Banner de propaganda em todos sites !

Boa tarde galera, mais um problema, não sei de onde tá vindo tanta coisa, mas tá difícil, sem baixar nada aparece esse tanto de coisa, imagina se tivesse muito download, hein?

Galera, hoje apareceu isso aqui que imagino ser um vírus e não consigo retirar, todo site que abro aparece esse banner e não tem como retirar.
Me ajudem !

Postei um print em anexo !

 Olá Gustavo!

Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

*Execute-o e clique no botão Main Menu.

* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].

*Um relatório será apresentado.

*Selecione todo o conteúdo deste relatório, copie (Ctrl+c), volte ao seu tópico e cole (Ctrl+v).

*Finalmente, clique no botão [Enviar].

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:00:11, on 22/12/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17256)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gustavo Soares\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gustavo Soares\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{495847DA-391F-4067-8E2A-E5C43E829FE0}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1,198.153.192.40,198.153.194.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{7462C488-36A1-4952-88F3-2AFA91CCB58B}: NameServer = 200.222.41.83 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{495847DA-391F-4067-8E2A-E5C43E829FE0}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1,198.153.192.40,198.153.194.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{495847DA-391F-4067-8E2A-E5C43E829FE0}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1,198.153.192.40,198.153.194.40
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

--
End of file - 8746 bytes

Siga, por gentileza, as dicas do tutorial abaixo para definir um DNS mais seguro para seu PC:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Depois disto poste um novo log do Hijackthis e nos diga se o problema foi resolvido.

Ficamos na espera.

Marcos Felipe
segui o tutorial, troquei o DNS e não funcionou =/

segue o relatório:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:28:09, on 22/12/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17256)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Users\Gustavo Soares\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gustavo Soares\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{495847DA-391F-4067-8E2A-E5C43E829FE0}: NameServer = 198.153.192.60,198.153.194.60,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7462C488-36A1-4952-88F3-2AFA91CCB58B}: NameServer = 198.153.192.60,198.153.194.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{495847DA-391F-4067-8E2A-E5C43E829FE0}: NameServer = 198.153.192.60,198.153.194.60,192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{495847DA-391F-4067-8E2A-E5C43E829FE0}: NameServer = 198.153.192.60,198.153.194.60,192.168.2.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

--
End of file - 8489 bytes

Siga, por gentileza, as dicas dos tutoriais abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt e o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt e nos diga como está seu PC depois destes procedimentos.

Ficamos na espera.

Marcos Felipe,
passei o adwcleaner e com isso reiniciou o pc, abri agora e não apareceu.
Pode ter sido o Angel que só funcionou após reiniciar ou foi o adwcleaner mesmo.

Agradeço imensamente pela atenção, a galera aqui do fórum tá de parabéns pela disposição e atenção, muito obrigado mesmo !

Tópico reaberto a pedido do autor via MP.

Valeu Antônio, muito obrigado !

Seguem os logs pedidos:
# ADwcleanerner v3.016 - Relatório criado 23/12/2013 às 09:34:02
# Atualizado 23/12/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Gustavo Soares - GUSTAVO-PC
# Executando de : C:\Users\Gustavo Soares\Downloads\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7600.17256


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\Gustavo Soares\AppData\Roaming\Mozilla\Firefox\Profiles\qyasuxtc.default-1384876832046\prefs.js ]


-\\ Google Chrome v

[ Arquivo : C:\Users\Gustavo Soares\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [939 octets] - [22/12/2013 18:30:15]
AdwCleaner[R1].txt - [1057 octets] - [23/12/2013 09:14:34]
AdwCleaner[R2].txt - [1550 octets] - [23/12/2013 09:33:34]
AdwCleaner[S0].txt - [996 octets] - [22/12/2013 18:30:50]
AdwCleaner[S1].txt - [1116 octets] - [23/12/2013 09:15:00]
AdwCleaner[S2].txt - [1458 octets] - [23/12/2013 09:34:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1518 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x86
Ran by Gustavo Soares on 23/12/2013 at 9:28:47,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Gustavo Soares\AppData\Roaming\mozilla\firefox\profiles\qyasuxtc.default-1384876832046\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/12/2013 at 9:29:54,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Continua aparecendo, agora além de aparecer o banner nos sites, aparece nos adsenses do google também !

Siga também esta dica, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Depois disto é só você postar o relatório do Zoek que estará em C:\zoek-results aqui em seu tópico.

Ficamos no aguardo.

