[Resolvido] &nbspPacket Loss + Ping Alto

Felipe Eloy · Janeiro 22, 2013

Boa tarde.

De umas duas semanas pra cá, minha internet anda apresentando um ping MUITO alto e uma perca de pacotes também muito alta, tentei passar CCleaner, Spybot, etc, mas nada resolveu o problema.

Ao tentar entrar em contato com o provedor (Provedor privado da minha cidade, atende só a região. O nome do provedor é cednet) me disseram que meu IP estava fazendo download direto desde a hora que liguei o computador. Procurei finalizar todos os programas que aparentemente fariam o uso do download mas o problema continua o mesmo.

Segue abaixo o log do Hijackthis;

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:03:47, on 22/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe

C:\Users\Mordokay\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Users\Mordokay\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\Mordokay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nvvtray.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Users\Mordokay\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Razer\Lachesis\razerhid.exe

C:\Windows\Mailprogramma.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Razer\Lachesis\razerofa.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe

C:\Program Files (x86)\Java\jre7\bin\java.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Mordokay\Downloads\HiJackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: continuetosave - {420B36B0-B08F-4089-0B09-A43019778E1B} - C:\ProgramData\continuetosave\50ec875f32ec4.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: continuetosave - {C76A919A-3363-74DF-DEFA-861F6A165700} - C:\ProgramData\continuetosave\50ec8850af6f1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files (x86)\RegTweaker\key.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Mailprogramma] "C:\WINDOWS\Mailprogramma.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Mordokay\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Mordokay\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User '?')

O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')

O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent (User '?')

O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [Facebook Update] "C:\Users\Mordokay\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User '?')

O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [AdobeBridge] (User '?')

O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [Akamai NetSession Interface] "C:\Users\Mordokay\AppData\Local\Akamai\netsession_win.exe" (User '?')

O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart (User '?')

O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED (User '?')

O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [PlayNC Launcher] (User '?')

O4 - HKUS\S-1-5-21-1259735272-1309442587-1603270946-1000\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (User '?')

O4 - S-1-5-21-1259735272-1309442587-1603270946-1000 Startup: Dropbox.lnk = Mordokay\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')

O4 - S-1-5-21-1259735272-1309442587-1603270946-1000 Startup: nvvtray.exe (User '?')

O4 - Startup: Dropbox.lnk = Mordokay\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: nvvtray.exe

O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Mordokay\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll

O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mordokay\Desktop\PartyPoker.lnk

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mordokay\Desktop\PartyPoker.lnk

O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)

O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AB227CA7-0154-4A42-A5B2-B806E25B93CC}: NameServer = 192.168.31.253,186.201.201.4

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll c:\windows\syswow64\nvinit.dll c:\progra~2\contin~1\sprote~1.dll c:\progra~2\softqu~1\sprote~1.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files (x86)\xampp\apache\bin\httpd.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe

O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\xampp\FileZillaFTP\FileZillaServer.exe

O23 - Service: GSService - Unknown owner - C:\Windows\SysWOW64\GSService.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: SMServer - SMServer - C:\Windows\SysWOW64\snmvtsvc.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 17221 bytes

wings · Janeiro 22, 2013

Olá Felipe Eloy

Seja bem-vindo ao fórum.

:seta: Instale o MalwareBytes

*Aguarde a atualização e o programa será aberto automaticamente

*Selecione [Verificação Rápida]

*Clique [Verificar]

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Felipe Eloy · Janeiro 22, 2013

Olá Wings, feito como você pediu, aqui se encontra o relatório do MalwareBytes

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Versão da Base de Dados: v2013.01.22.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Mordokay :: MORDOKAY-PC [administrador]

22/01/2013 15:11:36

mbam-log-2013-01-22 (15-11-36).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 243558

Tempo decorrido: 5 minuto(s), 45 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 2

C:\Users\Mordokay\Downloads\daemon-tools-lite-44610327-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.

C:\Users\Mordokay\AppData\Local\Temp\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

wings · Janeiro 22, 2013

Baixe o http://oldtimer.geekstogo.com/OTL.exe'>OTL (...de Old_Timer) e salve-o no Desktop (Área de Trabalho)

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Selecione:

Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity

http://imgbox.com/adzi0S6A'>

*Clique [Verificar]

http://imgbox.com/acsbhsEE'>

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

:veja: Acesse http://www.1fichier.com/en/'>este link

*Clique [selecionar arquivo...]

*Localize o arquivo OTL.txt e clique [Abrir]

*Clique novamente em [selecionar arquivo...]

*Localize o arquivo Extras.txt e clique [Abrir]

*Clique [send] e cole os links gerados abaixo de Download link

Felipe Eloy · Janeiro 22, 2013

*Clique [send] e cole os links gerados abaixo de Download link

http://vu4stv.1fichier.com/en/

http://j6rg6h.1fichier.com/en/

wings · Janeiro 22, 2013

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Selecione Verificar All Users

*Clique [Nenhum]

*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

/md5start

services.exe

/md5stop

*Clique [Verificar]

*Cole o relatório apresentado

Felipe Eloy · Janeiro 22, 2013

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Selecione Verificar All Users

*Clique [Nenhum]

*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

/md5start

services.exe

/md5stop

*Clique [Verificar]

*Cole o relatório apresentado

Aqui está o relatório;

OTL logfile created on: 22/01/2013 16:12:21 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mordokay\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,92 Gb Total Physical Memory | 4,66 Gb Available Physical Memory | 58,89% Memory free

15,83 Gb Paging File | 12,24 Gb Available in Paging File | 77,32% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 372,42 Gb Total Space | 20,73 Gb Free Space | 5,57% Space Free | Partition Type: NTFS

Drive D: | 223,22 Gb Total Space | 8,13 Gb Free Space | 3,64% Space Free | Partition Type: NTFS

Drive H: | 3,72 Gb Total Space | 0,66 Gb Free Space | 17,89% Space Free | Partition Type: FAT32

Computer Name: MORDOKAY-PC | User Name: Mordokay | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: SERVICES.EXE >

[2009/07/13 23:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009/07/13 23:39:37 | 000,329,216 | ---- | M] (Microsoft Corporation) MD5=50BEA589F7D7958BDD2528A8F69D05CC -- C:\Windows\SysNative\services.exe

< End of report >

wings · Janeiro 22, 2013

Há muita contaminação no PC.

Vamos resolver.... :)

Baixe o ESETSirefefEVCleaner e salve-o no Desktop (Área de Trabalho)

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Tecle y

*Tecle ENTER

http://imgbox.com/abs0dcl3'>

*O PC será reiniciado e o programa será executado novamente.

*Tecle ENTER

*O PC será reiniciado novamente

:seta: Acesse este link

*Clique [selecionar arquivo...]

*Localize o arquivo SirefefFix.txt criado na pasta CC Suport localizada no Desktop (Área de Trabalho)

*Clique [Abrir]

*Clique [send] e cole os links gerados abaixo de Download link

Felipe Eloy · Janeiro 22, 2013

Há muita contaminação no PC.

Vamos resolver.... :)

Sério?

Isso que dá usar o Computador muito tempo sem nenhum tipo de manutenção, hahahaha.

Enfim, segue o link do relatório do ESETSirefefEVCleaner ;

http://p3pt69.1fichier.com/en/

wings · Janeiro 22, 2013

Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções

:Files
C:\Windows\Installer\{c51f4fce-2438-40c6-b21d-047bf4ce6448}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f /c
ipconfig /flushdns /c
netsh winsock reset catalog /c

:Commands
[emptytemp]

*Clique [Consertar]

http://imgbox.com/acsbhsEE'>

*Clique [OK] para reiniciar o PC

http://imgbox.com/aalOzPIh'>

*Cole o relatório apresentado após a inicialização do Windows

Felipe Eloy · Janeiro 22, 2013

Tá aqui o relatório;

All processes killed

========== FILES ==========

C:\Windows\Installer\{c51f4fce-2438-40c6-b21d-047bf4ce6448}\U folder moved successfully.

C:\Windows\Installer\{c51f4fce-2438-40c6-b21d-047bf4ce6448}\L folder moved successfully.

C:\Windows\Installer\{c51f4fce-2438-40c6-b21d-047bf4ce6448} folder moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

< reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f /c >

A operação foi concluída com êxito.

C:\Users\Mordokay\Desktop\cmd.bat deleted successfully.

C:\Users\Mordokay\Desktop\cmd.txt deleted successfully.

< ipconfig /flushdns /c >

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

C:\Users\Mordokay\Desktop\cmd.bat deleted successfully.

C:\Users\Mordokay\Desktop\cmd.txt deleted successfully.

< netsh winsock reset catalog /c >

Catálogo Winsock redefinido com êxito.

Reinicie o computador para concluir a redefinição.

C:\Users\Mordokay\Desktop\cmd.bat deleted successfully.

C:\Users\Mordokay\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Mordokay

->Temp folder emptied: 141098729 bytes

->Temporary Internet Files folder emptied: 3929530 bytes

->Java cache emptied: 1147632 bytes

->FireFox cache emptied: 58240930 bytes

->Google Chrome cache emptied: 287480400 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 592 bytes

User: Public

User: Todos os Usuários

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 557056 bytes

%systemroot%\System32 .tmp files removed: 2222128 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 94306885 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 562,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01222013_164906

Files\Folders moved on Reboot...

C:\Users\Mordokay\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\TMP00000001856AE766DE10BEA8 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

wings · Janeiro 22, 2013

Vamos fazer uma confirmação.

:seta: Execute novamente o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Selecione:

Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity

*Clique [Verificar]

:seta: Acesse http://www.1fichier.com/en/'>este link

*Clique [selecionar arquivo...]

*Localize o arquivo OTL.txt e clique [Abrir]

*Clique [send] e cole o link gerado abaixo de Download link

Felipe Eloy · Janeiro 22, 2013

http://ia15sv.1fichier.com/en/

wings · Janeiro 22, 2013

Não se preocupe com as ferramentas usadas.
Depois removeremos todas....:)

:seta: Delete o ESETSirefefEVCleaner e a pasta CC Suport localizada no Desktop (Área de Trabalho)

:seta: Baixe o http://download.bleepingcomputer.com/farbar/FSS.exe'>Farbar Service Scanner (...de Farbar) e salve-o no Desktop (Área de Trabalho)

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Selecione todas as opções

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

http://imgbox.com/act5Guga'>

*Clique [scan]

*Cole o relatório FSS.txt localizado no desktop

Felipe Eloy · Janeiro 22, 2013

Hahaha, sem problemas quanto deletar as ferramentas. Sem pressa :flores:

Aqui o log do FSS;

Farbar Service Scanner Version: 16-01-2013

Ran by Mordokay (administrator) on 22-01-2013 at 17:25:43

Running from "C:\Users\Mordokay\Desktop"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

wings · Janeiro 22, 2013

OK...

:seta: Baixe o http://download.bleepingcomputer.com/Xplode/AdwCleaner.exe'>AdwCleaner (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Clique [Delete]. Em alguns casos, o PC será reiniciado para a completa remoção. Clique [OK] para reiniciar.

http://imgbox.com/acsFfOQZ'>

*Cole o relatório apresentado

Felipe Eloy · Janeiro 22, 2013

Clico só em Delete ou dou Search primeiro depois Delete?

Fiz o que você disse (Só clicar em Delete, sem Search) e o relatório apresentado é esse;

# AdwCleaner v2.107 - Logfile created 01/22/2013 at 17:36:14

# Updated 21/01/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Mordokay - MORDOKAY-PC

# Boot Mode : Normal

# Running from : C:\Users\Mordokay\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager

Deleted on reboot : C:\ProgramData\Premium

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\bprotector_extensions.sqlite

File Deleted : C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\bprotector_prefs.js

File Deleted : C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\searchplugins\mngr.xml

File Deleted : C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\searchplugins\WebSearch.xml

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\Users\Mordokay\AppData\Local\OpenCandy

Folder Deleted : C:\Users\Mordokay\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Mordokay\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Mordokay\AppData\Roaming\OpenCandy

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\contin~1\sprote~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\softqu~1\sprote~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\5a57dadee268bf15

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\SOFTWARE\Wow6432Node\5a57dadee268bf15

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Key Deleted : HKU\S-1-5-21-1259735272-1309442587-1603270946-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.soft-quick.info/ --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110824&tt=4712_3&babsrc=NT_ss&mntrId=1a47fdcd00000000000088532e2cdcab --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.soft-quick.info/ --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (pt-BR)

File : C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\prefs.js

C:\Users\Mordokay\AppData\Roaming\Mozilla\Firefox\Profiles\c1h1uqlw.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Deleted : user_pref("aol_toolbar.default.search.check", false);

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110824&tt=4712_3&babsrc=NT_ss&mntr[...]

Deleted : user_pref("browser.search.defaultenginename", "WebSearch");

Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Deleted : user_pref("browser.search.defaultthis.engineName", "WebSearch");

Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.soft-quick.info/?l=1&q=");

Deleted : user_pref("browser.search.order.1", "WebSearch");

Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.soft-quick.info/");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "1a47fdcd00000000000088532e2cdcab");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15666");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=4712_[...]

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.813:32:54");

Deleted : user_pref("keyword.URL", "hxxp://websearch.soft-quick.info/?l=1&q=");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.soft-quick.info/");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.soft-quick.info/?l=1&q=");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Mordokay\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.11.1661.0

File : C:\Users\Mordokay\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [8677 octets] - [22/01/2013 17:36:14]

########## EOF - C:\AdwCleaner[s1].txt - [8737 octets] ##########

Tá muito feio o computador ainda? :upset: Hahahahaha

wings · Janeiro 22, 2013

Agora está melhor.... :)

Vamos remover as ferramentas usadas.

:seta: Baixe o DelFix (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Clique [Run]

*Cole o relatório apresentado

:seta: Desinstale:

Java 6 Update 24
Java 7 Update 9

:seta: Instale a última versão do Java

Para terminar, sugiro que faça um scan:

Baixe o Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Aguarde a instalação, aceite o contrato e clique [start]

*Clique

*Acrescente na pesquisa Meu computador

*Clique

*Clique [start scanning]

*Durante o scan, janelas surgirão.

*Caso encontre algo, selecione Apply to all objects e clique [skip]

*Ao término, clique

*Clique Detected threats > [save] e salve no desktop como log.txt

*Cole o relatório log.txt salvo no desktop

Felipe Eloy · Janeiro 22, 2013

:seta: Baixe o DelFix (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Clique [Run]

*Cole o relatório apresentado

Quando clico em Run aparece uma tela muito rápido e já fecha, nenhum relatório é apresentado depois disso e as ferramentas usadas anteriormente ainda estão no PC.

O que faço? Devo remove-las manualmente?

:seta: Desinstale:

Java™ 6 Update 24

Java 7 Update 9

:seta: Instale a última versão do Java

Para terminar, sugiro que faça um scan:

Feito.

Baixe o Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Aguarde a instalação, aceite o contrato e clique [start]

*Clique

*Acrescente na pesquisa Meu computador

*Clique

*Clique [start scanning]

*Durante o scan, janelas surgirão.

*Caso encontre algo, selecione Apply to all objects e clique [skip]

*Ao término, clique

*Clique Detected threats > [save] e salve no desktop como log.txt

*Cole o relatório log.txt salvo no desktop

Fui fazer o relatório e deu mais de 5 horas de scan, tenho umas coisas do trabalho pra terminar de fazer ainda hoje.

Deixarei esse scan de madrugada e reportarei com o log amanhã o mais rápido possível.

Obrigado desde já por toda ajuda.

wings · Janeiro 22, 2013

OK...

Se desejar uma alternativa mais rápida:

:seta: Baixe o HitmanPro

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Clique na seta ao lado de [Próximo] e selecione Pesquisa padrão

*Deixe Selecionada a opção Não, Eu só quero executar uma pesquisa única para verificar este computador, desmarque a opção de enviar notificações de produtos e clique [Próximo]

*Clique [Próximo] e aguarde o término

*Caso encontre algo, selecione Aplicar a todos > Ignorar

*Clique [Próximo]

*Clique Ativar a licença gratuita, aguarde a ativação e clique [OK]

*Clique [Próximo]

*Clique Guardar Relatório

*Salve no Desktop, feche o programa e cole o relatório

Arquivado

[Resolvido] &nbspPacket Loss + Ping Alto

Recommended Posts

Felipe Eloy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Eloy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Eloy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Eloy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Eloy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Eloy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Eloy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Eloy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Eloy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Eloy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22