[Resolvido] &nbspInternet lenta de uma hora pra outra

[Fernando_Girotto 0]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:56:06, on 08/12/2012

De uma hora pra outra minha internet começou a ficar muito lenta, finalizei alguns processos e fechei todos os programas que poderiam estar atualizando, reiniciei a maquina, modem e router...mas não resolveu, acredito ser Malware pois faz tempo que não verifico a segurança do sistema

 

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\LOLReplay\LOLRecorder.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Hijackthis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2849856

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Firebird] C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -a

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-608476209-4032817353-492257391-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-608476209-4032817353-492257391-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Global Startup: LOLRecorder.lnk = C:\Program Files\LOLReplay\LOLRecorder.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{265FE65B-9469-4287-B28D-DB436E762BCB}: NameServer = 192.168.0.1,200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{265FE65B-9469-4287-B28D-DB436E762BCB}: NameServer = 192.168.0.1,200.204.0.10

O17 - HKLM\System\CS2\Services\Tcpip\..\{265FE65B-9469-4287-B28D-DB436E762BCB}: NameServer = 192.168.0.1,200.204.0.10

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 7695 bytes

[wings 22]

Olá Fernando_Girotto

 

 

:seta: Baixe o AdwCleaner (...de Xplode) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Clique [search]

 

*Cole o relatório apresentado

[Fernando_Girotto 0]

# AdwCleaner v2.011 - Logfile created 12/08/2012 at 15:35:28

# Updated 02/12/2012 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : Micro - MICRO-PC

# Boot Mode : Normal

# Running from : C:\Users\Micro\Downloads\AdwCleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Found : C:\Users\Micro\AppData\Roaming\Mozilla\Firefox\Profiles\rtewf8v9.default\searchplugins\Conduit.xml

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Users\Micro\AppData\Local\Conduit

Folder Found : C:\Users\Micro\AppData\LocalLow\Conduit

Folder Found : C:\Users\Micro\AppData\Roaming\Mozilla\Firefox\Profiles\rtewf8v9.default\Smartbar

 

***** [Registry] *****

 

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\PIP

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2849856

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\Software\PIP

Key Found : HKU\S-1-5-21-608476209-4032817353-492257391-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849856

 

-\\ Mozilla Firefox v16.0.2 (pt-BR)

 

Profile name : default

File : C:\Users\Micro\AppData\Roaming\Mozilla\Firefox\Profiles\rtewf8v9.default\prefs.js

 

Found : user_pref("CT2849856.1000234.TWC_TMP_city", "SAO PAULO");

Found : user_pref("CT2849856.1000234.TWC_TMP_country", "BR");

Found : user_pref("CT2849856.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT2849856.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT2849856.FirstTime", "true");

Found : user_pref("CT2849856.FirstTimeFF3", "true");

Found : user_pref("CT2849856.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]

Found : user_pref("CT2849856.UserID", "UN53223496518817377");

Found : user_pref("CT2849856.addressBarTakeOverEnabledInHidden", "true");

Found : user_pref("CT2849856.autoDisableScopes", -1);

Found : user_pref("CT2849856.browser.search.defaultthis.engineName", true);

Found : user_pref("CT2849856.cbcountry_001", "BR");

Found : user_pref("CT2849856.cbfirsttime", "Sun Oct 28 2012 11:08:56 GMT-0200");

Found : user_pref("CT2849856.embeddedsData", "[{\"appId\":\"129349797096062685\",\"apiPermissions\":{\"cross[...]

Found : user_pref("CT2849856.enableAlerts", "always");

Found : user_pref("CT2849856.enableSearchFromAddressBar", "true");

Found : user_pref("CT2849856.firstTimeDialogOpened", "true");

Found : user_pref("CT2849856.fixPageNotFoundError", "true");

Found : user_pref("CT2849856.fixPageNotFoundErrorInHidden", "true");

Found : user_pref("CT2849856.fixUrls", true);

Found : user_pref("CT2849856.installId", "fftD00E.tmp.exe");

Found : user_pref("CT2849856.installType", "XPE");

Found : user_pref("CT2849856.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT2849856.isNewTabEnabled", true);

Found : user_pref("CT2849856.isPerformedSmartBarTransition", "true");

Found : user_pref("CT2849856.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT2849856.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Found : user_pref("CT2849856.keyword", true);

Found : user_pref("CT2849856.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.co[...]

Found : user_pref("CT2849856.openThankYouPage", "true");

Found : user_pref("CT2849856.openUninstallPage", "FALSE");

Found : user_pref("CT2849856.scriptSource", "hxxp://127.0.0.1:10000/gui/");

Found : user_pref("CT2849856.search.searchAppId", "129349797096062685");

Found : user_pref("CT2849856.search.searchCount", "0");

Found : user_pref("CT2849856.searchInNewTabEnabledInHidden", "true");

Found : user_pref("CT2849856.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT2849856.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT2849856.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]

Found : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT2849856.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Found : user_pref("CT2849856.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1351429733291");

Found : user_pref("CT2849856.serviceLayer_services_appsMetadata_lastUpdate", "1351429733299");

Found : user_pref("CT2849856.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1351429735211");

Found : user_pref("CT2849856.serviceLayer_services_login_10.10.27.6_lastUpdate", "1351429736464");

Found : user_pref("CT2849856.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1351429735270");

Found : user_pref("CT2849856.serviceLayer_services_searchAPI_lastUpdate", "1351429731716");

Found : user_pref("CT2849856.serviceLayer_services_serviceMap_lastUpdate", "1351429730876");

Found : user_pref("CT2849856.serviceLayer_services_toolbarContextMenu_lastUpdate", "1351429734514");

Found : user_pref("CT2849856.serviceLayer_services_toolbarSettings_lastUpdate", "1351429731538");

Found : user_pref("CT2849856.serviceLayer_services_translation_lastUpdate", "1351429733461");

Found : user_pref("CT2849856.settingsINI", true);

Found : user_pref("CT2849856.shouldFirstTimeDialog", "false");

Found : user_pref("CT2849856.smartbar.CTID", "CT2849856");

Found : user_pref("CT2849856.smartbar.Uninstall", "0");

Found : user_pref("CT2849856.smartbar.homepage", true);

Found : user_pref("CT2849856.smartbar.toolbarName", "BittorrentBar_PT ");

Found : user_pref("CT2849856.startPage", "TRUE");

Found : user_pref("CT2849856.toolbarBornServerTime", "28-10-2012");

Found : user_pref("CT2849856.toolbarCurrentServerTime", "28-10-2012");

Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2849856&SearchSource=1[...]

Found : user_pref("Smartbar.ConduitSearchEngineList", "BittorrentBar_PT Customized Web Search");

Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849856[...]

Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT2849856");

Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2849856&SearchSource=13");

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849856&SearchSource=2&q=[...]

 

-\\ Google Chrome v23.0.1271.95

 

File : C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [7800 octets] - [08/12/2012 15:35:28]

 

########## EOF - C:\AdwCleaner[R1].txt - [7860 octets] ##########

[wings 22]

:seta: Execute o AdwCleaner. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Delete]. O PC será reiniciado para a completa remoção. Clique [OK] para reiniciar.

 

*Cole o relatório apresentado após a reinicialização

 

 

:seta: Baixe o ZHPDiag_silent (...de H3RV3) e salve-o no Desktop (Área de Trabalho)

 

*Mantenha-se conectado a internet

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Aguarde o download e a execução do programa

 

*Ao término uma janela contendo um link surgirá. Clique [Copier] e cole o link.

 

[Fernando_Girotto 0]

ADWCLEANER

 

 

# AdwCleaner v2.011 - Logfile created 12/08/2012 at 20:49:16

# Updated 02/12/2012 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : Micro - MICRO-PC

# Boot Mode : Normal

# Running from : C:\Users\Micro\Downloads\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Users\Micro\AppData\Roaming\Mozilla\Firefox\Profiles\rtewf8v9.default\searchplugins\Conduit.xml

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Users\Micro\AppData\Local\Conduit

Folder Deleted : C:\Users\Micro\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Micro\AppData\Roaming\Mozilla\Firefox\Profiles\rtewf8v9.default\Smartbar

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849856

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\Software\PIP

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849856 --> hxxp://www.google.com

 

-\\ Mozilla Firefox v16.0.2 (pt-BR)

 

Profile name : default

File : C:\Users\Micro\AppData\Roaming\Mozilla\Firefox\Profiles\rtewf8v9.default\prefs.js

 

Deleted : user_pref("CT2849856.1000234.TWC_TMP_city", "SAO PAULO");

Deleted : user_pref("CT2849856.1000234.TWC_TMP_country", "BR");

Deleted : user_pref("CT2849856.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2849856.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT2849856.FirstTime", "true");

Deleted : user_pref("CT2849856.FirstTimeFF3", "true");

Deleted : user_pref("CT2849856.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]

Deleted : user_pref("CT2849856.UserID", "UN53223496518817377");

Deleted : user_pref("CT2849856.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT2849856.autoDisableScopes", -1);

Deleted : user_pref("CT2849856.browser.search.defaultthis.engineName", true);

Deleted : user_pref("CT2849856.cbcountry_001", "BR");

Deleted : user_pref("CT2849856.cbfirsttime", "Sun Oct 28 2012 11:08:56 GMT-0200");

Deleted : user_pref("CT2849856.embeddedsData", "[{\"appId\":\"129349797096062685\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT2849856.enableAlerts", "always");

Deleted : user_pref("CT2849856.enableSearchFromAddressBar", "true");

Deleted : user_pref("CT2849856.firstTimeDialogOpened", "true");

Deleted : user_pref("CT2849856.fixPageNotFoundError", "true");

Deleted : user_pref("CT2849856.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT2849856.fixUrls", true);

Deleted : user_pref("CT2849856.installId", "fftD00E.tmp.exe");

Deleted : user_pref("CT2849856.installType", "XPE");

Deleted : user_pref("CT2849856.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2849856.isNewTabEnabled", true);

Deleted : user_pref("CT2849856.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT2849856.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT2849856.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT2849856.keyword", true);

Deleted : user_pref("CT2849856.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.co[...]

Deleted : user_pref("CT2849856.openThankYouPage", "true");

Deleted : user_pref("CT2849856.openUninstallPage", "FALSE");

Deleted : user_pref("CT2849856.scriptSource", "hxxp://127.0.0.1:10000/gui/");

Deleted : user_pref("CT2849856.search.searchAppId", "129349797096062685");

Deleted : user_pref("CT2849856.search.searchCount", "0");

Deleted : user_pref("CT2849856.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT2849856.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2849856.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT2849856.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]

Deleted : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT2849856.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Deleted : user_pref("CT2849856.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1351429733291");

Deleted : user_pref("CT2849856.serviceLayer_services_appsMetadata_lastUpdate", "1351429733299");

Deleted : user_pref("CT2849856.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1351429735211");

Deleted : user_pref("CT2849856.serviceLayer_services_login_10.10.27.6_lastUpdate", "1351429736464");

Deleted : user_pref("CT2849856.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1351429735270");

Deleted : user_pref("CT2849856.serviceLayer_services_searchAPI_lastUpdate", "1351429731716");

Deleted : user_pref("CT2849856.serviceLayer_services_serviceMap_lastUpdate", "1351429730876");

Deleted : user_pref("CT2849856.serviceLayer_services_toolbarContextMenu_lastUpdate", "1351429734514");

Deleted : user_pref("CT2849856.serviceLayer_services_toolbarSettings_lastUpdate", "1351429731538");

Deleted : user_pref("CT2849856.serviceLayer_services_translation_lastUpdate", "1351429733461");

Deleted : user_pref("CT2849856.settingsINI", true);

Deleted : user_pref("CT2849856.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT2849856.smartbar.CTID", "CT2849856");

Deleted : user_pref("CT2849856.smartbar.Uninstall", "0");

Deleted : user_pref("CT2849856.smartbar.homepage", true);

Deleted : user_pref("CT2849856.smartbar.toolbarName", "BittorrentBar_PT ");

Deleted : user_pref("CT2849856.startPage", "TRUE");

Deleted : user_pref("CT2849856.toolbarBornServerTime", "28-10-2012");

Deleted : user_pref("CT2849856.toolbarCurrentServerTime", "28-10-2012");

Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2849856&SearchSource=1[...]

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "BittorrentBar_PT Customized Web Search");

Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849856[...]

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2849856");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2849856&SearchSource=13");

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849856&SearchSource=2&q=[...]

 

-\\ Google Chrome v23.0.1271.95

 

File : C:\Users\Micro\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [7929 octets] - [08/12/2012 15:35:28]

AdwCleaner[s1].txt - [7918 octets] - [08/12/2012 20:49:16]

 

########## EOF - C:\AdwCleaner[s1].txt - [7978 octets] ##########

 

Eu não consegui copiar o link pois foi exibida uma mensagem de erro "Envoie du repport impossible"

[wings 22]

OK.

 

 

:seta: Delete os programas ZHPDiag_silent, ZHPDiag, ZHPFix, MBRCheck e o arquivo ZHPDiag.txt localizados no Desktop (Área de Trabalho)

 

*Delete a pasta C:\ZHP e o arquivo C:\PhysicalDisk0_MBR.bin

 

 

:seta: Baixe o OTL (...de Old_Timer) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Selecione:

Verificar All Users

Ignorar Arquivos Microsoft

Verificar Lop

Verificar Purity

 

 

*Clique [Verificar]

 

 

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

 

 

:veja: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

 

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

 

*Repita o procedimento para o relatório Extras.txt e cole o link

[Fernando_Girotto 0]

OTL: http://mydoc.tk/3/5463OTL.Txt

EXTRAS: http://mydoc.tk/3/1641Extras.Txt

[wings 22]

:seta:/> Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções

 

:OTL

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Micro\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Micro\AppData\Local\Temp\catchme.sys -- (catchme)

 

:Commands

[emptytemp]

 

*Clique [Consertar]

 

 

*Clique [OK] para reiniciar o PC

 

 

*Cole o relatório apresentado após a inicialização do Windows e informe se foi resolvido

[Fernando_Girotto 0]

All processes killed

========== OTL ==========

Error: No service named mbr was found to stop!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mbr deleted successfully.

File C:\Users\Micro\AppData\Local\Temp\mbr.sys not found.

Service catchme stopped successfully!

Service catchme deleted successfully!

File C:\Users\Micro\AppData\Local\Temp\catchme.sys not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Micro

->Temp folder emptied: 789726 bytes

->Temporary Internet Files folder emptied: 14802447 bytes

->Java cache emptied: 23992 bytes

->FireFox cache emptied: 65633031 bytes

->Google Chrome cache emptied: 79821985 bytes

->Flash cache emptied: 728 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Todos os Usuários

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 19232 bytes

RecycleBin emptied: 176326140 bytes

 

Total Files Cleaned = 322,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 12092012_110241

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

Ainda não foi resolvido...a internet continua lenta em todos os pc's da rede, inclusive o meu..

Nota: Eu percebi que quando reseto a conexão no meu pc (Seja desativando o adaptador de rede ou retirando e colocando o cabo), a conexão volta a velocidade normal, mas em cerca de 5 minutos, volta a ficar lenta

[wings 22]

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Limpeza] > [OK]

 

*O PC será reiniciado

 

 

:seta: Abra o Windows Explorer

 

*Clique Área de Trabalho > Organizar > Opções de pasta e pesquisa > [Modo de Exibição]

 

*Selecione Não mostrar arquivos, pastas ou unidades ocultas

 

*Clique [Aplicar] > [OK]

 

 

:seta: Baixe o Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Aguarde a instalação, aceite o contrato e clique [start]

 

 

 

*Clique

 

 

*Acrescente na pesquisa Meu computador

 

 

 

*Clique

 

 

*Clique [start scanning]

 

*Durante o scan, janelas surgirão.

 

*Caso encontre algo, selecione Apply to all objects e clique [skip]

 

 

 

 

 

 

*Ao término, clique

 

 

*Clique Detected threats > [save] e salve no desktop como log.txt

 

*Cole o relatório log.txt salvo no desktop

[Fernando_Girotto 0]

Sem ameaças encontradas...o unico report que teve foi do scan automático

[wings 22]

Seu problema não tem relação com malwares.

 

Entre em contato com seu provedor para saber se há problemas.

 

Você pode tbm tentar mudar os DNS's do PC e do roteador.

 

 

:seta: Delete o Kaspersky Virus Removal Tool e seu relatório.

 

 

Um abraço.

[Fernando_Girotto 0]

Obrigado pela ajuda, wings ;)

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.