Spyder.RV 0 Denunciar post Postado Novembro 7, 2013 Boa noite. Meu Chrome tem aparecido vários anúncios do google com a indicação "Ad not from this site". Podem me ajudar? Segue log do Hijack this: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:56:27, on 07/11/2013 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Users\Wemerson\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe C:\Users\Wemerson\AppData\Roaming\uTorrent\uTorrent.exe C:\Zend Server Free\Apache2\bin\ApacheMonitor.exe C:\Users\Wemerson\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe C:\Malware Removal Tools\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Wemerson\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [LightShot] C:\Users\Wemerson\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue O4 - HKCU\..\Run: [uTorrent] "C:\Users\Wemerson\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - Startup: Dropbox.lnk = Wemerson\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Apache Web Server Monitor.lnk = C:\Zend Server Free\Apache2\bin\ApacheMonitor.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apache2.2-Zend - Apache Software Foundation - C:\Zend Server Free\Apache2\bin\httpd.exe O23 - Service: Broadcom Card Reader Service (BrcmCardReader) - Broadcom Corp. - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MySQL_ZendServer55 - Unknown owner - C:\Zend.exe (file missing) O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Zend Deployment (ZendDeployment) - Zend Technologies Ltd. - C:\Zend Server Free\ZendServer\bin\zdd.exe O23 - Service: Zend Job Queue (ZendJobQueue) - Zend Technologies Ltd - C:\Zend Server Free\ZendServer\bin\jqd.exe O23 - Service: Zend Monitor (ZendMonitor) - Zend Technologies Ltd. - C:\Zend Server Free\ZendServer\bin\MonitorNode.exe O23 - Service: Zend Server Daemon (ZendServerDaemon) - Zend Technologies Ltd. - C:\Zend Server Free\ZendServer\bin\zsd.exe O23 - Service: Zend Session Clustering (ZendSessionClustering) - Zend Technologies Ltd - C:\Zend Server Free\ZendServer\bin\scd.exe -- End of file - 12276 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 7, 2013 Bom Dia! Spyder.RV|- Baixe: < zoek > ( ... by Smeenk )|- Ou aqui! < zoek.exe >|- Salve-o no desktop!|- Desabilite seu antivírus!|- Para Windows 7,execute zoek.exe como administrador.hijackthis;chromelook;chrdefaults;emptyCHRcache;autoclean;emptyalltemp;|- Copie e cole estas informações,em vermelho,no campo da ferramenta.|- Clique "Run Script". Zoek.exe is running now.Do not start any browser windows, they will be closed automatically.Please wait! This window will close when finished.A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log |- Surgirão estas informações,pedindo-lhe que aguarde o relatório.|- Aceite e/ou confirme o reboot! zoek.hta failed by unknown error.Restart computer, and try again. |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.|- Poste o relatório,que estará em C:\zoek-results.txt <<A+ Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Novembro 7, 2013 Bom dia. Segue log do zoek: Zoek.exe Version 4.0.0.5 Updated 05-November-2013 Tool run by Wemerson on 07/11/2013 at 7:24:57,54. Microsoft Windows 8 Single Language 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Malware Removal Tools\zoek\zoek.exe [script inserted] ==== System Restore Info ====================== 07/11/2013 07:26:15 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Orbitdownloader deleted "C:\ProgramData\boost_interprocess\Nobu64AgentService" deleted "C:\ProgramData\boost_interprocess\Nobu64TrayIcon" deleted "C:\ProgramData\boost_interprocess" not deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn" [07/11/2013 07:10] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Wemerson\AppData\Roaming\Mozilla\Firefox\Profiles\lkzu9a7j.default - Undetermined - %ProfilePath%\extensions\{35379F86-8CCB-4724-AE33-4278DE266C70} - Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Wemerson\AppData\Roaming\Mozilla\Firefox\Profiles\lkzu9a7j.default 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Users\Wemerson\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx[20/07/2012 13:05] Google Translate - Wemerson - Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb Google Docs - Wemerson - Default\Extensions\aohghmighlieiainnegkcijnfilokake MeasureIt - Wemerson - Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma Google Drive - Wemerson - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Translator - Wemerson - Default\Extensions\baphblbjhblgjocinamnmbpceogpfedo YouTube - Wemerson - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Video Downloader App - Wemerson - Default\Extensions\chbpmcamcadeeokgbicphbfemcobdkfb Google Search - Wemerson - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Search by Image by Google - Wemerson - Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm Read Later Fast - Wemerson - Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji Vimeo™ Download Videos - Wemerson - Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg Climatempo - Wemerson - Default\Extensions\hdpadclmjnppejbenfgklgaganbefgad AngularJS Batarang - Wemerson - Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk HTML5 Web Development IDE - Wemerson - Default\Extensions\kheidghjolippfddjfloeinafjkcgcic Norton Identity Protection - Wemerson - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Wemerson - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Feed Intent Viewer - Wemerson - Default\Extensions\oceapojkdgeophkjdijkpbjifdnfimdh My Video Downloader - Wemerson - Default\Extensions\olmphffblbgmkppinaakhhmbmgjgamlm Intel\u00AE XDK - Wemerson - Default\Extensions\onmkoldigcfmebcinpmineoadckalllb Gmail - Wemerson - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://acer13.msn.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://acer13.msn.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4238389671-1318486314-345164983-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Wemerson\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [LightShot] C:\Users\Wemerson\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue O4 - HKCU\..\Run: [uTorrent] "C:\Users\Wemerson\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - Startup: Dropbox.lnk = Wemerson\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Apache Web Server Monitor.lnk = C:\Zend Server Free\Apache2\bin\ApacheMonitor.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apache2.2-Zend - Apache Software Foundation - C:\Zend Server Free\Apache2\bin\httpd.exe O23 - Service: Broadcom Card Reader Service (BrcmCardReader) - Broadcom Corp. - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MySQL_ZendServer55 - Unknown owner - C:\Zend.exe (file missing) O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Zend Deployment (ZendDeployment) - Zend Technologies Ltd. - C:\Zend Server Free\ZendServer\bin\zdd.exe O23 - Service: Zend Job Queue (ZendJobQueue) - Zend Technologies Ltd - C:\Zend Server Free\ZendServer\bin\jqd.exe O23 - Service: Zend Monitor (ZendMonitor) - Zend Technologies Ltd. - C:\Zend Server Free\ZendServer\bin\MonitorNode.exe O23 - Service: Zend Server Daemon (ZendServerDaemon) - Zend Technologies Ltd. - C:\Zend Server Free\ZendServer\bin\zsd.exe O23 - Service: Zend Session Clustering (ZendSessionClustering) - Zend Technologies Ltd - C:\Zend Server Free\ZendServer\bin\scd.exe ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wemerson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wemerson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Wemerson\AppData\Local\Mozilla\Firefox\Profiles\lkzu9a7j.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Wemerson\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\boost_interprocess" not deleted ==== EOF on 07/11/2013 at 7:34:23,78 ====================== Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 7, 2013 Bom Dia! Spyder.RV|- Execute este script na ferramenta Zoek.mkfokfffehpeedafpekjeddnmnjhmcmk;chrC:\ProgramData\boost_interprocess;fC:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx;fs|- Poste o relatório!-/-|- Baixe: < > ( ... par Xplode )|- Ao acessar,clique na imagem: < >|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".|- Salve-o no desktop!|- Clique direito em adwcleaner.exe,e escolha sua execução como |- Ps: Dê início à ferramenta,clicando em "Scan".|- Clique "Clean",caso fique disponível,para cada guia acessada em "Results".|- Clique nas setinhas laterais,para ter acesso às guias "Firefox" ou "Chrome". < >|- Ao concluir,clique "Report".< C:\AdwCleaner\AdwCleaner[s0].txt > ou < C:\AdwCleaner\AdwCleaner[s1].txt > ;S2, S3;...|- Poste todos os relatórios que estarão em C:\AdwCleaner <<-/-|- Baixe: < > ( ... by Oleg N. Scherbakov )|- Salve-o no desktop!|- Desabilite seu antivírus!|- Para Windows 7,clique direito em JRT.exe e execute-o ... |- Aguarde a conclusão e poste o relatório. ( JRT.txt )A+ Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Novembro 7, 2013 Seguem os logs do zoek, adwCleaner e JRT conforme solicitado: Obs: O Chrome parou de funcionar após rodar o JRT... dá a mensagem: C:\Users\Wemerson\AppData\Local\Google\Chrome\Application\chrome.exeClasse não registrada zoek Zoek.exe Version 4.0.0.5 Updated 05-November-2013Tool run by Wemerson on 07/11/2013 at 10:26:18,25.Microsoft Windows 8 Single Language 6.2.9200 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Malware Removal Tools\zoek\zoek.exe [script inserted]==== Older Logs ======================C:\zoek-results2013-11-07-093423.log 18409 bytes==== Running Processes ======================C:\Zend Server Free\Apache2\bin\httpd.exeC:\Program Files (x86)\Launch Manager\dsiwmis.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Zend Server Free\MySQL55\bin\mysqld.exeC:\Program Files (x86)\OpenVPN\bin\openvpnserv.exeC:\Program Files (x86)\OpenVPN\bin\openvpn.exeC:\Windows\SysWOW64\vmnat.exeC:\Zend Server Free\ZendServer\bin\zdd.exeC:\Zend Server Free\Apache2\bin\httpd.exeC:\Zend Server Free\ZendServer\bin\php-cgi.exeC:\Zend Server Free\ZendServer\bin\MonitorNode.exeC:\Zend Server Free\ZendServer\bin\zsd.exeC:\Zend Server Free\ZendServer\bin\scd.exeC:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exeC:\Windows\SysWOW64\vmnetdhcp.exeC:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exeC:\Zend Server Free\ZendServer\bin\php-cgi.exeC:\Zend Server Free\ZendServer\bin\php-cgi.exeC:\Program Files (x86)\Launch Manager\LMutilps32.exeC:\Program Files (x86)\Launch Manager\LManager.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Users\Wemerson\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exeC:\Users\Wemerson\AppData\Roaming\uTorrent\uTorrent.exeC:\Zend Server Free\Apache2\bin\ApacheMonitor.exeC:\Program Files (x86)\RadioController\RfBtnHelper.exeC:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exeC:\Users\Wemerson\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exeC:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exec:\Program Files (x86)\Nero\Update\NASvc.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Users\Wemerson\AppData\Roaming\JetBrains\WebStorm 7.0.1\bin\WebStorm.exeC:\Users\Wemerson\AppData\Roaming\JetBrains\WebStorm 7.0.1\bin\fsnotifier.exeC:\Malware Removal Tools\zoek\zoek.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe==== Deleting Files \ Folders ======================"C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx" not deleted"C:\ProgramData\boost_interprocess\Nobu64AgentService" deleted"C:\ProgramData\boost_interprocess\Nobu64TrayIcon" deleted"C:\ProgramData\boost_interprocess" not deleted==== Chrome Look ======================HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsmkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx[20/07/2012 13:05]Google Translate - Wemerson - Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllclebGoogle Docs - Wemerson - Default\Extensions\aohghmighlieiainnegkcijnfilokakeMeasureIt - Wemerson - Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgmaGoogle Drive - Wemerson - Default\Extensions\apdfllckaahabafndbhieahigkjlhalfTranslator - Wemerson - Default\Extensions\baphblbjhblgjocinamnmbpceogpfedoYouTube - Wemerson - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoGoogle Search - Wemerson - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfSearch by Image by Google - Wemerson - Default\Extensions\dajedkncpodkggklbegccjpmnglmnflmRead Later Fast - Wemerson - Default\Extensions\decdfngdidijkdjgbknlnepdljfaepjiVimeo™ Download Videos - Wemerson - Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdegClimatempo - Wemerson - Default\Extensions\hdpadclmjnppejbenfgklgaganbefgadAngularJS Batarang - Wemerson - Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfkHTML5 Web Development IDE - Wemerson - Default\Extensions\kheidghjolippfddjfloeinafjkcgcicNorton Identity Protection - Wemerson - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmkGoogle Wallet - Wemerson - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaFeed Intent Viewer - Wemerson - Default\Extensions\oceapojkdgeophkjdijkpbjifdnfimdhIntel\u00AE XDK - Wemerson - Default\Extensions\onmkoldigcfmebcinpmineoadckalllbGmail - Wemerson - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia==== Chrome Fix ======================C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk deleted successfully==== Deleting Registry Keys ======================HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk deleted successfully==== After Reboot ========================== Deleting Files / Folders ======================"C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx" deleted"C:\ProgramData\boost_interprocess" not deleted"C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx" not found==== EOF on 07/11/2013 at 10:28:50,76 ====================== adwcleanar # AdwCleaner v3.011 - Relatório criado 07/11/2013 às 10:57:51# Atualizado 03/11/2013 por Xplode# Sistema Operacional : Windows 8 Single Language (64 bits)# Usuário : Wemerson - WEMERSON-NOTE# Executando de : D:\Dados do PC\Wemerson\Downloads\adwcleaner.exe# Opção : Limpar***** [ Serviços ] ********** [ Arquivos / Pastas ] *****Pasta Deletada : C:\ProgramData\boost_interprocess***** [ Atalhos ] ********** [ Registro ] ********** [ Navegadores ] *****-\\ Internet Explorer v10.0.9200.16537-\\ Mozilla Firefox v25.0 (pt-BR)[ Arquivo : C:\Users\Wemerson\AppData\Roaming\Mozilla\Firefox\Profiles\lkzu9a7j.default\prefs.js ]-\\ Google Chrome v[ Arquivo : C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R3].txt - [970 octets] - [07/11/2013 10:55:43]AdwCleaner[s3].txt - [889 octets] - [07/11/2013 10:57:51]########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [948 octets] ########## JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 8 Single Language x64Ran by Wemerson on 07/11/2013 at 11:03:14,46~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry Keys~~~ Files~~~ FoldersFailed to delete: [Folder] "C:\ProgramData\boost_interprocess"~~~ FireFoxEmptied folder: C:\Users\Wemerson\AppData\Roaming\mozilla\firefox\profiles\lkzu9a7j.default\minidumps [2 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 07/11/2013 at 11:07:55,29End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 7, 2013 Boa Tarde! Spyder.RV |- Recomendo que desinstale o Chrome e instale-o novamente. |- Baixe,daqui,o setup. -/- |- Baixe: < Revo Uninstaller >|- Salve-o no desktop.|- Instale o utilitário e verifique se na tela principal aparece o programa a ser desinstalado.|- No seu caso,o Google Chrome.|- Selecione-o e clique em Desinstalar.|- Para maiores detalhes,leia o < Tutorial >A+ Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Novembro 7, 2013 Boa Tarde! Spyder.RV |- Recomendo que desinstale o Chrome e instale-o novamente. |- Baixe,daqui,o setup. -/- |- Baixe: < Revo Uninstaller > |- Salve-o no desktop. |- Instale o utilitário e verifique se na tela principal aparece o programa a ser desinstalado. |- No seu caso,o Google Chrome. |- Selecione-o e clique em Desinstalar. |- Para maiores detalhes,leia o < Tutorial > A+ Removi, e reinstalei o chrome... e os benditos "ads not from this site" continuam aparecendo! Qual o próximo passo? Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 7, 2013 Boa Tarde! Spyder.RV Removi, e reinstalei o chrome... Qual o próximo passo? |- Cuidado ao baixar extensões para o Chrome,já que algumas podem fragilizar o navegador e lançar notificações indesejadas. -/- |- Instale o MBAM: < >|- Atualize o programa!|- Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"|- Clique "Concluir".|- Escolha o escaneamento Rápido! >> Verificar!|- Desabilite programas de proteção,ao executar o malwarebytes.|- Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.|- Ps: Para determinadas infecções,o programa pedirá reboot. << Confirme!|- Ao concluir,clique em "Ok" >> "Ver Resultados" >> "Remover Selecionados".|- Poste,o relatório: mbam-log-2013-xx-xx (00-00-00).txt|- Indo à janela principal do MBAM,clique na aba Logs para obter o relatório. A+ Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Novembro 7, 2013 segue log do MBAM: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgVersão da Base de Dados: v2013.11.07.07Windows 8 x64 NTFSInternet Explorer 10.0.9200.16721Wemerson :: WEMERSON-NOTE [administrador]07/11/2013 16:15:19mbam-log-2013-11-07 (16-15-19).txtTipo de Verificação: Verificação RápidaOpções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUMOpções de verificação desativadas: P2PObjetos escaneados: 203057Tempo decorrido: 6 minuto(s), 57 segundo(s)Processos de Memória Detectados: 0(Não foram detectados ítens maliciosos)Módulos de Memória Detectados: 0(Não foram detectados ítens maliciosos)Chaves de Registro Detectadas: 0(Não foram detectados ítens maliciosos)Valores de Registro Detectadas: 0(Não foram detectados ítens maliciosos)Itens de Dados no Registro Detectadas: 0(Não foram detectados ítens maliciosos)Pastas Detectadas: 0(Não foram detectados ítens maliciosos)Arquivos Detectados: 0(Não foram detectados ítens maliciosos)(fim) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 7, 2013 Boa Tarde! Spyder.RV |- O Notebook está limpo! |- As notificações "Ad not from this site" estão sendo originadas por alguma extensão que baixou e incorporou ao Chrome. |- Recomendo desabilitar "uma á uma",em uma pesquisa manual para identificar qual a maliciosa. |- Informe os resultados! -/- |- Baixe: |DelFix| ( ... de Xplode )|- Estando na página,clique na seta verde para o download.|- Salve-a em um local conveniente! ( desktop! )|- Feche aplicativos que estejam abertos.|- Execute-a!|- Com as 3 checkbox marcadas!|- Clique "Run". A+ Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Novembro 7, 2013 Problema resolvido... removi todas as extensões e pronto! Muito obrigado pelo auxilio Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 8, 2013 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites