Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa tarde.
De umas duas semanas pra cá, minha internet anda apresentando um ping MUITO alto e uma perca de pacotes também muito alta, tentei passar CCleaner, Spybot, etc, mas nada resolveu o problema.
Ao tentar entrar em contato com o provedor (Provedor privado da minha cidade, atende só a região. O nome do provedor é cednet) me disseram que meu IP estava fazendo download direto desde a hora que liguei o computador. Procurei finalizar todos os programas que aparentemente fariam o uso do download mas o problema continua o mesmo.
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.pingtest.net/result/75965674.png&key=bb7bc79962f848924430808857f413464f53c6763e8472e7b26cc33cba46464b" alt="75965674.png" />
Segue abaixo o log do Hijackthis;
>
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:03:47, on 22/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Users\Mordokay\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\Mordokay\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Mordokay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nvvtray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Users\Mordokay\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Windows\Mailprogramma.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mordokay\Downloads\HiJackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: continuetosave - {420B36B0-B08F-4089-0B09-A43019778E1B} - C:\ProgramData\continuetosave\50ec875f32ec4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: continuetosave - {C76A919A-3363-74DF-DEFA-861F6A165700} - C:\ProgramData\continuetosave\50ec8850af6f1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files (x86)\RegTweaker\key.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Mailprogramma] "C:\WINDOWS\Mailprogramma.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Mordokay\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Mordokay\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent (User '?')
O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [Facebook Update] "C:\Users\Mordokay\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User '?')
O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [AdobeBridge] (User '?')
O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [Akamai NetSession Interface] "C:\Users\Mordokay\AppData\Local\Akamai\netsession_win.exe" (User '?')
O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart (User '?')
O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED (User '?')
O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [PlayNC Launcher] (User '?')
O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (User '?')
O4 - S-1-5-21-1259735272-1309442587-1603270946-1000 Startup: Dropbox.lnk = Mordokay\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')
O4 - S-1-5-21-1259735272-1309442587-1603270946-1000 Startup: nvvtray.exe (User '?')
O4 - Startup: Dropbox.lnk = Mordokay\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: nvvtray.exe
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mordokay\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mordokay\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mordokay\Desktop\PartyPoker.lnk
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB227CA7-0154-4A42-A5B2-B806E25B93CC}: NameServer = 192.168.31.253,186.201.201.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll c:\windows\syswow64\nvinit.dll c:\progra~2\contin~1\sprote~1.dll c:\progra~2\softqu~1\sprote~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files (x86)\xampp\apache\bin\httpd.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: GSService - Unknown owner - C:\Windows\SysWOW64\GSService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe--
End of file - 17221 bytes
Olá Wings, feito como você pediu, aqui se encontra o relatório do MalwareBytes
>
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Versão da Base de Dados: v2013.01.22.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mordokay :: MORDOKAY-PC [administrador]
22/01/2013 15:11:36
mbam-log-2013-01-22 (15-11-36).txt
Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 243558
Tempo decorrido: 5 minuto(s), 45 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 2
C:\Users\Mordokay\Downloads\daemon-tools-lite-44610327-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.
C:\Users\Mordokay\AppData\Local\Temp\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
Baixe o http://oldtimer.geekstogo.com/OTL.exe'>OTL (...de Old_Timer) e salve-o no Desktop (Área de Trabalho)
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Selecione:
Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity
http://imgbox.com/adzi0S6A'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adzi0S6A.jpg&key=3b41a21d3c1e478bfb4a3ccc2e75dc863fb365d930ca02c17a6de021d7396744" alt="adzi0S6A.jpg" />
*Clique [Verificar]
http://imgbox.com/acsbhsEE'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acsbhsEE.jpg&key=02ca13f2437685d130a9f79e14ab4e5378ff06b688a2eaeab28fae199a4cb0d9" alt="acsbhsEE.jpg" />
*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)
:veja: Acesse http://www.1fichier.com/en/'>este link
*Clique [selecionar arquivo...]
*Localize o arquivo OTL.txt e clique [Abrir]
*Clique novamente em [selecionar arquivo...]
*Localize o arquivo Extras.txt e clique [Abrir]
*Clique [send] e cole os links gerados abaixo de Download link
*Clique [send] e cole os links gerados abaixo de Download link
:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Selecione Verificar All Users
*Clique [Nenhum]
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acsbhsEE.jpg&key=02ca13f2437685d130a9f79e14ab4e5378ff06b688a2eaeab28fae199a4cb0d9" alt="acsbhsEE.jpg" />
*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções
/md5start
services.exe
/md5stop
*Clique [Verificar]
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acsbhsEE.jpg&key=02ca13f2437685d130a9f79e14ab4e5378ff06b688a2eaeab28fae199a4cb0d9" alt="acsbhsEE.jpg" />
*Cole o relatório apresentado
>
:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Selecione Verificar All Users
*Clique [Nenhum]
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acsbhsEE.jpg&key=02ca13f2437685d130a9f79e14ab4e5378ff06b688a2eaeab28fae199a4cb0d9" alt="acsbhsEE.jpg" />
*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções
/md5start
services.exe
/md5stop
*Clique [Verificar]
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acsbhsEE.jpg&key=02ca13f2437685d130a9f79e14ab4e5378ff06b688a2eaeab28fae199a4cb0d9" alt="acsbhsEE.jpg" />
*Cole o relatório apresentado
Aqui está o relatório;
>
OTL logfile created on: 22/01/2013 16:12:21 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mordokay\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
7,92 Gb Total Physical Memory | 4,66 Gb Available Physical Memory | 58,89% Memory free
15,83 Gb Paging File | 12,24 Gb Available in Paging File | 77,32% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,42 Gb Total Space | 20,73 Gb Free Space | 5,57% Space Free | Partition Type: NTFS
Drive D: | 223,22 Gb Total Space | 8,13 Gb Free Space | 3,64% Space Free | Partition Type: NTFS
Drive H: | 3,72 Gb Total Space | 0,66 Gb Free Space | 17,89% Space Free | Partition Type: FAT32
Computer Name: MORDOKAY-PC | User Name: Mordokay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< MD5 for: SERVICES.EXE >
[2009/07/13 23:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/13 23:39:37 | 000,329,216 | ---- | M] (Microsoft Corporation) MD5=50BEA589F7D7958BDD2528A8F69D05CC -- C:\Windows\SysNative\services.exe
< End of report >
Há muita contaminação no PC.
Vamos resolver.... :)
Baixe o ESETSirefefEVCleaner e salve-o no Desktop (Área de Trabalho)
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Tecle y
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adk1DuoC.jpg&key=dc9c076c77515211c5cde9c93ca515824d3c456f60cdbe211cebd71933f3890d" alt="adk1DuoC.jpg" />
*Tecle ENTER
http://imgbox.com/abs0dcl3'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abs0dcl3.jpg&key=b4946813f9970eff2b9ef24f612109f5300fdf053e68de1c1195ddacce72cb66" alt="abs0dcl3.jpg" />
*O PC será reiniciado e o programa será executado novamente.
*Tecle ENTER
*O PC será reiniciado novamente
:seta: Acesse este link
*Clique [selecionar arquivo...]
*Localize o arquivo SirefefFix.txt criado na pasta CC Suport localizada no Desktop (Área de Trabalho)
*Clique [Abrir]
*Clique [send] e cole os links gerados abaixo de Download link
>
Há muita contaminação no PC.
Vamos resolver.... :)
Sério?
Isso que dá usar o Computador muito tempo sem nenhum tipo de manutenção, hahahaha.
Enfim, segue o link do relatório do ESETSirefefEVCleaner ;
Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções
:Files
C:\Windows\Installer\{c51f4fce-2438-40c6-b21d-047bf4ce6448}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f /c
ipconfig /flushdns /c
netsh winsock reset catalog /c
:Commands
[emptytemp]
*Clique [Consertar]
http://imgbox.com/acsbhsEE'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acsbhsEE.jpg&key=02ca13f2437685d130a9f79e14ab4e5378ff06b688a2eaeab28fae199a4cb0d9" alt="acsbhsEE.jpg" />
*Clique [OK] para reiniciar o PC
http://imgbox.com/aalOzPIh'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/aalOzPIh.jpg&key=b60829b1c552995228f25ad60d06948cf771248d0ea4759dab77768248fa8a2a" alt="aalOzPIh.jpg" />
*Cole o relatório apresentado após a inicialização do Windows
Tá aqui o relatório;
>
All processes killed
========== FILES ==========
C:\Windows\Installer\{c51f4fce-2438-40c6-b21d-047bf4ce6448}\U folder moved successfully.
C:\Windows\Installer\{c51f4fce-2438-40c6-b21d-047bf4ce6448}\L folder moved successfully.
C:\Windows\Installer\{c51f4fce-2438-40c6-b21d-047bf4ce6448} folder moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
< reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f /c >
A operação foi concluída com êxito.
C:\Users\Mordokay\Desktop\cmd.bat deleted successfully.
C:\Users\Mordokay\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\Mordokay\Desktop\cmd.bat deleted successfully.
C:\Users\Mordokay\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Catálogo Winsock redefinido com êxito.
Reinicie o computador para concluir a redefinição.
C:\Users\Mordokay\Desktop\cmd.bat deleted successfully.
C:\Users\Mordokay\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mordokay
->Temp folder emptied: 141098729 bytes
->Temporary Internet Files folder emptied: 3929530 bytes
->Java cache emptied: 1147632 bytes
->FireFox cache emptied: 58240930 bytes
->Google Chrome cache emptied: 287480400 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 592 bytes
User: Public
User: Todos os Usuários
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 557056 bytes
%systemroot%\System32 .tmp files removed: 2222128 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94306885 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 562,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01222013_164906
Files\Folders moved on Reboot...
C:\Users\Mordokay\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP00000001856AE766DE10BEA8 not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Vamos fazer uma confirmação.
:seta: Execute novamente o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Selecione:
Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity
*Clique [Verificar]
:seta: Acesse http://www.1fichier.com/en/'>este link
*Clique [selecionar arquivo...]
*Localize o arquivo OTL.txt e clique [Abrir]
*Clique [send] e cole o link gerado abaixo de Download link
Não se preocupe com as ferramentas usadas.
Depois removeremos todas....:)
:seta: Delete o ESETSirefefEVCleaner e a pasta CC Suport localizada no Desktop (Área de Trabalho)
:seta: Baixe o http://download.bleepingcomputer.com/farbar/FSS.exe'>Farbar Service Scanner (...de Farbar) e salve-o no Desktop (Área de Trabalho)
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Selecione todas as opções
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services
http://imgbox.com/act5Guga'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/act5Guga.jpg&key=a4e81d2b546daf6fd9d055d510dbbcbdddf59c847cbecc269a88252dbe1fab36" alt="act5Guga.jpg" />
*Clique [scan]
*Cole o relatório FSS.txt localizado no desktop
Hahaha, sem problemas quanto deletar as ferramentas. Sem pressa :flores:
Aqui o log do FSS;
>
Farbar Service Scanner Version: 16-01-2013
Ran by Mordokay (administrator) on 22-01-2013 at 17:25:43
Running from "C:\Users\Mordokay\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit** End of log **
OK...
:seta: Baixe o http://download.bleepingcomputer.com/Xplode/AdwCleaner.exe'>AdwCleaner (...de Xplode) e salve-o no Desktop (Área de Trabalho)
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Clique [Delete]. Em alguns casos, o PC será reiniciado para a completa remoção. Clique [OK] para reiniciar.
http://imgbox.com/acsFfOQZ'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acsFfOQZ.jpg&key=444cdf872cc04e687596584e29e6fb838c28967648737363951efc3693349945" alt="acsFfOQZ.jpg" />
*Cole o relatório apresentado
Clico só em Delete ou dou Search primeiro depois Delete?
Fiz o que você disse (Só clicar em Delete, sem Search) e o relatório apresentado é esse;
>
*** [services] ***
Stopped & Deleted : Browser Manager
*** [Files / Folders] ***
Deleted on reboot : C:\ProgramData\Browser Manager
Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\bprotector_prefs.js
File Deleted : C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\searchplugins\mngr.xml
File Deleted : C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\searchplugins\WebSearch.xml
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Mordokay\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Mordokay\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Mordokay\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Mordokay\AppData\Roaming\OpenCandy
*** [Registry] ***
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\contin~1\sprote~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\softqu~1\sprote~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\5a57dadee268bf15
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5a57dadee268bf15
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKU\S-1-5-21-1259735272-1309442587-1603270946-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
*** [internet Browsers] ***
-\\ Internet Explorer v8.0.7601.17514
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.soft-quick.info/ --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110824&tt=4712_3&babsrc=NT_ss&mntrId=1a47fdcd00000000000088532e2cdcab --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.soft-quick.info/ --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0.1 (pt-BR)
File : C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\prefs.js
C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\user.js ... Deleted !
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.defaultthis.engineName", "WebSearch");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.soft-quick.info/?l=1&q=");
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.soft-quick.info/");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "1a47fdcd00000000000088532e2cdcab");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15666");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.813:32:54");
Deleted : user_pref("keyword.URL", "hxxp://websearch.soft-quick.info/?l=1&q=");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.soft-quick.info/");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.soft-quick.info/?l=1&q=");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");-\\ Google Chrome v24.0.1312.52
File : C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v12.11.1661.0
File : C:\Users\Mordokay\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[s1].txt - [8677 octets] - [22/01/2013 17:36:14]
########## EOF - C:\AdwCleaner[s1].txt - [8737 octets] ##########
Tá muito feio o computador ainda? :upset: Hahahahaha
Agora está melhor.... :)
Vamos remover as ferramentas usadas.
:seta: Baixe o DelFix (...de Xplode) e salve-o no Desktop (Área de Trabalho)
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/aceszP5f.jpg&key=e44fdbf44f8dcf5db9017361d97c51e3a76041406b24e62bcd496b17ffd5bbfa" alt="aceszP5f.jpg" />
*Clique [Run]
*Cole o relatório apresentado
:seta: Desinstale:
**Java 6 Update 24
Java 7 Update 9**
:seta: [Instale a última versão do Java](http://java.com/pt_BR/download/windows_manual.jsp?locale=pt_BR)Para terminar, sugiro que faça um scan:
Baixe o Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Aguarde a instalação, aceite o contrato e clique [start]
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/aagswzb7.jpg&key=d25dda3ae97d2575b55d1ca88e05c54243be201c42bc91de8814d5971a9ab5b7" alt="aagswzb7.jpg" />
*Clique /applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/1z3vtjt.jpg&key=433af74991bd6057778feca81810e7e8ab2e792683b7a35afb3f8ded8eec691b" alt="1z3vtjt.jpg" />
*Acrescente na pesquisa Meu computador
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/aaeRdxxr.jpg&key=ccd454330ced74adbf77f2e3143d440ef82c038b19ee46d914eb35e5966a61c8" alt="aaeRdxxr.jpg" />
*Clique /applications/core/interface/imageproxy/imageproxy.php?img=http://i46.tinypic.com/2lpcn7.jpg&key=038653b7c0b100612dcb6946bbfbde3c6d76326d9712b04b21f0f96b8df53644" alt="2lpcn7.jpg" />
*Clique [start scanning]
*Durante o scan, janelas surgirão.
*Caso encontre algo, selecione Apply to all objects e clique [skip]
/applications/core/interface/imageproxy/imageproxy.php?img=http://i41.tinypic.com/2r6zax1.jpg&key=ac5ee55b23598e8ad96d8f17122f6a731ad66c83cd3ec067ee89d0a5f53754ba" alt="2r6zax1.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://i43.tinypic.com/2ijixeh.jpg&key=5c3942c8c1ac1d720817223eb465cece0937a03495981ff805b723edf1e173e6" alt="2ijixeh.jpg" />
*Ao término, clique /applications/core/interface/imageproxy/imageproxy.php?img=http://i45.tinypic.com/2r41o4x.jpg&key=292dbba1d8d038bab89bcd2d8470a574c9a7dfc04fc659114e255cb8e8641def" alt="2r41o4x.jpg" />
*Clique Detected threats > [save] e salve no desktop como log.txt
*Cole o relatório log.txt salvo no desktop
>
:seta: Baixe o DelFix (...de Xplode) e salve-o no Desktop (Área de Trabalho)
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/aceszP5f.jpg&key=e44fdbf44f8dcf5db9017361d97c51e3a76041406b24e62bcd496b17ffd5bbfa" alt="aceszP5f.jpg" />
*Clique [Run]
*Cole o relatório apresentado
Quando clico em Run aparece uma tela muito rápido e já fecha, nenhum relatório é apresentado depois disso e as ferramentas usadas anteriormente ainda estão no PC.
O que faço? Devo remove-las manualmente?
>
:seta: Desinstale:
**Java™ 6 Update 24**
Java 7 Update 9
:seta: [Instale a última versão do Java](http://java.com/pt_BR/download/windows_manual.jsp?locale=pt_BR)Para terminar, sugiro que faça um scan:
Feito.
>
Baixe o Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Aguarde a instalação, aceite o contrato e clique [start]
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/aagswzb7.jpg&key=d25dda3ae97d2575b55d1ca88e05c54243be201c42bc91de8814d5971a9ab5b7" alt="aagswzb7.jpg" />
*Clique /applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/1z3vtjt.jpg&key=433af74991bd6057778feca81810e7e8ab2e792683b7a35afb3f8ded8eec691b" alt="1z3vtjt.jpg" />
*Acrescente na pesquisa Meu computador
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/aaeRdxxr.jpg&key=ccd454330ced74adbf77f2e3143d440ef82c038b19ee46d914eb35e5966a61c8" alt="aaeRdxxr.jpg" />
*Clique /applications/core/interface/imageproxy/imageproxy.php?img=http://i46.tinypic.com/2lpcn7.jpg&key=038653b7c0b100612dcb6946bbfbde3c6d76326d9712b04b21f0f96b8df53644" alt="2lpcn7.jpg" />
*Clique [start scanning]
*Durante o scan, janelas surgirão.
*Caso encontre algo, selecione Apply to all objects e clique [skip]
/applications/core/interface/imageproxy/imageproxy.php?img=http://i41.tinypic.com/2r6zax1.jpg&key=ac5ee55b23598e8ad96d8f17122f6a731ad66c83cd3ec067ee89d0a5f53754ba" alt="2r6zax1.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://i43.tinypic.com/2ijixeh.jpg&key=5c3942c8c1ac1d720817223eb465cece0937a03495981ff805b723edf1e173e6" alt="2ijixeh.jpg" />
*Ao término, clique /applications/core/interface/imageproxy/imageproxy.php?img=http://i45.tinypic.com/2r41o4x.jpg&key=292dbba1d8d038bab89bcd2d8470a574c9a7dfc04fc659114e255cb8e8641def" alt="2r41o4x.jpg" />
*Clique Detected threats > [save] e salve no desktop como log.txt
*Cole o relatório log.txt salvo no desktop
Fui fazer o relatório e deu mais de 5 horas de scan, tenho umas coisas do trabalho pra terminar de fazer ainda hoje.
Deixarei esse scan de madrugada e reportarei com o log amanhã o mais rápido possível.
Obrigado desde já por toda ajuda.
OK...
Se desejar uma alternativa mais rápida:
:seta: Baixe o HitmanPro
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Clique na seta ao lado de [Próximo] e selecione Pesquisa padrão
/applications/core/interface/imageproxy/imageproxy.php?img=http://i46.tinypic.com/2gyceb8.jpg&key=601a6a8d2a73306420129c33678d7e0777896709ef9c5cd785d7ae44246412ab" alt="2gyceb8.jpg" />
*Deixe Selecionada a opção Não, Eu só quero executar uma pesquisa única para verificar este computador, desmarque a opção de enviar notificações de produtos e clique [Próximo]
/applications/core/interface/imageproxy/imageproxy.php?img=http://i45.tinypic.com/30x7hqw.jpg&key=f758e024265a2b6eb75435dfbfc7eceb8f6c24b75de992070217500f278dec6a" alt="30x7hqw.jpg" />
*Clique [Próximo] e aguarde o término
*Caso encontre algo, selecione Aplicar a todos > Ignorar
/applications/core/interface/imageproxy/imageproxy.php?img=http://i49.tinypic.com/rwqmuq.jpg&key=9b5bfd9ec878579855aa9891104e87d5dd78e9ac0f2a9c304e151f4430b9ca2e" alt="rwqmuq.jpg" />
*Clique [Próximo]
*Clique Ativar a licença gratuita, aguarde a ativação e clique [OK]
/applications/core/interface/imageproxy/imageproxy.php?img=http://i46.tinypic.com/idsvpz.jpg&key=460c3e19a5b5de81f5337bd6c8e584a996c0040e57011fda14882bccd3175051" alt="idsvpz.jpg" />
*Clique [Próximo]
*Clique Guardar Relatório
/applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/i4msrn.jpg&key=e97797e3a8c14cc2cfac72debc27988dce19494f59dab20a240533d4fce1cedc" alt="i4msrn.jpg" />
*Salve no Desktop, feche o programa e cole o relatório
Fiz usando o HitmanPro, foi esse o resultado
>
HitmanPro 3.7.0.185
www.hitmanpro.com
Computer name . . . . : MORDOKAY-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Mordokay-PC\Mordokay
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-01-22 21:37:25
Scan mode . . . . . . : Normal
Scan duration . . . . : 34m 28s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 12
Traces . . . . . . . : 125
Objects scanned . . . : 1.937.069
Files scanned . . . . : 93.824
Remnants scanned . . : 712.940 files / 1.130.305 keys
Malware _____________________________________________________________________
C:\Levelup Games\Grand Chase\WebCheats Trainer.exe
Size . . . . . . . : 2.669.568 bytes
Age . . . . . . . : 132.4 days (2012-09-12 13:11:57)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 0FF89D50797615BC65ADE1CE559525AC6D3FD15DEDAA8C056ECAF06D7BC0A40C
> G Data . . . . . . : Gen:Variant.Strictor.15081 (Engine A)
> Ikarus . . . . . . : Win32.Malware!IK
Fuzzy . . . . . . : 134.0
References
C:\Users\Mordokay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WebCheats Trainer.lnk
C:\Users\Mordokay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nvvtray.exe
Size . . . . . . . : 49.152 bytes
Age . . . . . . . : 344.0 days (2012-02-13 22:32:32)
Entropy . . . . . : 6.4
SHA-256 . . . . . : C0B438E5AE7929F835A902FD3BA6D18DF1F7348F24F5F069194E4282D731CD2D
Running processes : 124
> G Data . . . . . . : Gen:Trojan.Heur.DP.dGW@a8bcPdi (Engine A)
> Ikarus . . . . . . : Trojan.Win32.Spy!IK
Fuzzy . . . . . . : 118.0
Startup
C:\Users\Mordokay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nvvtray.exe
C:\Users\Mordokay\Desktop\Release\Thumb.db.tmp
Size . . . . . . . : 114.688 bytes
Age . . . . . . . : 26.4 days (2012-12-27 11:25:09)
Entropy . . . . . : 6.9
SHA-256 . . . . . : 82A49EF308D8418CD475A053BE9071C0F78631BFF19D864A90C9A222A34974BE
> G Data . . . . . . : Gen:Trojan.Heur.hqW@IXPbtVnb (Engine A)
> Ikarus . . . . . . : Trojan.Win32.Spy!IK
Fuzzy . . . . . . : 106.0
C:\Users\Mordokay\Desktop\Sundead WC GCTrainer By Sobek.exe
Size . . . . . . . : 2.926.080 bytes
Age . . . . . . . : 147.4 days (2012-08-28 12:26:45)
Entropy . . . . . : 7.7
SHA-256 . . . . . : D040C5B34C727474D5B8EF082250F4DC359F139D9CEBE4F90007398D603DA357
Product
Publisher . . . . : Copyright© 2012 Unknow™
Description . . . : Sundead Trainer
Version . . . . . : 1.0.3.29
Copyright
> G Data . . . . . . : Gen:Variant.Strictor.14732 (Engine A)
Fuzzy . . . . . . : 112.0
C:\Users\Mordokay\Desktop\WebCheats Trainer.exe
Size . . . . . . . : 2.675.200 bytes
Age . . . . . . . : 146.3 days (2012-08-29 14:10:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : D1FAAF1D330DD907D194A67347FD1DCE3891C84D0521E0C13180C86BE7A8BE84
> G Data . . . . . . : Win32:Trojan-gen
> Ikarus . . . . . . : Trojan.Crypt!IK
Fuzzy . . . . . . : 134.0
C:\Users\Mordokay\Downloads\Fully Trainer New (1).exe
Size . . . . . . . : 1.537.536 bytes
Age . . . . . . . : 137.3 days (2012-09-07 13:37:02)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 1A4C6D48E3C06E9DAF31F3D826EE433F2000FFA08700921F4949463426EE4FB1
Product
Publisher . . . . : Copyright© 2012 Unknow™
Description . . . : Fully Trainer
Version . . . . . : 1.0.3.29
Copyright
> G Data . . . . . . : Trojan.Generic.7876416 (Engine A)
> Ikarus . . . . . . : Packed.Win32.Themida!IK
Fuzzy . . . . . . : 111.0
C:\Users\Mordokay\Downloads\Fully Trainer New (2).exe
Size . . . . . . . : 1.544.192 bytes
Age . . . . . . . : 134.8 days (2012-09-10 03:17:55)
Entropy . . . . . : 7.7
SHA-256 . . . . . : B0FABEA57BFD19206DF45A5E989DE022CD0404560E1F4F16295CD29535413CB8
Product
Publisher . . . . : Copyright© 2012 Unknow™
Description . . . : Fully Trainer
Version . . . . . : 1.0.3.29
Copyright
> G Data . . . . . . : Gen:Variant.Zusy.16768 (Engine A)
> Ikarus . . . . . . : Packed.Win32.Black!IK
Fuzzy . . . . . . : 111.0
C:\Users\Mordokay\Downloads\Fully Trainer New.exe
Size . . . . . . . : 1.561.088 bytes
Age . . . . . . . : 144.5 days (2012-08-31 09:55:03)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 50B08B7EF6F8A4D69CA99B6A543F969FFE055EEA44013DAC0F65CFC1962E31F5
Product
Publisher . . . . : Copyright© 2012 Unknow™
Description . . . : Fully Trainer
Version . . . . . : 1.0.3.29
Copyright
> G Data . . . . . . : Trojan.Generic.KDV.705483 (Engine A)
> Ikarus . . . . . . : Packed.Win32.Themida!IK
Fuzzy . . . . . . : 111.0
C:\Users\Mordokay\Downloads\MasterGC - ExpertGH [29-08]\MasterGC - ExpertGH.exe
Size . . . . . . . : 3.204.096 bytes
Age . . . . . . . : 140.3 days (2012-09-04 13:29:41)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 00ACD073BC02BA98A29C1AE16CB38F5AEF417F8F4B8C63965CBF0F61F2F4BF10
Product . . . . . : MasterGC - ExpertGH
Publisher . . . . : ExpertGH.com
Description . . . : Hack Para Grand-Chase
Version . . . . . : 0.0.0.0
Copyright
> G Data . . . . . . : Gen:Variant.Zusy.30291 (Engine A)
> Ikarus . . . . . . : Win32.SuspectCrc!IK
Fuzzy . . . . . . : 111.0
C:\Users\Mordokay\Downloads\plugin_flashplayer.exe
Size . . . . . . . : 101.376 bytes
Age . . . . . . . : 239.4 days (2012-05-28 11:57:10)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 966C1E01D05174928A0156EE26D2EDB7A816A4460DE972116C68CD8F2B69A213
> G Data . . . . . . : Gen:Variant.Graftor.35947 (Engine A)
> Ikarus . . . . . . : Trojan-Proxy.Win32.Banker!IK
Fuzzy . . . . . . : 106.0
C:\Users\Mordokay\Downloads\Sundead GCTrainer WC By Sobek.exe
Size . . . . . . . : 2.907.136 bytes
Age . . . . . . . : 135.3 days (2012-09-09 14:26:46)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 3D2244E852D9D9991EA7883C06B3754C9528B08B7D028747FA02C3C593A5F834
Product
Publisher . . . . : Copyright© 2012 Unknow™
Description . . . : Sundead Trainer
Version . . . . . : 1.0.3.29
Copyright
> a-Squared . . . . : Trojan.Generic.7797448
> G Data . . . . . . : Trojan.Generic.7797448 (Engine A)
Fuzzy . . . . . . : 112.0
C:\Windows\Mailprogramma.exe
Size . . . . . . . : 118.784 bytes
Age . . . . . . . : 226.7 days (2012-06-10 04:41:41)
Entropy . . . . . : 5.2
SHA-256 . . . . . : 40D4832998C1A2C70496A3D8EF34C9599C1BB3F2F12F8D66996653639E65BE66
Product . . . . . : Advanced Mailapplication
Publisher . . . . : HB Software Design
Description . . . : Advanced Mailapplication
Version . . . . . : 1.00.0055
Copyright . . . . : Copyright (c) 2003 HB Software Design
Desktop . . . . . : Default
Running processes : 3300
> G Data . . . . . . : Win32:Malware-gen
> Ikarus . . . . . . : Win32.SuspectCrc!IK
Fuzzy . . . . . . : 104.0
Suspicious files ____________________________________________________________
C:\Users\Mordokay\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
Size . . . . . . . : 956.681 bytes
Age . . . . . . . : 126.3 days (2012-09-18 14:32:09)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Mordokay\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
Size . . . . . . . : 949.613 bytes
Age . . . . . . . : 122.0 days (2012-09-22 20:57:17)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Mordokay\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
Size . . . . . . . : 949.613 bytes
Age . . . . . . . : 77.1 days (2012-11-06 19:04:55)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Mordokay\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
Size . . . . . . . : 949.613 bytes
Age . . . . . . . : 126.3 days (2012-09-18 14:27:06)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Mordokay\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
Size . . . . . . . : 139.328 bytes
Age . . . . . . . : 126.3 days (2012-09-18 14:27:22)
Entropy . . . . . : 7.8
SHA-256 . . . . . : F6552C37C04FD92554BD715F9E98B41E3D711C8AC37C757FBCFDDD69738FBE5E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\Mordokay\Desktop\teste\Shaun White Skateboarding.exe
Size . . . . . . . : 26.954.360 bytes
Age . . . . . . . : 472.3 days (2011-10-08 13:53:54)
Entropy . . . . . : 6.5
SHA-256 . . . . . : C7EB65C89AB016694A2F60A5F586C451A5A02BF05F226BFFC943D256128D35C4
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 26.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
C:\Windows\SysWOW64\GameMon.des
Size . . . . . . . : 4.109.472 bytes
Age . . . . . . . : 230.9 days (2012-06-06 01:09:46)
Entropy . . . . . : 7.9
SHA-256 . . . . . : E5189CA12F9D6105903D29C17D78824FAA9104C32312D3D606388E57838A4FEA
Product . . . . . : nProtect Game Monitor
Publisher . . . . : INCA Internet Co., Ltd.
Description . . . : nProtect Game Monitor Rev 1836
Version . . . . . : 2012.3.5.1
Copyright . . . . : Copyright ⓒ 2000-2011 INCA Internet
Service . . . . . : npggsvc
Fuzzy . . . . . . : 34.0
The file name extension of this program is not common.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\
Potential Unwanted Programs _________________________________________________
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (Claro)
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (Claro)
C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\bProtector_extensions.sqlite (Claro)
HKU\S-1-5-21-1259735272-1309442587-1603270946-1000\Software\Microsoft\Internet Explorer\SearchScopes\bProtectorDefaultScope (Claro)
HKU\S-1-5-21-1259735272-1309442587-1603270946-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
HKU\S-1-5-21-1259735272-1309442587-1603270946-1000\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings\ (Claro)
Cookies _____________________________________________________________________
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:1xxx.cqcounter.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.popup.tbn.ru
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.rich1.adbn.ru
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.vatgia.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.crakmedia.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cutetraffic.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.dothads.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.hostnet.com.br
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ookla.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.us.e-planning.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.dialhost.com.br
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:adult-empire.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:aunica.112.2o7.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:b2wviagens.122.2o7.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:brasil---o.tv
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:freecamsexposed.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:fuckcams.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:fuckyeaworld.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:gerasexo.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:gmlabr.112.2o7.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleads.g.doubleclick.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:hardsextube.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:hotlog.ru
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:kaspersky.122.2o7.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:livecamsex.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:---erbros.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:---factor.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:---hub.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:projeto---o.com.br
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:publicar.122.2o7.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:rabbit---o.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:realitykings.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:scene----.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:servicos-adultos-sexo.vivastreet.com.br
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexad.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexmix247.blogspot.com.br
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:streamate.doublepimp.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.efiliacao.com.br
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.monitis.com
C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\Mordokay\AppData\Roaming\Microsoft\Windows\Cookies\7QO3CUUH.txt
A quantidade de cookies de site ---o é inevitável, :yay: :yay: :yay: :yay: :yay:
OK...
:seta: Na pasta C:\Users\Mordokay\Downloads, delete o que vc não usa.
:seta: Leia neste link o item Excluir cookies.
:seta: Delete o HitmanPro, seu relatório e a pasta C:\ProgramData\HitmanPro
:seta: Delete o Kaspersky
:seta: Abra o Windows Explorer
*Clique Área de Trabalho > Organizar > Opções de pasta e pesquisa > [Modo de Exibição]
*Selecione Não mostrar arquivos, pastas ou unidades ocultas
*Clique [Aplicar] > [OK]
O PC está limpo.....:)
Um abraço.
120GB na pasta Downloads, vou tentar achar o que não uso aqui.
De resto, já fiz o que mandou.
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.pingtest.net/result/75988868.png&key=c36c6e67f014b0771a09883e91c7d1430d9e1a5206fbb9f466ee5d339554e828" alt="75988868.png" />
Melhorou e muito meu Packet Loss (0%) e meu ping, vi também que algumas funcões do Windows que estavam dando problema voltaram a funcionar normalmente.
MUITO OBRIGADO mesmo, começarei a fazer parte e acompanhar o fórum. Muito obrigado, mais uma vez.
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Olá Felipe Eloy
Seja bem-vindo ao fórum.
:seta: Instale o MalwareBytes
*Aguarde a atualização e o programa será aberto automaticamente
*Selecione [Verificação Rápida]
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abjPf7xq.jpg&key=f90e96e66a066f3d13330c5e6a86c2b30b678877603352d23ca10292f97839d3" alt="abjPf7xq.jpg" />
*Clique [Verificar]
*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado