes
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 10:35

  Olá Luiz.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 11:00

Já estou desde o momento da indicação de uso do Adwcleaner que ele ainda esta na fase de analise, estou estranhando essa demora, seria prudente ir para o modo seguro e rodar ele?
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 11:02

Sim, no modo seguro ele deverá fazer mais rapidamente a limpeza.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 11:13

Já estou com 10 minutos e nada de conclusão do exame para poder mandar limpar. Qual sugestão?
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 11:13

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 11:24

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Marineide on 04/05/2014 at 11:20:45,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funmoods
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
Successfully deleted: [File] C:\Windows\System32\Tasks\SaveSense
Successfully deleted: [File] C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Successfully deleted: [File] C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\savesenselive"
Successfully deleted: [Folder] "C:\Users\Marineide\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\Marineide\AppData\Roaming\funmoods"
Successfully deleted: [Folder] "C:\Users\Marineide\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Marineide\AppData\Roaming\savesense"
Successfully deleted: [Folder] "C:\Program Files\funmoods"
Successfully deleted: [Folder] "C:\Program Files\savesense"
Successfully deleted: [Folder] "C:\Program Files\savesenselive"



~~~ FireFox

Successfully deleted: [File] C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\user.js
Successfully deleted: [File] C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\searchplugins\funmoods.xml
Successfully deleted: [Folder] C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\extensions\ffxtlbr@funmoods.com
Successfully deleted: [Folder] C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
Successfully deleted the following from C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\prefs.js

user_pref("extensions.funmoods.aflt", "1543n");
user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
user_pref("extensions.funmoods.cd", "2XzuyEtN2Y1L1Qzu0EzztDtAzy0AyEtD0E0A0BtB0ByCyEyDtN0D0Tzu0CyBtCtCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1CzutCyDyEtA1G");
user_pref("extensions.funmoods.cntry", "BR");
user_pref("extensions.funmoods.cr", "1242516506");
user_pref("extensions.funmoods.cv", "cv5");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "B8A8D6F8356E36C098BEF98C150A138A");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=1543n&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AyEtD0E0A0BtB0ByCyEyDtN0D0Tzu0CyBtCtCtN1L2XzutBtFtBtFzztFtCtByEy
user_pref("extensions.funmoods.id", "E8039A40EAB2B645");
user_pref("extensions.funmoods.instlDay", "16050");
user_pref("extensions.funmoods.instlRef", "");
user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=1543n&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AyEtD0E0A0BtB0ByCyEyDtN0D0Tzu0CyBtCtCtN1L2XzutBtFtBtFzztFtCtBy
user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"259\",\"lastVrsn\":\"259\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=1543n&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AyEtD0E0A0BtB0ByCyEyDtN0D0Tzu0CyBtCtCtN1L2XzutBtFtBtFzztFtCt
user_pref("extensions.funmoods.vrsn", "1.8.20.0");
user_pref("extensions.funmoods.vrsni", "1.8.20.0");
user_pref("extensions.funmoods_i.hmpg", true);
user_pref("extensions.funmoods_i.newTab", false);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.8.20.015:29:13");
Emptied folder: C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\minidumps [7 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Marineide\appdata\local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Successfully deleted: [Folder] C:\Users\Marineide\appdata\local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/05/2014 at 11:24:46,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 11:25

Tente agora fazer a limpeza com o AdwCleaner e veja se é possível. Se ele continuar lento você me fala que a gente busca outras alternativas.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 11:31

Do mesmo jeito, vai imagem para visualização.