Não funcionou tb = /

Zoek.exe v5.0.0.0 Updated 21-December-2013
Tool run by Gustavo Soares on 23/12/2013 at 10:52:47,49.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gustavo Soares\Desktop\My Shared Folder\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

23/12/2013 10:53:27 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02/04/2013 12:24]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02/04/2013 12:24]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Gustavo Soares\AppData\Roaming\Mozilla\Firefox\Profiles\qyasuxtc.default-1384876832046
- SafeBrowse1.0.2 - %ProfilePath%\extensions\safebrowse@safebrowse.co

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Gustavo Soares\AppData\Roaming\Mozilla\Firefox\Profiles\qyasuxtc.default-1384876832046
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
C36444D7301A8C881FC7296B092609C7 - C:\Users\Gustavo Soares\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\Gustavo Soares\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\Gustavo Soares\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\Gustavo Soares\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
341B3AE026B143DBC17BA1E1E0BAE3D6 - C:\Users\Gustavo Soares\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
632F5B29E8C27631E7AC76E330FE2980 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U7
AB87C54CA19675880B0CAE65B8AF140C - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.70.11
CF46E0E1398B382CE0CE738C67A38DD1 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
8006FC6A9A7C3168EF15DBA842C3AFC5 - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll - Silverlight Plug-In
A055971A27B8B767F5F0858B8F299282 - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
C04B0BCA15F30CF7D68E7733997EA90B - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrlui.dll - Microsoft (R) Silverlight
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== shortcuts on Users Desktops ======================

C:\Users\Gustavo Soares\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Gustavo Soares\Desktop\Conexão de Banda Larga - Atalho.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Gustavo Soares\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnk - C:\Program Files\Unlocker\README.TXT
C:\Users\Gustavo Soares\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker Assistant.lnk - C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Users\Gustavo Soares\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnk - C:\Program Files\Unlocker\Unlocker.exe
C:\Users\Gustavo Soares\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk - C:\Program Files\Unlocker\uninst.exe
C:\Users\Gustavo Soares\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnk - C:\Program Files\Unlocker\Unlocker.url

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gustavo Soares\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gustavo Soares\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gustavo Soares\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Gustavo Soares\AppData\Local\Mozilla\Firefox\Profiles\qyasuxtc.default-1384876832046\Cache will be emptied at reboot

==== Empty Chrome Cache ======================

C:\Users\Gustavo Soares\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Gustavo Soares\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\GUSTAV~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Gustavo Soares\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 23/12/2013 at 11:00:02,06 ======================

alguma ideia ?

Neste momento você está acessando a internet pelo roteador ou não?

Não, Marcos, meu acesso é direto ao cabo.

Gustavo Soares Nogueira escreveu:Não, Marcos, meu acesso é direto ao cabo.

1)
Copie o comandos em linha Azul abaixo:
netsh interface ipv4 add dnsservers "Conexão local" 198.153.192.60
netsh interface ipv4 add dnsservers "Conexão local" 198.153.194.60

2)
Baixe o arquivo em anexo -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] extraia o arquivo ADD-DNS.bat para o Desktop.
Clique com o botão direito do mouse sobre o arquivo Add-DNS.bat, e clique em (Executar como Administrador)
Cole a linha em azul na janela do prompt com o botão direito no mouse e clique em colar. Tecla duas vezes em [ENTER]


Reinicie seu computador, e veja se resolve o problema!

Brando, infelizmente não funcionou = /

Olá Gustavo Soares Nogueira


Instale este programa:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Brando, testei uma coisa aqui e funcionou amigo, espero que ajude.
Minha namorada tem um blog e ele usa o adsense, percebi que só aparecia esse banner nos sites com adsense, fui nas configurações do blog dela e retirei o adsense, adivinha ? Não apareceu mais no blog dela e continua aparecendo nas outras páginas com esse programa.
Será que tem alguma ideia a partir disso ?

Tentou o programa que informei?

Instalei Wings, não deu certo !

Olá Gustavo.

Instale o Superantispyware > Atualize-o (faça um update) > Faça uma verificação completa com ele e remova os problemas ele encontrar. Maiores informações sobre ele você encontra neste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Depois disto poste o relatório dele aqui em seu tópico e nos diga como está o PC depois disto.

Valeu Marcos, ontem foi meio atabalhoado, não deu pra mexer.
Vou baixar agora e te passo o log!

Gustavo Soares Nogueira escreveu:Valeu Marcos, ontem foi meio atabalhoado, não deu pra mexer.
Vou baixar agora e te passo o log!

  Ok, ficamos na espera.