[Resolvido] &nbspInternet Caindo

[Luca Albuquerque 1]

Bom, formatei meu pc recentemente, e a pouco tempo, a internet começou a reiniciar do nada! SIM! Ela reinicia sozinha todos os dias, principalmente a noite, eu acho que é virus, quais os procedimentos para a verificação e remorção do problema? Após postar este topico, irei iniciar os testes com o HiJackThis e postar como resposta.

 

Log do HiJackThis

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:42:17, on 26/06/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16618)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: HomeTab - {da2e16d5-254c-4e11-8fed-2a1b201de379} - C:\Users\Luca\AppData\Roaming\HomeTab\HomeTab.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: HomeTab - {da2e16d5-254c-4e11-8fed-2a1b201de379} - C:\Users\Luca\AppData\Roaming\HomeTab\HomeTab.dll
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKLM\..\Run: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Luca\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {a9eaf767-5ae6-4b79-a213-5963c37cbae6} - C:\Users\Luca\AppData\Roaming\HomeTab\HomeTab.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GeekBuddyRSP Service (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16240 bytes

 

[DigRam 144]

Bom Dia! LucaAlbuquerque

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como

|- Ps: Dê início ao scan,clicando em "Remover". < >

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

-/-

|- Baixe: < ZHPDiag2 > ( ... de Nicolas Coolman )

|- Salve-o no desktop!

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

|- Para Windows Vista,Windows 7 e 8,clique OK ao acionar ZHPDiag Setup.

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

|- Clique no ícone do pergaminho. ( ZHPScript )

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

|- Clique em All.

|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.

|-

|- Clique em "Calendar" e escolha 30 dias!

|- Clique no botão UAC,para desabilitar essa proteção.

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Salve-o em um local conveniente! ( ZHPDiag.txt )

<< Log

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Envie-o à Pjjoint.malekal,clicando na seta azul! < >

|- Ou acesse: << Link!

|- Ou acesse: << Link!

|- Maiores informações: < |Link| >

A+

[Luca Albuquerque 1]

Segue os logs do adw

 

# AdwCleaner v2.303 - Logfile created 06/26/2013 at 13:22:01
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Luca - LUCA-PC
# Boot Mode : Normal
# Running from : C:\Users\Luca\Desktop\adwcleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
File Deleted : C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\9grtisnz.default\searchplugins\Web Search.xml
Folder Deleted : C:\Program Files (x86)\HomeTab
Folder Deleted : C:\Users\Luca\AppData\LocalLow\HomeTab
Folder Deleted : C:\Users\Luca\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\Luca\AppData\Roaming\HomeTab
Folder Deleted : C:\Users\Luca\AppData\Roaming\SimplyTech

***** [Registry] *****

Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cfd485f0-96bd-47cd-bb6d-cd7dda95f102}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (pt-BR)

File : C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\9grtisnz.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Deleted : user_pref("browser.search.order.1", "Web Search");
Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=43168&tid=4003&ver=3.4&ts=137179285[...]

*************************

AdwCleaner[s1].txt - [3225 octets] - [26/06/2013 13:22:01]

########## EOF - C:\AdwCleaner[s1].txt - [3285 octets] ##########

 

 

Segue o link o ZHPDiag2:

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20130626_y13z8z10g8y14

[DigRam 144]

Boa Tarde! Luca Albuquerque

|- Baixe: < > ( ... by Oleg N. Scherbakov )

|- Salve-o no desktop!

|- Para Windows 7,clique direito em JRT.exe e execute-o ...

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

-/-

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

[MD5.00000000000000000000000000000000] [APT] [{6E77A789-1ABB-4362-84AB-AB28DFCB8BED}] (...) -- C:\Users\Luca\Desktop\VMware-player-5.0.2-1031769.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [{99034FB3-BAB6-4980-B85C-5616970B0824}] (...) -- C:\Program Files (x86)\QuickTime Alternative\QTSystem\QuickTime.cpl" -c QuickTime (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [{A7826289-0B4F-41E4-A7DD-F620332A1877}] (...) -- G:\sp52791.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [{C865393A-7679-4A8E-8F48-60DCE859BD82}] (...) -- G:\sp52795.exe (.not file.)   [0]

O4 - HKCU\..\Run: [AdobeBridge] Orphean Key

O4 - HKUS\S-1-5-21-1497592914-3536481116-1766862959-1000\..\Run: [AdobeBridge] Orphean Key

O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office15\ONBTTN~1.dll (.not file.)

O41 - Driver:  (CFRMD) . (. - .) - C:\Windows\System32\DRIVERS\CFRMD.sys (.not file.)

O43 - CFD: 23/06/2013 - 18:58:37 - [0] --HAD C:\Users\Luca\AppData\Local\1XM4ZUY5

O53 - SMSR:HKLM\...\startupreg\715  [Key] . (...) -- C:\Users\Luca\AppData\Roaming\67456\715.js (.not file.)

O87 - FAEL: "{EA05030E-B33E-4C61-BD6D-E797635E39A4}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\HomeTab\TBUpdater.dll (.not file.)

O87 - FAEL: "{5EE5E960-FFEA-4FE8-BB5F-1A1A94DC2328}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\HomeTab\TBUpdater.dll (.not file.)

O87 - FAEL: "{13D90149-0F2E-43D0-9B77-14772AF3FDDC}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\HomeTab\TBUpdater.dll (.not file.)

O87 - FAEL: "{F7F9CCBE-1E13-4D63-9A40-19598294FB84}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\HomeTab\TBUpdater.dll (.not file.)

O87 - FAEL: "{CECC0695-6D86-4C26-8E58-057D59E6C91B}" |In - None - P17 - TRUE | .(...) -- C:\SoloApp\SoloApp.exe (.not file.)

O87 - FAEL: "{B068BE9A-B581-4179-9252-C22392A23704}" |Out - None - P17 - TRUE | .(...) -- C:\SoloApp\SoloApp.exe (.not file.)

O87 - FAEL: "{23BEBA1B-7D08-4AEC-9B46-203FD151A94E}" |In - None - P17 - TRUE | .(...) -- C:\SoloApp\WebDriver.dll (.not file.)

O87 - FAEL: "{59C86402-CE77-41F4-BADA-07631D1039B0}" |Out - None - P17 - TRUE | .(...) -- C:\SoloApp\WebDriver.dll (.not file.)

O87 - FAEL: "{E65DA5A2-FA6A-4D93-BCC3-37F309C3E163}" |In - None - P17 - TRUE | .(...) -- C:\SoloApp\chromedriver.exe (.not file.)

O87 - FAEL: "{BBA7545E-05E9-4333-9C81-3CA1BD593735}" |Out - None - P17 - TRUE | .(...) -- C:\SoloApp\chromedriver.exe (.not file.)

O87 - FAEL: "{1A2276D2-5BEF-4AF7-80BF-65F698C18180}" |In - None - P17 - TRUE | .(...) -- C:\SoloApp\IEDriverServer.exe (.not file.)

O87 - FAEL: "{09D200BF-2306-4336-AFF2-9AE2EDC6C67B}" |Out - None - P17 - TRUE | .(...) -- C:\SoloApp\IEDriverServer.exe (.not file.)


[MD5.780D14604D49E3C634200C523DEF8351] [SPRF][23/06/2013] (...) -- C:\Users\Luca\AppData\Local\Temp\bassmod.dll   [9728]


hostfix

proxyfix

emptytemp

emptyclsid

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

|- Clique no menu,"Paste ClipBoard".

|- Clique "GO" -> Oui.

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

[Luca Albuquerque 1]

Relatório JRD

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Luca on 26/06/2013 at 14:20:24,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Luca\AppData\Roaming\mozilla\firefox\profiles\9grtisnz.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/06/2013 at 14:43:36,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Relatório ZHPFix

 

 

Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013
Fichier d'export Registre :
Run by Luca at 26/06/2013 14:55:30
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Files Deleted

========== Memory Module ==========
DELETED Memory Module: C:\Users\Luca\AppData\Local\Temp\bassmod.dll

========== Registry Key ==========
DELETED Key*: CLSID Extra Buttons: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
DELETED Driver Key: CFRMD
DELETED Key*: StartupReg: 715

========== Registry Value ==========
DELETED RunValue: AdobeBridge
NOT FOUND RunValue: AdobeBridge
DELETED {EA05030E-B33E-4C61-BD6D-E797635E39A4}
DELETED {5EE5E960-FFEA-4FE8-BB5F-1A1A94DC2328}
DELETED {13D90149-0F2E-43D0-9B77-14772AF3FDDC}
DELETED {F7F9CCBE-1E13-4D63-9A40-19598294FB84}
DELETED {CECC0695-6D86-4C26-8E58-057D59E6C91B}
DELETED {B068BE9A-B581-4179-9252-C22392A23704}
DELETED {23BEBA1B-7D08-4AEC-9B46-203FD151A94E}
DELETED {59C86402-CE77-41F4-BADA-07631D1039B0}
DELETED {E65DA5A2-FA6A-4D93-BCC3-37F309C3E163}
DELETED {BBA7545E-05E9-4333-9C81-3CA1BD593735}
DELETED {1A2276D2-5BEF-4AF7-80BF-65F698C18180}
DELETED {09D200BF-2306-4336-AFF2-9AE2EDC6C67B}
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (Private) : TCP Query User{81217FCB-9E28-46A6-9BB5-0444AEDBDC78}C:\program files (x86)\orbitdownloader\orbitnet.exe
DELETED FirewallRaz (Private) : UDP Query User{78C4689C-6E16-4F4D-925D-61D89B5684B9}C:\program files (x86)\orbitdownloader\orbitnet.exe
DELETED FirewallRaz (Public) : {68995082-4DEE-4C34-B34E-FF600FE8E079}
DELETED FirewallRaz (Public) : {444C0E8A-7D99-41C5-925C-B5AD1C9B20E0}

========== Repertory ==========
No Empty CLSID Directories
DELETED Flash Cookies

========== File ==========
NOT FOUND File: c:\program files (x86)\micros~2\office15\onbttn~1.dll
NOT FOUND File: c:\users\luca\appdata\roaming\67456\715.js (.not file.)
DELETED File: c:\users\luca\appdata\local\temp\bassmod.dll
DELETED Window Temporary
DELETED Flash Cookies

========== Hosts file ==========
Hosts File not cleaned (Please Deactivate your Antivirus)

========== Task ==========
DELETED Task: {6E77A789-1ABB-4362-84AB-AB28DFCB8BED}
DELETED Task: {99034FB3-BAB6-4980-B85C-5616970B0824}
DELETED Task: {A7826289-0B4F-41E4-A7DD-F620332A1877}
DELETED Task: {C865393A-7679-4A8E-8F48-60DCE859BD82}

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
1 : Memory Module
3 : Registry Key
26 : Registry Value
2 : Repertory
5 : File
1 : Hosts file
4 : Task
1 : Restoration


End of clean in 02mn 37s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 26/06/2013 14:55:32 [2943]

[DigRam 144]

Boa Tarde! Luca Albuquerque

|- Baixe: |DelFix| ( ... de Xplode )

|- Estando na página,clique na seta verde para o download.

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

|- Execute-a!

|- Com as duas checkbox marcadas!

|- Clique "Run".

|- Tudo Ok?

|- Caso,ainda,tenha problemas,utilize a ferramenta "Complete Internet Repair".

-/-

|- Baixe: < Complete Internet Repair >

|- Extraia o conteúdo e execute o arquivo "CIntRep.exe".

|- Marque,apenas,as checkbox:

Reset Internet Protocol (TCP/IP)

Repair Winsock (Reset Catalog)

Renew Internet Connections

Flush DNS Resolver Cache

Restore the default hosts file

|- Clique "Go!".

|- Ao concluir,reinicie o computador!

|- À seguir,acesse a pasta "Complete Internet Repair" >> "Logging".

|- Duplo-clique em "CIntRep.log".

|- Poste o log resultante!

A+

[Luca Albuquerque 1]

Posso executar o combofix pra remover quaisquer arquivos maliciosos que tiverem em meu computador?

 

Segue o log pedido:

 

 

./
(o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[26/06/2013 16:03:16] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:18] TCP/IP interfaces reset successful.
[26/06/2013 16:03:19] TCP/IP v6 interfaces reset successful.
[26/06/2013 16:03:19] You may need to restart your computer for the settings to take effect.
[26/06/2013 16:03:19] Finished resetting the Internet Protocol (TCP/IP).

-----------------------------------------------------------------------------------------
[26/06/2013 16:03:19] Attempting to reset Winsock catalog, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:21] Successfully reset the Winsock Catalog.
[26/06/2013 16:03:21] Finished repairing Winsock

-----------------------------------------------------------------------------------------
[26/06/2013 16:03:21] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:23] Successfully released TCP/IP connections.

-----------------------------------------------------------------------------------------
[26/06/2013 16:03:23] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:34] Successfully renewed TCP/IP adapters.

-----------------------------------------------------------------------------------------
[26/06/2013 16:03:34] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:40] Windows Event Log Service Configured.
[26/06/2013 16:03:40] Starting the Windows Event Log Service.....
[26/06/2013 16:03:40] Windows Event Log Service Started Successfully.

-----------------------------------------------------------------------------------------
[26/06/2013 16:03:40] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:41] Successfully flushed DNS Resolver Cache.
[26/06/2013 16:03:41] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[26/06/2013 16:03:44] Registration of the DNS resource records has been initiated.
[26/06/2013 16:03:44] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[26/06/2013 16:03:44] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.

-----------------------------------------------------------------------------------------
[26/06/2013 16:03:44] Restoring the default Windows HOSTS file, Please wait.....
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:44] Writing data to the HOSTS file.....
[26/06/2013 16:03:44] HOSTS file created successfully.

-----------------------------------------------------------------------------------------
[26/06/2013 16:03:44] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[26/06/2013 16:03:46] Your computer is restarting now.....

-----------------------------------------------------------------------------------------

[DigRam 144]

Boa Tarde! Luca Albuquerque

Posso executar o combofix pra remover quaisquer arquivos maliciosos que tiverem em meu computador?

|- Não recomendo,pois trata-se de ferramenta não-generalista e que pode 'bugar' o Windows. Requerendo,com isso,reparos mais ou menos complexos.

|- Como está seu PC? Houve melhoras?

Abs!

[Luca Albuquerque 1]

Bom, as quedas são só nas partes da noite, então eu vou esperar uns 2 dias pra poder confirmar se continua ou se melhorou.

[DigRam 144]

Bom, as quedas são só nas partes da noite, então eu vou esperar uns 2 dias pra poder confirmar se continua ou se melhorou.

Ok! Mas se utilizas internet móvel,as reclamações dos consumidores são elevadas com o uso da 3G e nula com a 4G,que ainda não apresenta boa cobertura. No meu caso,utilizo Net Virtua e nunca me deparei com esse problema.

 

A+

[Luca Albuquerque 1]

Eu uso GVT, 15 MEGAS, NÃO É 3G NEM 4G.

[DigRam 144]

Eu uso GVT, 15 MEGAS, NÃO É 3G NEM 4G.

É boa! Isso não deveria estar lhe ocorrendo,à menos que esteja utilizando roteador ou compartilhando sua internet com alguns usuários.

 

A+

[Luca Albuquerque 1]

Sim Estou compartilhando, mas como falei, isso só acontece na parte da noite e da madrugada, TODOS OS DIAS!

[DigRam 144]

Sim Estou compartilhando, mas como falei, isso só acontece na parte da noite e da madrugada, TODOS OS DIAS!

Ok! Retorne daqui a dois dias e informe se os procedimentos que foram adotados,resolveram seus problemas.

 

Abs!

[Luca Albuquerque 1]

Melhorou e muito! Tanto é, que por sorte dos problemas, a rede gvt resolveu me dar 30 megas de brinde pagando 15megas pelos transtornos, afirmando que era problema na parte externa, só que foi no meu pc mesmo..

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.