Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom, formatei meu pc recentemente, e a pouco tempo, a internet começou a reiniciar do nada! SIM! Ela reinicia sozinha todos os dias, principalmente a noite, eu acho que é virus, quais os procedimentos para a verificação e remorção do problema? Após postar este topico, irei iniciar os testes com o HiJackThis e postar como resposta.
Log do HiJackThis
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 03:42:17, on 26/06/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16618) Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: HomeTab - {da2e16d5-254c-4e11-8fed-2a1b201de379} - C:\Users\Luca\AppData\Roaming\HomeTab\HomeTab.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: HomeTab - {da2e16d5-254c-4e11-8fed-2a1b201de379} - C:\Users\Luca\AppData\Roaming\HomeTab\HomeTab.dll
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKLM\..\Run: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Luca\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {a9eaf767-5ae6-4b79-a213-5963c37cbae6} - C:\Users\Luca\AppData\Roaming\HomeTab\HomeTab.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe--
End of file - 16240 bytes
Segue os logs do adw
# AdwCleaner v2.303 - Logfile created 06/26/2013 at 13:22:01
*** [services] ***
*** [Files / Folders] ***
File Deleted : C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
File Deleted : C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\9grtisnz.default\searchplugins\Web Search.xml
Folder Deleted : C:\Program Files (x86)\HomeTab
Folder Deleted : C:\Users\Luca\AppData\LocalLow\HomeTab
Folder Deleted : C:\Users\Luca\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\Luca\AppData\Roaming\HomeTab
Folder Deleted : C:\Users\Luca\AppData\Roaming\SimplyTech
*** [Registry] ***
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cfd485f0-96bd-47cd-bb6d-cd7dda95f102}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
*** [internet Browsers] ***
-\\ Internet Explorer v10.0.9200.16618
[OK] Registry is clean.
-\\ Mozilla Firefox v21.0 (pt-BR)
File : C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\9grtisnz.default\prefs.js
Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Deleted : user_pref("browser.search.order.1", "Web Search");
Deleted : user_pref("browser.search.selectedEngine", "Web Search");*************************
AdwCleaner[s1].txt - [3225 octets] - [26/06/2013 13:22:01]
########## EOF - C:\AdwCleaner[s1].txt - [3285 octets] ##########
Segue o link o ZHPDiag2:
http://pjjoint.malekal.com/files.php?read=ZHPDiag_20130626_y13z8z10g8y14
Boa Tarde! Luca Albuquerque
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/1268r49.png&key=be85c7a026af0cb092d2f868777759c6b4bd667a01f00e36e91558a667424520" alt="1268r49.png" /> > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o ... /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )
-/-
|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_silent_zps532d2db6.jpg&key=e3bca71d24a0067fad1910903f2d756650c2d526a3a3b4495f41f8a5e073328a" alt="ZHPFix_silent_zps532d2db6.jpg" />
|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".
[MD5.00000000000000000000000000000000] [APT] [{6E77A789-1ABB-4362-84AB-AB28DFCB8BED}] (...) -- C:\Users\Luca\Desktop\VMware-player-5.0.2-1031769.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{99034FB3-BAB6-4980-B85C-5616970B0824}] (...) -- C:\Program Files (x86)\QuickTime Alternative\QTSystem\QuickTime.cpl" -c QuickTime (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A7826289-0B4F-41E4-A7DD-F620332A1877}] (...) -- G:\sp52791.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C865393A-7679-4A8E-8F48-60DCE859BD82}] (...) -- G:\sp52795.exe (.not file.) [0]
O4 - HKCU\..\Run: [AdobeBridge] Orphean Key
O4 - HKUS\S-1-5-21-1497592914-3536481116-1766862959-1000\..\Run: [AdobeBridge] Orphean Key
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office15\ONBTTN~1.dll (.not file.)
O41 - Driver: (CFRMD) . (. - .) - C:\Windows\System32\DRIVERS\CFRMD.sys (.not file.)
O43 - CFD: 23/06/2013 - 18:58:37 - [0] --HAD C:\Users\Luca\AppData\Local\1XM4ZUY5
O53 - SMSR:HKLM\...\startupreg\715 [Key] . (...) -- C:\Users\Luca\AppData\Roaming\67456\715.js (.not file.)
O87 - FAEL: "{EA05030E-B33E-4C61-BD6D-E797635E39A4}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\HomeTab\TBUpdater.dll (.not file.)
O87 - FAEL: "{5EE5E960-FFEA-4FE8-BB5F-1A1A94DC2328}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\HomeTab\TBUpdater.dll (.not file.)
O87 - FAEL: "{13D90149-0F2E-43D0-9B77-14772AF3FDDC}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\HomeTab\TBUpdater.dll (.not file.)
O87 - FAEL: "{F7F9CCBE-1E13-4D63-9A40-19598294FB84}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\HomeTab\TBUpdater.dll (.not file.)
O87 - FAEL: "{CECC0695-6D86-4C26-8E58-057D59E6C91B}" |In - None - P17 - TRUE | .(...) -- C:\SoloApp\SoloApp.exe (.not file.)
O87 - FAEL: "{B068BE9A-B581-4179-9252-C22392A23704}" |Out - None - P17 - TRUE | .(...) -- C:\SoloApp\SoloApp.exe (.not file.)
O87 - FAEL: "{23BEBA1B-7D08-4AEC-9B46-203FD151A94E}" |In - None - P17 - TRUE | .(...) -- C:\SoloApp\WebDriver.dll (.not file.)
O87 - FAEL: "{59C86402-CE77-41F4-BADA-07631D1039B0}" |Out - None - P17 - TRUE | .(...) -- C:\SoloApp\WebDriver.dll (.not file.)
O87 - FAEL: "{E65DA5A2-FA6A-4D93-BCC3-37F309C3E163}" |In - None - P17 - TRUE | .(...) -- C:\SoloApp\chromedriver.exe (.not file.)
O87 - FAEL: "{BBA7545E-05E9-4333-9C81-3CA1BD593735}" |Out - None - P17 - TRUE | .(...) -- C:\SoloApp\chromedriver.exe (.not file.)
O87 - FAEL: "{1A2276D2-5BEF-4AF7-80BF-65F698C18180}" |In - None - P17 - TRUE | .(...) -- C:\SoloApp\IEDriverServer.exe (.not file.)
O87 - FAEL: "{09D200BF-2306-4336-AFF2-9AE2EDC6C67B}" |Out - None - P17 - TRUE | .(...) -- C:\SoloApp\IEDriverServer.exe (.not file.)
[MD5.780D14604D49E3C634200C523DEF8351] [SPRF][23/06/2013] (...) -- C:\Users\Luca\AppData\Local\Temp\bassmod.dll [9728]
hostfix
proxyfix
emptytemp
emptyclsid
emptyflash
firewallraz
sysrestore
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />
|- Clique no menu,"Paste ClipBoard".
|- Clique "GO" -> Oui.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />
|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
A+
Relatório JRD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Ultimate x64 Ran by Luca on 26/06/2013 at 14:20:24,00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Luca\AppData\Roaming\mozilla\firefox\profiles\9grtisnz.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/06/2013 at 14:43:36,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Relatório ZHPFix
Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013Fichier d'export Registre : Run by Luca at 26/06/2013 14:55:30 High Elevated Privileges : OK Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Recycle Files Deleted
========== Memory Module ==========
DELETED Memory Module: C:\Users\Luca\AppData\Local\Temp\bassmod.dll
========== Registry Key ==========
DELETED Key*: CLSID Extra Buttons: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
DELETED Driver Key: CFRMD
DELETED Key*: StartupReg: 715
========== Registry Value ==========
DELETED RunValue: AdobeBridge
NOT FOUND RunValue: AdobeBridge
DELETED {EA05030E-B33E-4C61-BD6D-E797635E39A4}
DELETED {5EE5E960-FFEA-4FE8-BB5F-1A1A94DC2328}
DELETED {13D90149-0F2E-43D0-9B77-14772AF3FDDC}
DELETED {F7F9CCBE-1E13-4D63-9A40-19598294FB84}
DELETED {CECC0695-6D86-4C26-8E58-057D59E6C91B}
DELETED {B068BE9A-B581-4179-9252-C22392A23704}
DELETED {23BEBA1B-7D08-4AEC-9B46-203FD151A94E}
DELETED {59C86402-CE77-41F4-BADA-07631D1039B0}
DELETED {E65DA5A2-FA6A-4D93-BCC3-37F309C3E163}
DELETED {BBA7545E-05E9-4333-9C81-3CA1BD593735}
DELETED {1A2276D2-5BEF-4AF7-80BF-65F698C18180}
DELETED {09D200BF-2306-4336-AFF2-9AE2EDC6C67B}
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (Private) : TCP Query User{81217FCB-9E28-46A6-9BB5-0444AEDBDC78}C:\program files (x86)\orbitdownloader\orbitnet.exe
DELETED FirewallRaz (Private) : UDP Query User{78C4689C-6E16-4F4D-925D-61D89B5684B9}C:\program files (x86)\orbitdownloader\orbitnet.exe
DELETED FirewallRaz (Public) : {68995082-4DEE-4C34-B34E-FF600FE8E079}
DELETED FirewallRaz (Public) : {444C0E8A-7D99-41C5-925C-B5AD1C9B20E0}
========== Repertory ==========
No Empty CLSID Directories
DELETED Flash Cookies
========== File ==========
NOT FOUND File: c:\program files (x86)\micros~2\office15\onbttn~1.dll
NOT FOUND File: c:\users\luca\appdata\roaming\67456\715.js (.not file.)
DELETED File: c:\users\luca\appdata\local\temp\bassmod.dll
DELETED Window Temporary
DELETED Flash Cookies
========== Hosts file ==========
Hosts File not cleaned (Please Deactivate your Antivirus)
========== Task ==========
DELETED Task: {6E77A789-1ABB-4362-84AB-AB28DFCB8BED}
DELETED Task: {99034FB3-BAB6-4980-B85C-5616970B0824}
DELETED Task: {A7826289-0B4F-41E4-A7DD-F620332A1877}
DELETED Task: {C865393A-7679-4A8E-8F48-60DCE859BD82}
========== Restoration ==========
Restore System Point created succefully
========== Summary ==========
1 : Memory Module
3 : Registry Key
26 : Registry Value
2 : Repertory
5 : File
1 : Hosts file
4 : Task
1 : Restoration
End of clean in 02mn 37s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 26/06/2013 14:55:32 [2943]
Boa Tarde! Luca Albuquerque
|- Baixe: |DelFix| ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/DelFix_SetaVerde.jpg&key=a562af283f81224b0096f109e2c85fcde8abae0d109a59c91160b5f99a23e243" alt="DelFix_SetaVerde.jpg" />
|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".
|- Tudo Ok?
|- Caso,ainda,tenha problemas,utilize a ferramenta "Complete Internet Repair".
-/-
|- Baixe: < Complete Internet Repair >
|- Extraia o conteúdo e execute o arquivo "CIntRep.exe".
|- Marque,apenas,as checkbox:
Reset Internet Protocol (TCP/IP)
Repair Winsock (Reset Catalog)
Renew Internet Connections
Flush DNS Resolver Cache
Restore the default hosts file
|- Clique "Go!".
|- Ao concluir,reinicie o computador!
|- À seguir,acesse a pasta "Complete Internet Repair" >> "Logging".
|- Duplo-clique em "CIntRep.log".
|- Poste o log resultante!
A+
Posso executar o combofix pra remover quaisquer arquivos maliciosos que tiverem em meu computador?
Segue o log pedido:
>
./
(o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[26/06/2013 16:03:16] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:18] TCP/IP interfaces reset successful.
[26/06/2013 16:03:19] TCP/IP v6 interfaces reset successful.
[26/06/2013 16:03:19] You may need to restart your computer for the settings to take effect.
[26/06/2013 16:03:19] Finished resetting the Internet Protocol (TCP/IP).
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:19] Attempting to reset Winsock catalog, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:21] Successfully reset the Winsock Catalog.
[26/06/2013 16:03:21] Finished repairing Winsock
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:21] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:23] Successfully released TCP/IP connections.
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:23] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:34] Successfully renewed TCP/IP adapters.
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:34] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:40] Windows Event Log Service Configured.
[26/06/2013 16:03:40] Starting the Windows Event Log Service.....
[26/06/2013 16:03:40] Windows Event Log Service Started Successfully.
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:40] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:41] Successfully flushed DNS Resolver Cache.
[26/06/2013 16:03:41] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[26/06/2013 16:03:44] Registration of the DNS resource records has been initiated.
[26/06/2013 16:03:44] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[26/06/2013 16:03:44] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:44] Restoring the default Windows HOSTS file, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:44] Writing data to the HOSTS file.....
[26/06/2013 16:03:44] HOSTS file created successfully.
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:44] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:46] Your computer is restarting now.....
-----------------------------------------------------------------------------------------
Boa Tarde! Luca Albuquerque
Posso executar o combofix pra remover quaisquer arquivos maliciosos que tiverem em meu computador?
|- Não recomendo,pois trata-se de ferramenta não-generalista e que pode 'bugar' o Windows. Requerendo,com isso,reparos mais ou menos complexos.
|- Como está seu PC? Houve melhoras?
Abs!
Bom, as quedas são só nas partes da noite, então eu vou esperar uns 2 dias pra poder confirmar se continua ou se melhorou.
Bom, as quedas são só nas partes da noite, então eu vou esperar uns 2 dias pra poder confirmar se continua ou se melhorou.
Ok! Mas se utilizas internet móvel,as reclamações dos consumidores são elevadas com o uso da 3G e nula com a 4G,que ainda não apresenta boa cobertura. No meu caso,utilizo Net Virtua e nunca me deparei com esse problema.
A+
Eu uso GVT, 15 MEGAS, NÃO É 3G NEM 4G.
Eu uso GVT, 15 MEGAS, NÃO É 3G NEM 4G.
É boa! Isso não deveria estar lhe ocorrendo,à menos que esteja utilizando roteador ou compartilhando sua internet com alguns usuários.
A+
Sim Estou compartilhando, mas como falei, isso só acontece na parte da noite e da madrugada, TODOS OS DIAS!
Sim Estou compartilhando, mas como falei, isso só acontece na parte da noite e da madrugada, TODOS OS DIAS!
Ok! Retorne daqui a dois dias e informe se os procedimentos que foram adotados,resolveram seus problemas.
Abs!
Melhorou e muito! Tanto é, que por sorte dos problemas, a rede gvt resolveu me dar 30 megas de brinde pagando 15megas pelos transtornos, afirmando que era problema na parte externa, só que foi no meu pc mesmo..
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Bom Dia! LucaAlbuquerque
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/adwcleaner_logo.jpg&key=e2bde0dd8c13fd52e18ca6fc88e8f2d73040a387059f8bc22a53202f0de6f95f" alt="adwcleaner_logo.jpg" /> > ( ... par Xplode )
|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
|- Ps: Dê início ao scan,clicando em "Remover". < /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abpXmu2U.jpg&key=ba3ca278ff9701ebe84a46dc01caabecb05660294243097bd9cdadad470fa662" alt="abpXmu2U.jpg" /> >
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acuDr4Nb.jpg&key=492da95813cfa0b62258768d3d470b9ceb78ca09dae770ecd9b6708eee1aab5e" alt="acuDr4Nb.jpg" />
|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt
-/-
|- Baixe: < ZHPDiag2 > ( ... de Nicolas Coolman )
|- Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag2.jpg&key=178ad18b812c89ff002c2f7a6a9d26b7ea0a5b5c562a6b193a3cfe4a954dd513" alt="ZHPDiag2.jpg" />
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Installation.jpg&key=96a003c16d3f0c4253ed9d913f8dbccdccf05e2d319057541335ce11db36eedb" alt="ZHPDiag_Installation.jpg" />
|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_MBRCheck.jpg&key=422695ace691aac35aeb3c90e3a6a983cfe4bf8e09e8b7c24f682693d9ed8b14" alt="ZHPDiag_MBRCheck.jpg" />
|- Para Windows Vista,Windows 7 e 8,clique OK ao acionar ZHPDiag Setup.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i72.servimg.com/u/f72/11/05/93/83/zhpdia11.png&key=4cc0a90f5e878eee4809d3b0074944cc8b05d4532bee1e0d1b4cb77ac1fae4f0" alt="zhpdia11.png" />
|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:
|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_cones.jpg&key=28df64f28f8eccaf2ff09c97b834aecbbd25cab9f58be4d67df683b802f5731a" alt="ZHPDiag_cones.jpg" />
|- Clique no ícone do pergaminho. ( ZHPScript )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Update.jpg&key=023d5cefa9a24da0bb233d6c3e9cfa2c6e9791d4b2e637615413003efcd1974c" alt="ZHPDiag_Update.jpg" />
|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_All.jpg&key=3039b3237721774c7ab0d572b8e334e5c59ce98a6435f488397e0b5452ea4640" alt="ZHPDiag_All.jpg" />
|- Clique em All.
|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.
|- /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_30days.jpg&key=4e2e7f7c08dde47e5d0f7001510ca78ffc8d42a4df5b5c0087e1aee884192fea" alt="ZHPDiag_30days.jpg" />
|- Clique em "Calendar" e escolha 30 dias!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPDiag_UAC.jpg&key=f03b919472ff9f0d8a3597cdd2980adb445695813761dfe0f41961f0b4893a7b" alt="ZHPDiag_UAC.jpg" />
|- Clique no botão UAC,para desabilitar essa proteção.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Lupa.jpg&key=8c7d977ff17da07a9b2472916401a7cf33c310788cb5a2891a5ebdc78642cd4e" alt="ZHPDiag_Lupa.jpg" />
|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Salve-o em um local conveniente! ( ZHPDiag.txt )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i72.servimg.com/u/f72/11/05/93/83/zhpdia14.png&key=8b269d618fb3b9a6eba9afc9a3986e0960954ff91267fc9678ad00a0e3d22bb9" alt="zhpdia14.png" /> << Log
|- Ps: Não poste,diretamente,esse arquivo texto.
|- Envie-o à Pjjoint.malekal,clicando na seta azul! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pjjoint-1.jpg&key=e6b4e6e3b19c50d6f2496ead0bcc87ac5ce8da02d5c381929fc5543e68ca06b0" alt="ZHPDiag_Pjjoint-1.jpg" /> >
|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> << Link!
|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abmdaZsE.jpg&key=433ccdd2cd040bd965a0b2bee3887132a2fd78ca8d607165658bf45467e220f0" alt="abmdaZsE.jpg" /> << Link!
|- Maiores informações: < |Link| >
A+