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 11:33

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 12:00


Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Marineide on 04/05/2014 at 11:36:43,38.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marineide\Desktop\zoek.pif [Scan all users] [Script inserted]

==== System Restore Info ======================

04/05/2014 11:37:38 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update BeatTool deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com.br/");
user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
user_pref("keyword.URL", "");

Added to C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default

user.js not found
---- Lines funmoods removed from prefs.js ----
user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"259\",\"lastVrsn\":\"259\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\
---- FireFox user.js and prefs.js backups ----

prefs_052014_1150_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

==== Deleting Files \ Folders ======================

C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml deleted
C:\Program Files\SupTab deleted
C:\Users\Marineide\AppData\Roaming\SupTab deleted
C:\Users\Marineide\AppData\Roaming\webssearches deleted
C:\PROGRA~2\IePluginService deleted
C:\PROGRA~2\WPM deleted
C:\Users\Marineide\AppData\Local\BIT7D1.tmp deleted
C:\Users\Marineide\AppData\Local\SaveSenseLive deleted
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx deleted
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense deleted
C:\Windows\tasks\SaveSense.job deleted
C:\Windows\system32\tasks\Funmoods deleted
C:\Windows\system32\tasks\Baidu PC Faster Update deleted
"C:\Users\Marineide\AppData\Local\{713EA690-8B2A-45C7-94C8-B9AB199C2E42}" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"quick_start@gmail.com"="C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\extensions\quick_start@gmail.com" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [13/01/2013 12:50]

==== Firefox Extensions ======================

ProfilePath: C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default
- Advanced SystemCare Surfing Protection - C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\extensions\ascsurfingprotection@iobit.com
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- Funmoods - %ProfilePath%\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Marineide\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
F833DD5D8F959819F44BC98F47B1B6BB - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
65D09D8BC91D74C8800725EB33D1EE1B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
11B27E47D0217C20BFF2490AB657BE67 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll - Silverlight Plug-In
D19E6B87675A40D252EB8669F68403C5 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrlui.dll - Microsoft (R) Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx[22/04/2013 19:01]
pelmeidfhdlhlbjimpabfcbnnojbboma - C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx[]

Google Docs - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Plus-HD-2.2 - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Advanced SystemCare Surfing Protection - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Google Wallet - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo deleted successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0.localstorage deleted successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0.localstorage-journal deleted successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0 deleted successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://istart.webssearches.com/?type=hp&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457"
"Start Page Restore"="http://www.msn.com/"
"Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://istart.webssearches.com/web/?type=ds&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457&q={searchTerms}"
"Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457"
"Start Page"="http://istart.webssearches.com/?type=hp&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457"
"Search Page"="http://istart.webssearches.com/web/?type=ds&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Start Page Restore"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=MSNTLB&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{95ffef7e-d5b7-4afb-9b49-da6f9ee962d0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95ffef7e-d5b7-4afb-9b49-da6f9ee962d0} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\quick_start@gmail.com deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Marineide\Desktop\Microsoft Office PowerPoint 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Marineide\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Marineide\Desktop\mateus mc`s\Brasfoot 2013.lnk - C:\Brasfoot2013\bf2013.exe
C:\Users\Marineide\Desktop\mateus mc`s\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced SystemCare 6.lnk - C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP ePrinterCenter.lnk - C:\Program Files\HP\Digital Imaging\AppStudio\hpzsip.url
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe
C:\Users\Public\Desktop\SpywareBlaster.lnk - C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Users\Public\Desktop\Uninstaller.lnk - C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH

==== shortcuts in Users Start Menu ======================

C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.]

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [Você precisa estar registrado e conectado para ver este link.]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brasfoot 2014\Manual do Brasfoot 2014.lnk - C:\Brasfoot2014\Manual_Brasfoot_2014.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brasfoot2014\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully

==== Empty IE Cache ======================

C:\Users\Marineide\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marineide\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Marineide\AppData\Local\Mozilla\Firefox\Profiles\5kjvvgjb.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=361 folders=85 8491458 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Marineide\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\MARINE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 04/05/2014 at 11:58:10,01 ======================
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 12:03

Faça o download do Malwarebytes em um destes links abaixo:
[Você precisa estar registrado e conectado para ver este link.]
[Você precisa estar registrado e conectado para ver este link.]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 13:12

Malwarebytes Anti-Malware
[Você precisa estar registrado e conectado para ver este link.]

Data de Verificação: 04/05/2014
Hora da Verificação: 13:06:43
Logfile: LOG.txt
Administrador: Sim

Versão: 2.00.1.1004
Malware Database: v2014.05.04.06
Rootkit Database: v2014.03.27.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Chameleon: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Marineide

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 325803
Tempo Decorrido: 46 min, 38 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 46
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [7ceaef5eec8f8caa776d62bed82ab14f],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [7ceaef5eec8f8caa776d62bed82ab14f],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [7ceaef5eec8f8caa776d62bed82ab14f],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, Quarantined, [7ceaef5eec8f8caa776d62bed82ab14f],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}, Quarantined, [491df35a15661a1c4ff085ccfd0543bd],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}, Quarantined, [491df35a15661a1c4ff085ccfd0543bd],
PUP.Optional.SaveSense, HKU\S-1-5-21-3294059013-1081372751-996367163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}, Quarantined, [8cdae7666a11f3435a2f67f01fe316ea],
PUP.Optional.SaveSense, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}, Quarantined, [8cdae7666a11f3435a2f67f01fe316ea],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}, Quarantined, [6ef824296516c96d52ec6ae7a85a22de],
PUP.Optional.BeatTool.A, HKLM\SOFTWARE\BeatTool, Quarantined, [f76f62ebea916acc04d41868af5321df],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\SaveSense, Quarantined, [b1b580cd047765d16bd5c2f0768d748c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\SaveSenseLive, Quarantined, [fc6a1736651645f18eb3664c36cd58a8],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\webssearchesSoftware, Quarantined, [02642726fb802115b56f047c7a8844bc],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [97cf71dc1a6192a47ebe7b37a06321df],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine, Quarantined, [3036de6f95e64ee8ca72f2c003007c84],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [96d0a3aa512ad0665ede545ed42f54ac],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [f96d76d7e9921a1c9f9d0ca69271f40c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync, Quarantined, [0561410c75063105211bcfe305fe14ec],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [5313024ba3d8c571e953cfe3d231768a],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass, Quarantined, [8cda8bc2e596a19576c6565c0af97789],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, Quarantined, [590d60ed5d1e63d30339b3ff36cd09f7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass, Quarantined, [70f63d107dfe42f4320aa50d847f7a86],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [2c3ab09de992ae8848f4664ccf34857b],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine, Quarantined, [1551b8953f3c7cba50ecc5ed3fc4a35d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [3234490492e98da9ae8e4e649c67649c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine, Quarantined, [86e0e16ce992989e56e6664ca261ae52],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [79edaca12754181e74c8634f996ae719],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [8adc97b6b1ca4fe77ebe278b1fe4f40c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [dd893e0f5c1fdf57b884179b37cc1be5],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher, Quarantined, [194da0ad3e3d2c0ae557456d20e327d9],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [b1b573dac0bb7cbad5676a481fe4bb45],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [20460f3e0b70c07625179f13f1123dc3],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, Quarantined, [f27451fc4f2cb1850438585aea190ef2],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine, Quarantined, [3f27fb521c5f082efe3ee1d1f60d36ca],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [2b3bfa53bcbf2b0bdb610fa3b152ad53],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback, Quarantined, [6bfb0746cdaeb68064d8941eb44fd42c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [a5c1e06de893270fa894c9e943c06e92],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, Quarantined, [da8cd578b9c20b2b5ae24a68e320be42],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, Quarantined, [3b2bc38a601b77bf65d75161a65d59a7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exe, Quarantined, [e383fc515229b284d3689e145ca78d73],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=3, Quarantined, [eb7b53fa502b171fd16ecce6b74caf51],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=9, Quarantined, [ed7962eb93e80333251aded42ed5b848],
PUP.Optional.BeatTool.A, HKU\S-1-5-21-3294059013-1081372751-996367163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BeatTool, Quarantined, [b2b46ae33348c96db02778085ba746ba],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-3294059013-1081372751-996367163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\funmoodsToolbar, Quarantined, [98ce51fc6b105ed8c53f1197847f16ea],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-3294059013-1081372751-996367163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSense, Quarantined, [83e3a9a4bbc01323aa93cee449ba57a9],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-3294059013-1081372751-996367163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLive, Quarantined, [93d3a4a9c3b89e980836a210e81be719],

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[cc9a97b62754b581fdba8faa55afee12]

Pastas: 0
(No malicious items detected)

Arquivos: 6
PUP.Optional.InstalleRex, C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\File System\018\t\00\00000000, Quarantined, [6afcaba2215aaa8cc04d412c10f16f91],
PUP.Optional.Spigot.A, C:\Users\Marineide\Downloads\191-aTubeCatcher.exe, Quarantined, [b6b0410c7605b0864eb3a47e0af75ca4],
PUP.Optional.Somoto.A, C:\Users\Marineide\Local Settings\Application Data\Bundled software uninstaller\biclient.exe, Quarantined, [481e58f542395bdb8b8c8b8a8081c937],
PUP.Optional.IePluginService.A, C:\zoek_backup\C_PROGRA~2_IePluginService\PluginService.exe, Quarantined, [3135ba93641770c6a60280d3b34e07f9],
PUP.Optional.WpManager, C:\zoek_backup\C_PROGRA~2_WPM\wprotectmanager.exe, Quarantined, [a3c34607ccaf72c4d7263e1f6d94a957],
PUP.Optional.SupTab.A, C:\zoek_backup\C_Users_Marineide_AppData_Roaming_SupTab\SupTab.dll, Quarantined, [d6905eef5f1c0f27e66723121de3837d],

Physical Sectors: 0
(No malicious items detected)


(end)
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 13:14

Faça o download do < ZHPDiag2.exe > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 13:24

Não sei o que ta havendo o ZHP deu problema veja nas duas imagens.
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 13:26

Você pode tentar fazer assim: vá no painel de controle e desinstale o Zhp. Depois vá na pasta dele em Program Filles (ou Arquivos de programas) e delete a pasta dele. Depois baixe-o no link que te passei dele e reinstale-o e depois poste o log dele.

Se mesmo assim não for possível me avise.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 13:33

Mesmo problema, interessante ele na instalação não ta em português.
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 13:35

Baixe o Farbar Recovery Scan Tool e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

Analise importantes áreas do Windows com Farbar Recovery Scan Tool (versão 32 bits)

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 13:49

segue os logs
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 15:07

Nesse tempo de espera resolvi rodar o adwcleaner então como deu certo vai o log,

# AdwCleaner v3.206 - Relatório criado 04/05/2014 às 15:02:50
# Atualizado 04/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Marineide - MARINEIDE-PC
# Executando de : C:\Users\Marineide\Desktop\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
Arquivo Deletada : C:\Windows\Tasks\Funmoods.job

***** [ Atalhos ] *****


***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AEA210B-A0B7-47B5-B5CB-CD8D26C7A0B7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AEA210B-A0B7-47B5-B5CB-CD8D26C7A0B7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\supTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\MOVIES~1\SAFETY~1\SAFETY~2.DLL
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

*************************

AdwCleaner[R0].txt - [18061 octets] - [04/05/2014 10:38:45]
AdwCleaner[R1].txt - [18061 octets] - [04/05/2014 11:06:00]
AdwCleaner[R2].txt - [12245 octets] - [04/05/2014 11:27:25]
AdwCleaner[R3].txt - [4052 octets] - [04/05/2014 15:02:14]
AdwCleaner[S0].txt - [3914 octets] - [04/05/2014 15:02:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3974 octets] ##########
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 15:08

Boa notícia. Estava no almoço, mas agora vou verificar os outros logs.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 15:15

Seria bom você executar novamente o Farbar e postar novos logs dele para vermos como está depois do Adwcleaner.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 15:23

Seguem.
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Power Max em Dom 04 Maio 2014, 16:02

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por luizvilarinho em Dom 04 Maio 2014, 16:13

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:04-05-2014
Ran by Marineide at 2014-05-04 16:13:03 Run:1
Running from C:\Users\Marineide\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-3294059013-1081372751-996367163-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3294059013-1081372751-996367163-1000\...\MountPoints2: {8897e703-cdfa-11e1-8bc6-e81132a9c57e} - F:\AutoRun.exe
SearchScopes: HKLM - DefaultScope value is missing.
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S1 Bnbase; System32\drivers\bnbasex.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys [X]
2014-04-19 08:57 - 2013-10-18 20:22 - 00000000 ____D () C:\Program Files\Baidu Security
2014-04-18 10:16 - 2013-10-18 20:27 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-04-18 10:16 - 2013-10-18 20:27 - 00000000 ____D () C:\ProgramData\Baidu Security
BeatTool (HKLM\...\BeatTool) (Version: 2014.04.17.224819 - BeatTool)
QuickShare (HKLM\...\{49CA0203-1447-4444-8C29-2185CFEFD3A1}) (Version: 10.159.1.12889 - Linkury Inc.) <==== ATTENTION
webssearches uninstaller (HKLM\...\webssearches uninstaller) (Version: - webssearches) <==== ATTENTION
Task: {374DB01A-05FC-4BA9-B430-55793639809A} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {82B97EDC-1D8A-424A-8571-4EC1B371D066} - \Baidu PC Faster Update No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:5C321E34
end
*****************

HKU\S-1-5-21-3294059013-1081372751-996367163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3294059013-1081372751-996367163-1000 => Key not found.
HKU\S-1-5-21-3294059013-1081372751-996367163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8897e703-cdfa-11e1-8bc6-e81132a9c57e} => Key deleted successfully.
HKCR\CLSID\{8897e703-cdfa-11e1-8bc6-e81132a9c57e} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
Bfilter => Service deleted successfully.
Bfmon => Service deleted successfully.
Bhbase => Service deleted successfully.
BHipsEx => Service deleted successfully.
Bnbase => Service deleted successfully.
Bndef => Service deleted successfully.
Bprotect => Service deleted successfully.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
C:\Program Files\Baidu Security => Moved successfully.
C:\Users\Todos os Usuários\Baidu Security => Moved successfully.
"C:\ProgramData\Baidu Security" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{374DB01A-05FC-4BA9-B430-55793639809A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{374DB01A-05FC-4BA9-B430-55793639809A} => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82B97EDC-1D8A-424A-8571-4EC1B371D066} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82B97EDC-1D8A-424A-8571-4EC1B371D066} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update => Key deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"C:\Users\Todos os Usuários\TEMP" => ":373E1720" ADS not found.
"C:\Users\Todos os Usuários\TEMP" => ":5C321E34" ADS not found.

==== End of Fixlog ====
avatar
luizvilarinho
Membro
Membro

Mensagens : 753
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com vírus de pendrive e propagandas

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 3 1, 2, 3  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum