Passos Para Remover Adware
7
Faça o download do OTL by OldTimer, e salve na sua área de trabalho: http://oldtimer.geekstogo.com/OTL.exe ** Usuários do Windows Vista e Windows 7/8: Clique com o direito sobre o arquivo OTL.exe, depois clique em . Onde diz Saída, marque Padrão Marque também estas opções: Data de Criação -> mude para 90 dias Usar WhiteList para Nomes de Companhias. Ignorar Arquivos Microsoft Verificar Lop Verificar Purity Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar CREATERESTOREPOINT netsvcs %SYSTEMDRIVE%\*.* %systemdrive%\drivers\*.exe %systemroot%\system32\drivers\*.* /90 %PROGRAMFILES%(x86)\*.* %LOCALAPPDATA%\*.exe %LOCALAPPDATA%\*.txt %LOCALAPPDATA%\*.ini %LOCALAPPDATA%\*.dll %LOCALAPPDATA%\*.dat %USERPROFILE%\*.exe %USERPROFILE%\*.txt %USERPROFILE%\*.ini %USERPROFILE%\*.dll %USERPROFILE%\*.dat /30 %systemroot%\Fonts\*.dll %systemroot%\Fonts\*.ini %systemroot%\Fonts\*.ini2 %systemroot%\Fonts\*.com %systemroot%\*.scr %appdata%\*.* %programdata%\*.* %programdata%\*.exe /s %programdata%\*.dll /s %PROGRAMFILES%\Internet Explorer\*.* C:\windows\system32\Tasks\*.* /64 %windir%\tasks\*.* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ Connections HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
-
Upload
rodolfo-torres -
Category
Documents
-
view
214 -
download
1
description
Passos Para Remover Adware
Transcript of Passos Para Remover Adware
Faa o download doOTLby OldTimer, e salve na sua rea de trabalho:http://oldtimer.geekstogo.com/OTL.exe
** Usurios do Windows Vista e Windows 7/8:Clique com o direito sobre o arquivo OTL.exe, depois clique em.
Onde dizSada, marquePadroMarque tambm estas opes: Data de Criao-> mude para 90 dias Usar WhiteList para Nomes de Companhias. Ignorar Arquivos Microsoft Verificar Lop Verificar PuritySelecione estas linhas emvermelho, clique com o direito sobre a seleo, e escolha a opocopiar
CREATERESTOREPOINTnetsvcs%SYSTEMDRIVE%\*.*%systemdrive%\drivers\*.exe%systemroot%\system32\drivers\*.* /90%PROGRAMFILES%(x86)\*.*%LOCALAPPDATA%\*.exe%LOCALAPPDATA%\*.txt%LOCALAPPDATA%\*.ini%LOCALAPPDATA%\*.dll%LOCALAPPDATA%\*.dat%USERPROFILE%\*.exe%USERPROFILE%\*.txt%USERPROFILE%\*.ini%USERPROFILE%\*.dll%USERPROFILE%\*.dat /30%systemroot%\Fonts\*.dll%systemroot%\Fonts\*.ini%systemroot%\Fonts\*.ini2%systemroot%\Fonts\*.com%systemroot%\*.scr%appdata%\*.*%programdata%\*.*%programdata%\*.exe /s%programdata%\*.dll /s%PROGRAMFILES%\Internet Explorer\*.*C:\windows\system32\Tasks\*.* /64%windir%\tasks\*.*HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AssociationsHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AttachmentsHKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /sHKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPHKCU\Software\Microsoft\Internet Explorer\Downloads%systemdrive%\$Recycle.Bin|@;true;true;true /fp/md5startservices.*/md5stop
Volte ao programa, clique com o direito em qualquer parte branca da sessoExames Personalizados/Correese escolhacolar
Clique no boto
O OTL comear a examinar seu computador. No interrompa o processo e nem use outras janelas at que ele termine.
No modifique nenhuma outra configurao, a menos que tenha sido orientado (a) a fazer isso.
O exame demora um pouco, tenha pacincia.
Quando terminar, dois blocos de notas sero exibidos:OTL.txteExtras.txtAmbos ficaro salvos dentro do mesmo diretrio onde est oOTL.exe, ou seja, na sua rea de trabalho.
Copie todo o contedo doOTL.txte cole na sua resposta.Anexeo arquivoExtras.txt
OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar eanexe-os sua resposta.
Ol,
1)
Selecione estas linhas dentro do CODE, clique com o direito sobre a seleo e escolha a opocopiar
OBS:Certifique-se de copiar comeando pela letra e sinal de dois pontos ": O" de OTL.:OTLPRC - [2013/05/08 19:58:46 | 000,087,240 | ---- | M] (PSafe S.A.) -- C:\Program Files (x86)\PSafe\PSafeWDS.exePRC - [2013/05/08 19:58:44 | 002,820,296 | ---- | M] (PSafe) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exePRC - [2013/05/08 19:58:44 | 000,262,856 | ---- | M] (PSafe S.A.) -- C:\Program Files (x86)\PSafe\PSafeWD.exePRC - [2013/05/08 19:58:42 | 001,244,360 | ---- | M] (PSafe S/A) -- C:\Program Files (x86)\PSafe\PSafesvc.exePRC - [2013/05/08 19:39:36 | 002,182,344 | ---- | M] (PSafe S.A.) -- C:\Program Files (x86)\PSafe\Protege\psprotegesvc.exePRC - [2013/05/08 19:39:34 | 005,318,344 | ---- | M] (PSafe S.A.) -- C:\Program Files (x86)\PSafe\Protege\psprotege.exePRC - [2013/05/08 19:34:44 | 000,371,912 | ---- | M] (PSafe S/A) -- C:\Program Files (x86)\PSafe\SearchDesk\psSearchDesk.exePRC - [2013/05/08 19:33:30 | 003,576,832 | R--- | M] (PSafe Tecnologia S.A.) -- C:\Program Files (x86)\PSafe\ClikSeguro\PsClikSeguro.exeRV - [2013/05/08 19:58:44 | 000,262,856 | ---- | M] (PSafe S.A.) [Auto | Running] -- C:\Program Files (x86)\PSafe\PSafeWD.exe -- (PSafeWD)SRV - [2013/05/08 19:58:42 | 001,244,360 | ---- | M] (PSafe S/A) [Auto | Running] -- C:\Program Files (x86)\PSafe\PSafesvc.exe -- (PSafeSVC)SRV - [2013/05/08 19:39:36 | 002,182,344 | ---- | M] (PSafe S.A.) [Auto | Running] -- C:\Program Files (x86)\PSafe\Protege\psprotegesvc.exe -- (PSProtegeSVC)SRV - [2013/05/08 19:33:30 | 003,576,832 | R--- | M] (PSafe Tecnologia S.A.) [On_Demand | Running] -- C:\Program Files (x86)\PSafe\ClikSeguro\PsClikSeguro.exe -- (PsClikSeguro)DRV:[b]64bit:[/b] - [2013/01/17 21:07:36 | 000,288,688 | R--- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360FltOEM.sys -- (360FltOEM)IE - HKCU\..\URLSearchHook: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - No CLSID value foundIE - HKCU\..\SearchScopes,DefaultScope = {92001F8A-C36B-473A-91E7-5BE0C81CF2B3}IE - HKCU\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}CHR - Extension: Lyrics Finder = C:\Users\Robson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll (Nijad Software)O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [PSafeTray] C:\Program Files (x86)\PSafe\PSafeSysTray.exe (PSafe)O4 - HKLM..\Run: [PSafeWDS] C:\Program Files (x86)\PSafe\PSafeWDS.exe (PSafe S.A.)O4 - HKLM..\Run: [Yahoo Messenger] File not foundO10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PsClikS64.dll (PSafe Tecnologia S.A.)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PsClikS64.dll (PSafe Tecnologia S.A.)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PsClikS64.dll (PSafe Tecnologia S.A.)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PsClikS64.dll (PSafe Tecnologia S.A.)O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PsClikS64.dll (PSafe Tecnologia S.A.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\PsClikS.dll (PSafe Tecnologia S.A.)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\PsClikS.dll (PSafe Tecnologia S.A.)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\PsClikS.dll (PSafe Tecnologia S.A.)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\PsClikS.dll (PSafe Tecnologia S.A.)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\PsClikS.dll (PSafe Tecnologia S.A.)O33 - MountPoints2\{acd03b69-5e83-11e1-b604-0090f5a8c07c}\Shell - "" = AutoRunO33 - MountPoints2\{acd03b69-5e83-11e1-b604-0090f5a8c07c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a[2013/05/16 20:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFinder[2013/05/09 23:03:08 | 000,000,000 | ---D | C] -- C:\Users\Robson\AppData\Local\PSafe[2013/05/09 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\Robson\AppData\Local\cache[2013/05/09 23:02:46 | 000,382,976 | R--- | C] (PSafe Tecnologia S.A.) -- C:\Windows\SysNative\PsClikS64.dll[2013/05/09 23:02:46 | 000,322,560 | R--- | C] (PSafe Tecnologia S.A.) -- C:\Windows\SysWow64\PsClikS.dll[2013/04/10 23:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSafe2013/03/14 19:25:32 | 000,288,688 | R--- | C] (360.cn) -- C:\Windows\SysNative\drivers\360FltOEM.sys[2013/03/14 19:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSafe[2013/03/14 19:22:38 | 000,000,000 | ---D | C] -- C:\Users\Robson\AppData\Roaming\AnySend[2013/03/14 19:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AnySend[2013/03/14 19:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PSafe[2013/05/20 09:12:32 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job[2013/05/19 12:21:23 | 000,000,182 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat[2013/05/15 10:45:50 | 000,001,389 | ---- | C] () -- C:\Users\Robson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk[2013/03/14 19:25:43 | 000,000,000 | ---D | M] -- C:\Users\Robson\AppData\Roaming\AnySend[2013/05/16 20:37:25 | 000,003,514 | ---- | M] () -- C:\Windows\SysNative\Tasks\DealPly[2013/05/16 20:37:23 | 000,003,368 | ---- | M] () -- C:\Windows\SysNative\Tasks\DealPlyUpdate[2013/05/16 20:38:17 | 000,003,234 | ---- | M] () -- C:\Windows\SysNative\Tasks\DSite[2013/05/16 20:38:18 | 000,003,064 | ---- | M] () -- C:\Windows\SysNative\Tasks\Lyrics Finder Update2013/05/20 09:12:26 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DSite.job
:reg[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]"DefaultConnectionSettings"=hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,\00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,\01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00"SavedLegacySettings"=hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,\00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,\00,00,c0,a8,83,41,00,00,00,00,00,00,00,00
:Filesipconfig /flushdns /c
:Commands[createrestorepoint][purity][emptytemp]Execute oOTL.exe
Clique com o direito em qualquer parte branca, da sessoExames Personalizados/Correese escolha a opocolar
FecheTODASas janelas (exceto o prprio OTL).Clique no boto
O programa executar o script e reiniciar o seu computador.Quando o Windows for carregado, o OTL ser executado automaticamente. Permita a sua execuo.Um bloco de notas ser aberto, contendo algumas informaes.Copie TODO o contedo deste bloco de notas e cole na sua resposta.
Uma cpia deste log ficar armazenado na pasta C:\_OTL\MovedFilescom o nome no seguinte formatodata_hora.log.
Exemplo: 03142010_145545.log
2)
Poste um novo log do HijackThis.
