Entre para seguir isso  
Seguidores 0
Supra

Memória RAM com 66% de consumo, pc lento, navegador Firefox travando...

23 posts neste tópico

Olá a todos.

Primeiramente, desculpem pela minha inatividade. Apesar de esta minha conta ser relativamente antiga, eu não sou tão ativo no fórum, no entanto, reconheço sua utilidade, uma vez que vem ajudando milhares de pessoas em todo o Brasil.

O meu problema é, basicamente, "lentidão". Já faz uns dias que tenho percebido o meu notebook meio esquisito. Estou suspeitando de algum vírus: spyware/malware/trojan, não sei qual em específico.

As configurações básicas são as seguintes:

Processador Intel® Core™ i3 CPU M350 @ 2.27GHz

Memória RAM: 3,00 GB (utilizável: 2,86 GB)

Windows 7 Ultimate 32 bits

Conexão com a Internet: CaboTelecom - 10 MBs de Download - 1 MB de Upload

Descrição detalhada do problema:

1- O meu notebook tem apresentado o círculo perto da seta do mouse (o ícone que corresponde à ampulheta no Windows XP) constantemente, como se tivesse dizendo que algum arquivo/aplicativo está sendo executado. Ora some, ora aparece. Muito frequente.

2- O navegador Firefox tem travado 95% das vezes, especialmente quando entro no Facebook.

3- O navegador Google Chrome tem travado depois de inserir os e-mails destinatários e o assunto, na parte de escrever a mensagem. Ela fica bloqueada depois de clicar em "Nova Mensagem", simplesmente.

4- Os arquivos de texto têm apresentado MUITA lentidão ao abrir.

5- As imagens (fotos, de formatos diversos) têm apresentado MUITA lentidão ao abrir.

6- Todos os navegadores têm apresentado certa lentidão ao executar e MUITA lentidão ao abrir uma página.

7- O meu AntiVirus atual é o Avast FREE 7.0. Está atualizado e funcionando corretamente. Tentei rodá-lo na tentativa de encontrar vírus e não achei nada.

8- Baixei o combo Fix e rodei, mas durante a instalação, apareceu o seguinte erro: "Do not run combofix in compatibility mode" "Doing so may damage the machine."

9- Já rodei programas como CCleaner e Advanced System Care.

10- Sou administrador de uma rede de jogos online. Recentemente, algumas pessoas descobriram meu ip e têm realizado diversos ataques DDoS em mim, a fim de me derrubar. Tenho medo do que podem estar fazendo com o meu ip. Não sei se seriam capazes de invadir o meu pc, por exemplo.

11- O programa Performance Monitor está mostrando que a minha RAM está sendo consumida em 69%, mas não tenho nenhum programa aberto além de algumas abas do Google Chrome.

Vejam uma imagem da minha área de trabalho com o programa aberto:

http://i.imgur.com/AFFDf.png

Agora, vejam uma imagem do meu Gerenciador de Tarefas aberto, com os processos (nem todos aparecendo) em execução:

http://i.imgur.com/kSFED.jpg

(Percebam que existem, neste momento, 144 processos rodando, dos quais aparecem apenas ALGUNS ali na janela)

Log do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 05:06:50, on 02/11/2012

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\FSP\FspUip.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\BrowserCompanion\BCHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe

C:\Program Files\DAP\DAP.exe

C:\Program Files\Keyboard status\Key_status.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe

C:\32788R22FWJFW\EN-US\iexplore.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\mspaint.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Léo\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...&utm_medium=fft

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?s=C9Ma205

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...&utm_medium=fft

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=817404911

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.plusnetw...hTerms}&t=a0806

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.plusnetw...hTerms}&t=a0806

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.v9.com/s#...rms}&gsc.page=1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.v9.com/s#...rms}&gsc.page=1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: 173.212.255.178 embedded.garena.com

O1 - Hosts: 173.212.255.178 embedded.garenanow.com

O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll

O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Teste Warcraft\AppData\Roaming\Complitly\Complitly.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: PSafe ClikSeguro - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Acelerador de Downloads\iefdm2.dll

O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKLM\..\Run: [browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS}

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GarenaCIG] "C:\ProgramData\GarenaCIG\3.0.824\GarenaCIG.exe" --tray

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Key_status.lnk = C:\Program Files\Keyboard status\Key_status.exe

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe

O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe

O23 - Service: Garena Cafe Service (GarenaCIG) - Unknown owner - C:\ProgramData\GarenaCIG\3.0.824\GarenaCIG.exe" --service (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Log do AdwCleaner[s1]:

# AdwCleaner v2.006 - Logfile created 11/02/2012 at 05:14:33

# Updated 30/10/2012 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : Léo - LÉO-PC

# Boot Mode : Normal

# Running from : C:\Users\Léo\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

File Deleted : C:\user.js

File Deleted : C:\Users\Léo\AppData\Local\funmoods.crx

File Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\searchplugins\BabylonMngr.xml

File Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\searchplugins\funmoods.xml

File Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\searchplugins\Messenger Plus Smartbar Search.xml

File Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\searchplugins\search.xml

File Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\BrowserMngr_extensions.sqlite

File Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\browsermngr_prefs.js

File Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\searchplugins\browsemngr.xml

Folder Deleted : C:\Program Files\BrowserCompanion

Folder Deleted : C:\Program Files\Complitly

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\DealPly

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Folder Deleted : C:\ProgramData\Premium

Folder Deleted : C:\Users\Léo\AppData\Local\APN

Folder Deleted : C:\Users\Léo\AppData\Local\Conduit

Folder Deleted : C:\Users\Léo\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Léo\AppData\LocalLow\bbrs_002.tb

Folder Deleted : C:\Users\Léo\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Léo\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\Léo\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Léo\AppData\Roaming\BrowserCompanion

Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\CT2269050

Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\extensions\bbrs_002@blabbers.com

Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\extensions\ffxtlbr@funmoods.com

Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\Smartbar

Folder Deleted : C:\Users\Léo\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Teste Warcraft\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Teste Warcraft\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Teste Warcraft\AppData\LocalLow\bbrs_002.tb

Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\BabylonToolbar

Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Complitly

Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}

Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\OpenCandy

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll

Key Deleted : HKCU\Software\AppDataLow\Software

Key Deleted : HKCU\Software\BrowserCompanion

Key Deleted : HKCU\Software\BrowserMngr

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BrowserCompanion

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData

Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}

Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO

Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO

Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\DealPly

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [browser companion helper]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DyDyCyDyBtCyEtCtA0A0EtN0D0Tzu0StByByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=817404911 --> hxxp://www.google.com

Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=44444&tt=120912_ccp_3712_6&babsrc=HP_ss&mntrId=823513ae0000000000001c659d565714 --> hxxp://www.google.com

Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=BR&userid=7c1a1ad8-8661-4af2-809e-0ddde3bad359&sp=addr&q={searchTerms}&t=a0806 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=BR&userid=7c1a1ad8-8661-4af2-809e-0ddde3bad359&sp=addr&q={searchTerms}&t=a0806 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (pt-BR)

Profile name : default

File : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\prefs.js

C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\user.js ... Deleted !

Deleted : user_pref("CT2269050.1000082.isDisplayHidden", "true");

Deleted : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]

Deleted : user_pref("CT2269050.1000234.TWC_TMP_city", "SAO PAULO");

Deleted : user_pref("CT2269050.1000234.TWC_TMP_country", "BR");

Deleted : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT2269050.FirstTime", "true");

Deleted : user_pref("CT2269050.FirstTimeFF3", "true");

Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]

Deleted : user_pref("CT2269050.UserID", "UN09320095153688396");

Deleted : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT2269050.autoDisableScopes", -1);

Deleted : user_pref("CT2269050.browser.search.defaultthis.engineName", true);

Deleted : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT2269050.enableAlerts", "always");

Deleted : user_pref("CT2269050.firstTimeDialogOpened", "true");

Deleted : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT2269050.fixUrls", true);

Deleted : user_pref("CT2269050.installType", "Unknown");

Deleted : user_pref("CT2269050.isCheckedStartAsHidden", true);

Deleted : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");

Deleted : user_pref("CT2269050.isNewTabEnabled", false);

Deleted : user_pref("CT2269050.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT2269050.keyword", true);

Deleted : user_pref("CT2269050.migrateAppsAndComponents", true);

Deleted : user_pref("CT2269050.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.facebook.com[...]

Deleted : user_pref("CT2269050.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT2269050.openThankYouPage", "FALSE");

Deleted : user_pref("CT2269050.openUninstallPage", "FALSE");

Deleted : user_pref("CT2269050.search.searchAppId", "128834881989343895");

Deleted : user_pref("CT2269050.search.searchCount", "0");

Deleted : user_pref("CT2269050.searchInNewTabEnabled", "false");

Deleted : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350934148301");

Deleted : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1351260847858");

Deleted : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350934159632");

Deleted : user_pref("CT2269050.serviceLayer_services_login_10.13.1.89_lastUpdate", "1351321534894");

Deleted : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1351306971829");

Deleted : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350934159723");

Deleted : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1351260848448");

Deleted : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1351260846800");

Deleted : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350934159685");

Deleted : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1351321559862");

Deleted : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1351260847115");

Deleted : user_pref("CT2269050.settingsINI", true);

Deleted : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");

Deleted : user_pref("CT2269050.smartbar.CTID", "CT2269050");

Deleted : user_pref("CT2269050.smartbar.Uninstall", "0");

Deleted : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");

Deleted : user_pref("CT2269050.startPage", "FALSE");

Deleted : user_pref("CT2269050.toolbarBornServerTime", "22-10-2012");

Deleted : user_pref("CT2269050.toolbarCurrentServerTime", "27-10-2012");

Deleted : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB Customized Web Search");

Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050[...]

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");

Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=44444&tt=120912_ccp_3712_6[...]

Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110823&tt=120912_nocpc_3812_2");

Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt");

Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "10");

Deleted : user_pref("extensions.BabylonToolbar.cntry", "BR");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false");

Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "0");

Deleted : user_pref("extensions.BabylonToolbar.dpk", "a239ee63432785bc9c5f6d9c56596c52");

Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.firstrun", false);

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "476E0ADE1E123AB385B2850FA0AA1A1F");

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.hrdid", "823513ae0000000000001c659d565714");

Deleted : user_pref("extensions.BabylonToolbar.id", "823513ae0000000000001c659d565714");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15632");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.instlday", "15604");

Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst");

Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");

Deleted : user_pref("extensions.BabylonToolbar.keywordurl", "");

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1218:22:28");

Deleted : user_pref("extensions.BabylonToolbar.lastdp", 23);

Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");

Deleted : user_pref("extensions.BabylonToolbar.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar.newtab", "false");

Deleted : user_pref("extensions.BabylonToolbar.newtaburl", "");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");

Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");

Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "azb");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss");

Deleted : user_pref("extensions.BabylonToolbar.srch", "");

Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", "");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1218:22:28");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");

Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1218:22:28");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=120912_nocpc_3812_2");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "823513ae0000000000001c659d565714");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "823513ae0000000000001c659d565714");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15540");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=4212_[...]

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.812:21:30");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.enabledAddons", "{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.32.1,ffxtlbr@funmood[...]

Deleted : user_pref("extensions.funmoods.aflt", "ironpub");

Deleted : user_pref("extensions.funmoods.autoRvrt", false);

Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");

Deleted : user_pref("extensions.funmoods.cntry", "BR");

Deleted : user_pref("extensions.funmoods.cv", "cv5");

Deleted : user_pref("extensions.funmoods.dfltLng", "");

Deleted : user_pref("extensions.funmoods.dfltSrch", true);

Deleted : user_pref("extensions.funmoods.dfltlng", "en");

Deleted : user_pref("extensions.funmoods.dfltsrch", true);

Deleted : user_pref("extensions.funmoods.dnsErr", true);

Deleted : user_pref("extensions.funmoods.envrmnt", "production");

Deleted : user_pref("extensions.funmoods.excTlbr", false);

Deleted : user_pref("extensions.funmoods.hdrMd5", "51064B44E9CA852D709DC616FF7E5936");

Deleted : user_pref("extensions.funmoods.hmpg", true);

Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2[...]

Deleted : user_pref("extensions.funmoods.hrdid", "1C659D56571413AE");

Deleted : user_pref("extensions.funmoods.id", "1C659D56571413AE");

Deleted : user_pref("extensions.funmoods.instlDay", "15614");

Deleted : user_pref("extensions.funmoods.instlRef", "ironpub");

Deleted : user_pref("extensions.funmoods.instlday", "15577");

Deleted : user_pref("extensions.funmoods.instlref", "ironpub");

Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);

Deleted : user_pref("extensions.funmoods.keywordurl", "");

Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2218:52:45");

Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Deleted : user_pref("extensions.funmoods.newTab", true);

Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd[...]

Deleted : user_pref("extensions.funmoods.newtab", true);

Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd[...]

Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");

Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");

Deleted : user_pref("extensions.funmoods.sg", "none");

Deleted : user_pref("extensions.funmoods.similarsitesstorage-pid2", "3aa39776ff614cab");

Deleted : user_pref("extensions.funmoods.smplGrp", "none");

Deleted : user_pref("extensions.funmoods.smplgrp", "none");

Deleted : user_pref("extensions.funmoods.srch", "");

Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");

Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");

Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=ironpub&chnl=ironpub&[...]

Deleted : user_pref("extensions.funmoods.tlbrid", "base");

Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&[...]

Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2218:52:45");

Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.222:9:41");

Deleted : user_pref("extensions.funmoods_i.newTab", true);

Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2218:52:45");

Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=44444&tt=120912_ccp_371[...]

Profile name : default

File : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\prefs.js

C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&bab[...]

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212[...]

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "823513ae0000000000001c659d565714");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15630");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=16101[...]

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.820:20:02");

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&babsrc=KW_[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.43] : icon_url = "hxxp://www.babylon.com/favicon.ico",

Deleted [l.46] : keyword = "babylon.com",

Deleted [l.49] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=112558&tt=2912_7&babsrc=SP_ss&mntrId=823513ae0000000000001c659d565714",

File : C:\Users\Teste Warcraft\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&babsrc=HP_ss&mntrId=823513ae0000000000001c659d565714",

Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&babsrc=HP_ss&mntrId=823513ae0000000000001c659d565714" ]

Deleted [l.36] : icon_url = "hxxp://www.babylon.com/favicon.ico",

Deleted [l.39] : keyword = "babylon.com",

Deleted [l.42] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=161012_lehcoz_4212_4&babsrc=SP_ss&mntrId=823513ae0000000000001c659d565714",

Deleted [l.1733] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&babsrc=HP_ss&mntrId=823513ae0000000000001c659d565714",

Deleted [l.2003] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&babsrc=HP_ss&mntrId=823513ae0000000000001c659d565714" ]

*************************

AdwCleaner[s1].txt - [32512 octets] - [02/11/2012 05:14:33]

########## EOF - C:\AdwCleaner[s1].txt - [32573 octets] ##########

Alguém me ajude por favor.

O que devo fazer?

Editado por Supra

Compartilhar este post


Link para o post
Compartilhar em outros sites

Supra,

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares

Poste um novo log do Hijackthis.

Por favor, observe o seguinte:

  • Não utilize softwares que não foram indicado.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em Seguir este tópico, segutpld.png,
    para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma Mensagem Privada (MP)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, desculpe.

Novo log do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 17:48:21, on 02/11/2012

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\FSP\FspUip.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\ProgramData\GarenaCIG\3.0.824\GarenaCIG.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe

C:\Program Files\DAP\DAP.exe

C:\Program Files\Keyboard status\Key_status.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\online\rgc.exe

C:\Program Files\online\rgc.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Léo\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...&utm_medium=fft

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?s=C9Ma205

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...&utm_medium=fft

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.v9.com/s#...rms}&gsc.page=1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.v9.com/s#...rms}&gsc.page=1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: 173.212.255.178 embedded.garena.com

O1 - Hosts: 173.212.255.178 embedded.garenanow.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: PSafe ClikSeguro - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Acelerador de Downloads\iefdm2.dll

O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GarenaCIG] "C:\ProgramData\GarenaCIG\3.0.824\GarenaCIG.exe" --tray

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Key_status.lnk = C:\Program Files\Keyboard status\Key_status.exe

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe

O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe

O23 - Service: Garena Cafe Service (GarenaCIG) - Unknown owner - C:\ProgramData\GarenaCIG\3.0.824\GarenaCIG.exe" --service (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Supra,

Baixe o Malwarebytes' Anti-Malware (MBAM)

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:

http://linhadefensiva.org/forum/index.php?showtopic=75554

Compartilhar este post


Link para o post
Compartilhar em outros sites

1º Log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.11.02.11

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Léo :: LÉO-PC [administrador]

Proteção: Permitir

02/11/2012 19:44:05

mbam-log-2012-11-02 (19-44-05).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 210764

Tempo decorrido: 7 minuto(s), 29 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 2

C:\directory\CyberGate (Trojan.PWS) -> Enviado para a Quarentena e deletado com sucesso.

C:\directory\CyberGate\install (Trojan.PWS) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 7

C:\Users\Teste Warcraft\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Nenhuma ação foi feita.

C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Nenhuma ação foi feita.

C:\$Recycle.Bin\S-1-5-21-1067274514-2849233628-662287575-1000\$R47D6WM\rDos.exe (HackTool.DOS) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Léo\AppData\Roaming\cglogs.dat (Malware.Trace) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Teste Warcraft\AppData\Roaming\cglogs.dat (Malware.Trace) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Teste Warcraft\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Teste Warcraft\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

2º Log:

2012/11/02 19:43:05 -0200 LÉO-PC Léo MESSAGE Starting protection

2012/11/02 19:43:05 -0200 LÉO-PC Léo MESSAGE Protection started successfully

2012/11/02 19:43:05 -0200 LÉO-PC Léo MESSAGE Starting IP protection

2012/11/02 19:43:09 -0200 LÉO-PC Léo MESSAGE IP Protection started successfully

2012/11/02 19:43:21 -0200 LÉO-PC Léo MESSAGE Starting database refresh

2012/11/02 19:43:21 -0200 LÉO-PC Léo MESSAGE Stopping IP protection

2012/11/02 19:43:21 -0200 LÉO-PC Léo MESSAGE IP Protection stopped successfully

2012/11/02 19:43:24 -0200 LÉO-PC Léo MESSAGE Database refreshed successfully

2012/11/02 19:43:24 -0200 LÉO-PC Léo MESSAGE Starting IP protection

2012/11/02 19:43:26 -0200 LÉO-PC Léo MESSAGE IP Protection started successfully

2012/11/02 19:46:06 -0200 LÉO-PC Léo IP-BLOCK 213.186.33.17 (Type: outgoing, Port: 65361, Process: avastsvc.exe)

2012/11/02 19:54:57 -0200 LÉO-PC Léo MESSAGE Starting protection

2012/11/02 19:54:57 -0200 LÉO-PC Léo MESSAGE Protection started successfully

2012/11/02 19:54:57 -0200 LÉO-PC Léo MESSAGE Starting IP protection

2012/11/02 19:54:59 -0200 LÉO-PC Léo MESSAGE IP Protection started successfully

Compartilhar este post


Link para o post
Compartilhar em outros sites

Supra,

Não é necessário me enviar Mensagem Privada informando da resposta ao tópico.

--------

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.* /s

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.com

%systemroot%\*.scr

%PROGRAMFILES%\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

%systemroot%\system32\tasks\*.* /s

%windir%\tasks\*.* /s

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP

HKCU\Software\Microsoft\Internet Explorer\Downloads

/md5start

services.*

/md5stop

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Supra,

Acesse o VirusTotal.com

Clique no botão Choose File e localize o arquivo abaixo.

C:\Users\Léo\AppData\Roaming\driver.sys

Depois clique no botão Scan it!

Aguarde a análise terminar, depois copie o link que estará na barra de endereço do seu navegador e cole na sua próxima resposta. Exemplo:

https://www.virustotal.com/file/be174c2ea137c2401cc50a92086c8a7cfde69f711176737737b1d7bdf91b9f4d/analysis/1331728637/

Obs: Se você usar o VirusTotal, caso o arquivo já tenha sido analisado anteriormente pelo site, você verá uma imagem semelhante a esta:

virustotalrt7.jpg

Se isso acontecer, reanalise o arquivo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ciro, eu não achei este arquivo:

C:\Users\Léo\AppData\Roaming\driver.sys

Compartilhar este post


Link para o post
Compartilhar em outros sites

Supra,

Selecione e copie o texto dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.

:OTL
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Users\Léo\AppData\Roaming\driver.sys -- (AlxKill)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=fft
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.v9.com/s#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.v9.com/s#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=pcmega1&chnl=pcmega1&cd=2XzutAtN2Y1L1QzutC0CyCyDzy0DyDyCyDyBtCyEtCtA0A0EtN0D0TzutBtDtCtBtDyCtDtA&cr=1139112003
IE - HKLM\..\SearchScopes\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}: "URL" = http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=BR&userid=7c1a1ad8-8661-4af2-809e-0ddde3bad359&sp=addr&q={searchTerms}&t=a0806
IE - HKLM\..\SearchScopes\{6B54B081-AF74-0C4F-8608-479CB9AF069C}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DyDyCyDyBtCyEtCtA0A0EtN0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1580841226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=fft
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?s=C9Ma205
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0EB6806E-B904-4774-B0AF-7A9BB68C99EF}: "URL" = http://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.v9.com/s#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
IE - HKCU\..\SearchScopes\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}: "URL" = http://isearch.avg.com/search?cid={43EF517A-D3BA-49DE-83A8-B40F54C9B40A}&mid=8562cc90ffe247d0a7ced1a90aeba32d-57ecd0b1cdd608290096e7ae5f4c5b5e6ab1bed3&lang=pt-br&ds=od011&pr=sa&d=2012-07-09 13:03:52&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{6B54B081-AF74-0C4F-8608-479CB9AF069C}: "URL" = http://home.speedbit.com/search.aspx?s=C9Ma206&q={searchTerms}
IE - HKCU\..\SearchScopes\{72271B3A-3554-9520-BB57-5BC380905350}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=220512_53ctrl&babsrc=SP_ss&mntrId=823513ae0000000000001c659d565714
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q={searchTerms}
IE - HKCU\..\SearchScopes\{9F24CD44-FA98-4FFF-A181-DF25F8169D84}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYBR&apn_uid=2d55986a-fc0c-4b0e-8609-694428616c3e&apn_sauid=A1E6D633-FCBA-4DEC-B7AB-68C4C4D6A412
FF - prefs.js..browser.search.defaultenginename: "Speedbit"
FF - prefs.js..browser.search.defaulturl: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
FF - prefs.js..browser.search.order.1: "Speedbit"
FF - prefs.js..browser.search.selectedEngine: "Speedbit"
FF - prefs.js..keyword.URL: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
[2012/10/27 01:05:12 | 000,001,028 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\dvdvideosofttb-customized-web-search.xml
[2012/11/01 00:13:00 | 000,002,520 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\speedbit.xml
File not found (No name found) -- C:\USERS\LéO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KKZE6PFT.DEFAULT\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&affID=112558&tt=2912_7&babsrc=SP_ss&mntrId=823513ae0000000000001c659d565714
O2 - BHO: (no name) - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - No CLSID value found.
[2012/09/21 19:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft
[2012/11/03 14:14:17 | 000,000,600 | ---- | M] () -- C:\Users\Léo\AppData\Local\PUTTY.RND
[2012/10/10 00:11:40 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\3393.exe
[2012/10/09 22:28:32 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\C7B3.exe
[2012/10/08 11:02:21 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\EB1A.exe
[2012/10/08 10:55:31 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\AC46.exe
[2012/10/08 09:46:30 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\7C7C.exe
[2012/10/08 09:23:30 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\6DBB.exe
[2012/10/08 09:00:30 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\5E9D.exe
[2012/10/08 08:37:31 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\51FE.exe
[2012/10/08 08:14:30 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\40BE.exe
[2012/10/08 07:51:29 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\2F7E.exe
[2012/10/08 07:28:29 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\1FC4.exe
[2012/10/08 06:42:30 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\6E4.exe
[2012/10/08 06:19:29 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\F517.exe
[2012/10/08 05:56:30 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\E8A7.exe
[2012/10/08 05:33:29 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\D832.exe
[2012/10/08 05:10:28 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\C55C.exe
[2012/10/08 04:47:29 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\BA63.exe
[2012/10/08 04:11:19 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\9DBC.exe
[2012/10/08 03:50:49 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\D6D4.exe
[2012/10/08 03:36:14 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\7E96.exe
[2012/10/07 23:03:43 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\A0.exe
[2012/10/07 22:44:04 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\BE.exe
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zzmbkjttcv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zyadeizbstq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zvxuplfqaiv.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmulmsalvp.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmpm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zlvlgaoro.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zhbezzk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zgtn.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zbu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yztg.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ywcotf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yruogei.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yqwnxmuqkr.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ynbpico.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yft.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfguqg.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfddtyco.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yeqc.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ybcwdcj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xrjmwls.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xratz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xnrwoffi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xkiazoygsu.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xitroqxj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\xibfo.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhxj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhliavnncf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhi.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhepiahgu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xei.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xdu.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbwudob.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbeumyws.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xabxrnwognq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wztapis.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvpmojcpagc.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvmaql.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wuienx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wtkvqxla.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmcwjfwebcg.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmaeoulj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjjkwjxof.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wgfzxqxc.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwvpxtf.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vuzy.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vtccpjjxhbl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vpymgh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vky.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vhgdwwy.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vexcv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vekhfmquvd.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uvhkeoo.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uuknvmo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\upqsk.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ujupkolaxz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uilhoi.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uhgxcxne.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ugh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\udixx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ubomomrwsdk.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uaqqwmjt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tubh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tttpgilubhz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tmksiwyo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tjerrruiu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tixbprzs.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgysztaa.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgp.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tcu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\szanch.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swrosmstc.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swmx.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\svh.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\surl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sthnpbr.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\srt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sqrvkkbktxz.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sntlrnm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\slfzi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skjqlknoa.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skcx.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sjzadmi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sfsz.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rzuc.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rvitifkhda.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ruwy.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rumiqlhw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rtsquze.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rpz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\rnni.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rnaxcorvnpm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rmkgnn.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\riffaw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rifbww.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rhw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rfbddh.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\refyhravcw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rckntimj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rbou.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qzegqoobxiy.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qxbus.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qttwzyei.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qsopsnklrnj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qrpcq.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqewpfdl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qpghwlpi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qnretzig.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qheefqe.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\qgqkumwr.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qbdvroefxtf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\pxluctu.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pvsbacopgo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\puxozpwjj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ptfcgaof.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psxulyb.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psuezqksw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqognjycvt.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqjjgvrcrr.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pplmagu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pjtdqi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\phcioojd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pefaimbebk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pedcjlq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pcpmvigyknw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pclkwlz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pathdekgnl.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oxxpcqneqfk.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ousspnt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otvbczqzr.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otorwgb.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofzxmm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofsbkfk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ooaomuyhvz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\onuhfaqdr.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olhdsirhbjm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olcfhmx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\okbzdweogsf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oicryjbsxhd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogn.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogknbwh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ocduhsoaeky.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ntpp.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\npuailglpt.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\netcd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ndpxrjvfik.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\narceunvfsr.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mxdvmytw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwzhlh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwuwz.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mvhxlyyr.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mpuqpwyjjoe.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mlfml.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\minowwpnhw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhymnl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhefcltipun.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mflohpswrxl.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mcrrrdylbyb.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbufohzbd.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbpbf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\maynwlp.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lxjydaq.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lwcnbd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvzw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvjfqnrfy.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lqya.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lnm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lmkwvtfa.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\liif.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lhlcj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lffhqjpt.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ldna.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ktkvvqws.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\kragnbr.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kppamcnflm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kokjkgnayl.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\knk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kkrk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kjvzwobzke.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kgqeevfnt.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kfkegdfzsmf.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kblu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kaddzumq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jxqxva.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvpytddxshm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvanbm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jscxtijpp.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jecbuzopv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jazdltqdat.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ixrmyzmuf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ivz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\itshnv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ithugwck.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\isnvgwxvzx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\imisiwl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ilppyukvb.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ikvd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ifvbafbi.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\iduxw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ict.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ibqvywo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxpuo.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxokmtz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hulemjbpzih.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htzs.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htubwk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hrfumedgw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hqwxnfwmq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hoboh.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hmzimwaq.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hiushfclfla.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hhxjfatux.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgdxppghmnp.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hfaptb.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hbqnkzjqm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gzswrdxw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxveh.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxiglgpq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gwegf.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gswxesatox.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gksspjwk.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gjrxn.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\giemuzl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ghdvcccqxcv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ggjxmqh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gecrm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gcgii.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gbx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fzzu.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fyvyvw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fqat.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnyj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnxe.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fmlgoxxnn.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fkuuzbgv.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fhagevihj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\fas.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ezafudvoiyt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\err.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\epuzw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ehe.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\egskehx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\eewo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\eesejbzog.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\edsljcdivuy.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\ecisfvuhpa.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dxrnzku.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dqajfj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmuuqmc.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmtlsnues.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dkfd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\djzobvavx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgppwo.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgckkqqq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dfswulgomz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\detwvkklv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\defhdp.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ctxnogspj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cqbt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cntaml.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\civwzqm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cfclssx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cdntf.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbqynozbpo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbgvboorrjj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bzyz.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\byoqvakieh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bxqecmpfn.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bulcyfilrrd.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsxkwl.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsmobir.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\blxcchdo.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\betjex.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\baxqskha.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\azuxhafgo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ayyyufnvi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\auemdu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aso.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\arembuqqlhl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\apluecjxljh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\akjgqsepny.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajnzyssdz.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajfm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aesvs.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aclcvmx.ini
[2012/07/13 10:09:05 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/10/17 21:20:25 | 000,003,316 | ---- | M] () -- C:\Windows\system32\tasks\DealPlyUpdate
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão fixotl.png

O programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log.

Poste também um novo log do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do OTL:

All processes killed

========== OTL ==========

Service AlxKill stopped successfully!

Service AlxKill deleted successfully!

File C:\Users\Léo\AppData\Roaming\driver.sys not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B54B081-AF74-0C4F-8608-479CB9AF069C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B54B081-AF74-0C4F-8608-479CB9AF069C}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0EB6806E-B904-4774-B0AF-7A9BB68C99EF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EB6806E-B904-4774-B0AF-7A9BB68C99EF}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B54B081-AF74-0C4F-8608-479CB9AF069C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B54B081-AF74-0C4F-8608-479CB9AF069C}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{72271B3A-3554-9520-BB57-5BC380905350}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72271B3A-3554-9520-BB57-5BC380905350}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F24CD44-FA98-4FFF-A181-DF25F8169D84}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F24CD44-FA98-4FFF-A181-DF25F8169D84}\ not found.

Prefs.js: "Speedbit" removed from browser.search.defaultenginename

Prefs.js: "http://home.speedbit...d=%s&shr=%d&q=" removed from browser.search.defaulturl

Prefs.js: "Speedbit" removed from browser.search.order.1

Prefs.js: "Speedbit" removed from browser.search.selectedEngine

Prefs.js: "http://home.speedbit...d=%s&shr=%d&q=" removed from keyword.URL

C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\dvdvideosofttb-customized-web-search.xml moved successfully.

C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\speedbit.xml moved successfully.

Use Chrome's Settings page to remove the default_search_provider items.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{802D2971-E7C7-4219-8D5C-AFDCD0DA939E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{802D2971-E7C7-4219-8D5C-AFDCD0DA939E}\ not found.

C:\Program Files\v9Soft folder moved successfully.

C:\Users\Léo\AppData\Local\PUTTY.RND moved successfully.

C:\Users\Léo\AppData\Roaming\3393.exe moved successfully.

C:\Users\Léo\AppData\Roaming\C7B3.exe moved successfully.

C:\Users\Léo\AppData\Roaming\EB1A.exe moved successfully.

C:\Users\Léo\AppData\Roaming\AC46.exe moved successfully.

C:\Users\Léo\AppData\Roaming\7C7C.exe moved successfully.

C:\Users\Léo\AppData\Roaming\6DBB.exe moved successfully.

C:\Users\Léo\AppData\Roaming\5E9D.exe moved successfully.

C:\Users\Léo\AppData\Roaming\51FE.exe moved successfully.

C:\Users\Léo\AppData\Roaming\40BE.exe moved successfully.

C:\Users\Léo\AppData\Roaming\2F7E.exe moved successfully.

C:\Users\Léo\AppData\Roaming\1FC4.exe moved successfully.

C:\Users\Léo\AppData\Roaming\6E4.exe moved successfully.

C:\Users\Léo\AppData\Roaming\F517.exe moved successfully.

C:\Users\Léo\AppData\Roaming\E8A7.exe moved successfully.

C:\Users\Léo\AppData\Roaming\D832.exe moved successfully.

C:\Users\Léo\AppData\Roaming\C55C.exe moved successfully.

C:\Users\Léo\AppData\Roaming\BA63.exe moved successfully.

C:\Users\Léo\AppData\Roaming\9DBC.exe moved successfully.

C:\Users\Léo\AppData\Roaming\D6D4.exe moved successfully.

C:\Users\Léo\AppData\Roaming\7E96.exe moved successfully.

C:\Users\Léo\AppData\Roaming\A0.exe moved successfully.

C:\Users\Léo\AppData\Roaming\BE.exe moved successfully.

C:\Windows\System32\zzmbkjttcv.ini moved successfully.

C:\Windows\System32\zyadeizbstq.ini moved successfully.

C:\Windows\System32\zvxuplfqaiv.dat moved successfully.

C:\Windows\System32\zmulmsalvp.ini moved successfully.

C:\Windows\System32\zmpm.dat moved successfully.

C:\Windows\System32\zlvlgaoro.dat moved successfully.

C:\Windows\System32\zhbezzk.ini moved successfully.

C:\Windows\System32\zgtn.dat moved successfully.

C:\Windows\System32\zbu.ini moved successfully.

C:\Windows\System32\yztg.dat moved successfully.

C:\Windows\System32\ywcotf.ini moved successfully.

C:\Windows\System32\yruogei.ini moved successfully.

C:\Windows\System32\yqwnxmuqkr.ini moved successfully.

C:\Windows\System32\ynbpico.ini moved successfully.

C:\Windows\System32\yft.ini moved successfully.

C:\Windows\System32\yfguqg.dat moved successfully.

C:\Windows\System32\yfddtyco.ini moved successfully.

C:\Windows\System32\yeqc.ini moved successfully.

C:\Windows\System32\ybcwdcj.ini moved successfully.

C:\Windows\System32\xrjmwls.ini moved successfully.

C:\Windows\System32\xratz.ini moved successfully.

C:\Windows\System32\xnrwoffi.ini moved successfully.

C:\Windows\System32\xkiazoygsu.dat moved successfully.

C:\Windows\System32\xitroqxj.dat moved successfully.

C:\Windows\xibfo.dat moved successfully.

C:\Windows\System32\xhxj.ini moved successfully.

C:\Windows\System32\xhliavnncf.ini moved successfully.

C:\Windows\System32\xhi.dat moved successfully.

C:\Windows\System32\xhepiahgu.ini moved successfully.

C:\Windows\System32\xei.ini moved successfully.

C:\Windows\System32\xdu.dat moved successfully.

C:\Windows\System32\xbwudob.ini moved successfully.

C:\Windows\System32\xbeumyws.ini moved successfully.

C:\Windows\System32\xabxrnwognq.ini moved successfully.

C:\Windows\System32\wztapis.ini moved successfully.

C:\Windows\System32\wvpmojcpagc.ini moved successfully.

C:\Windows\System32\wvmaql.ini moved successfully.

C:\Windows\System32\wuienx.ini moved successfully.

C:\Windows\System32\wtkvqxla.ini moved successfully.

C:\Windows\System32\wmcwjfwebcg.dat moved successfully.

C:\Windows\System32\wmaeoulj.ini moved successfully.

C:\Windows\System32\wjjkwjxof.dat moved successfully.

C:\Windows\System32\wjd.ini moved successfully.

C:\Windows\System32\wgfzxqxc.dat moved successfully.

C:\Windows\System32\vwx.ini moved successfully.

C:\Windows\System32\vwvpxtf.dat moved successfully.

C:\Windows\System32\vuzy.ini moved successfully.

C:\Windows\System32\vtccpjjxhbl.ini moved successfully.

C:\Windows\System32\vpymgh.ini moved successfully.

C:\Windows\System32\vky.dat moved successfully.

C:\Windows\System32\vhgdwwy.ini moved successfully.

C:\Windows\System32\vexcv.ini moved successfully.

C:\Windows\System32\vekhfmquvd.dat moved successfully.

C:\Windows\System32\uvhkeoo.dat moved successfully.

C:\Windows\System32\uuknvmo.ini moved successfully.

C:\Windows\System32\upqsk.dat moved successfully.

C:\Windows\System32\ujupkolaxz.ini moved successfully.

C:\Windows\System32\uilhoi.dat moved successfully.

C:\Windows\System32\uhgxcxne.ini moved successfully.

C:\Windows\System32\ugh.ini moved successfully.

C:\Windows\System32\udixx.ini moved successfully.

C:\Windows\System32\ubomomrwsdk.dat moved successfully.

C:\Windows\System32\uaqqwmjt.ini moved successfully.

C:\Windows\System32\tubh.ini moved successfully.

C:\Windows\System32\tttpgilubhz.ini moved successfully.

C:\Windows\System32\tmksiwyo.ini moved successfully.

C:\Windows\System32\tjerrruiu.ini moved successfully.

C:\Windows\System32\tixbprzs.dat moved successfully.

C:\Windows\System32\tgysztaa.ini moved successfully.

C:\Windows\System32\tgp.dat moved successfully.

C:\Windows\System32\tcu.ini moved successfully.

C:\Windows\System32\szanch.dat moved successfully.

C:\Windows\System32\swrosmstc.ini moved successfully.

C:\Windows\System32\swmx.dat moved successfully.

C:\Windows\System32\svh.dat moved successfully.

C:\Windows\System32\surl.ini moved successfully.

C:\Windows\System32\sthnpbr.ini moved successfully.

C:\Windows\System32\srt.ini moved successfully.

C:\Windows\System32\sqrvkkbktxz.dat moved successfully.

C:\Windows\System32\sntlrnm.dat moved successfully.

C:\Windows\System32\slfzi.ini moved successfully.

C:\Windows\System32\skjqlknoa.ini moved successfully.

C:\Windows\System32\skcx.dat moved successfully.

C:\Windows\System32\sjzadmi.ini moved successfully.

C:\Windows\System32\sfsz.dat moved successfully.

C:\Windows\System32\rzuc.ini moved successfully.

C:\Windows\System32\rvitifkhda.ini moved successfully.

C:\Windows\System32\ruwy.dat moved successfully.

C:\Windows\System32\rumiqlhw.dat moved successfully.

C:\Windows\System32\rtsquze.dat moved successfully.

C:\Windows\System32\rpz.ini moved successfully.

C:\Windows\rnni.ini moved successfully.

C:\Windows\System32\rnaxcorvnpm.ini moved successfully.

C:\Windows\System32\rmkgnn.ini moved successfully.

C:\Windows\System32\riffaw.ini moved successfully.

C:\Windows\System32\rifbww.ini moved successfully.

C:\Windows\System32\rhw.dat moved successfully.

C:\Windows\System32\rfbddh.dat moved successfully.

C:\Windows\refyhravcw.dat moved successfully.

C:\Windows\System32\rckntimj.dat moved successfully.

C:\Windows\System32\rbou.dat moved successfully.

C:\Windows\System32\qzegqoobxiy.ini moved successfully.

C:\Windows\System32\qxbus.dat moved successfully.

C:\Windows\System32\qttwzyei.dat moved successfully.

C:\Windows\System32\qsopsnklrnj.dat moved successfully.

C:\Windows\System32\qrpcq.dat moved successfully.

C:\Windows\System32\qqqt.ini moved successfully.

C:\Windows\System32\qqqewpfdl.ini moved successfully.

C:\Windows\System32\qpghwlpi.ini moved successfully.

C:\Windows\System32\qnretzig.ini moved successfully.

C:\Windows\System32\qheefqe.dat moved successfully.

C:\Windows\qgqkumwr.ini moved successfully.

C:\Windows\System32\qbdvroefxtf.ini moved successfully.

C:\Windows\pxluctu.dat moved successfully.

C:\Windows\System32\pvsbacopgo.ini moved successfully.

C:\Windows\System32\puxozpwjj.dat moved successfully.

C:\Windows\System32\ptfcgaof.dat moved successfully.

C:\Windows\System32\psxulyb.ini moved successfully.

C:\Windows\System32\psuezqksw.dat moved successfully.

C:\Windows\System32\pqognjycvt.dat moved successfully.

C:\Windows\System32\pqjjgvrcrr.ini moved successfully.

C:\Windows\System32\pplmagu.ini moved successfully.

C:\Windows\System32\pjtdqi.ini moved successfully.

C:\Windows\System32\phcioojd.ini moved successfully.

C:\Windows\System32\pefaimbebk.ini moved successfully.

C:\Windows\System32\pedcjlq.ini moved successfully.

C:\Windows\System32\pcpmvigyknw.dat moved successfully.

C:\Windows\System32\pclkwlz.ini moved successfully.

C:\Windows\System32\pathdekgnl.dat moved successfully.

C:\Windows\System32\oxxpcqneqfk.dat moved successfully.

C:\Windows\System32\ousspnt.ini moved successfully.

C:\Windows\System32\otvbczqzr.dat moved successfully.

C:\Windows\System32\otorwgb.ini moved successfully.

C:\Windows\System32\oofzxmm.dat moved successfully.

C:\Windows\System32\oofsbkfk.ini moved successfully.

C:\Windows\System32\ooaomuyhvz.ini moved successfully.

C:\Windows\System32\onuhfaqdr.dat moved successfully.

C:\Windows\System32\olhdsirhbjm.dat moved successfully.

C:\Windows\System32\olcfhmx.ini moved successfully.

C:\Windows\System32\okbzdweogsf.ini moved successfully.

C:\Windows\System32\oicryjbsxhd.ini moved successfully.

C:\Windows\System32\ogn.ini moved successfully.

C:\Windows\System32\ogknbwh.ini moved successfully.

C:\Windows\System32\ocduhsoaeky.ini moved successfully.

C:\Windows\System32\ntpp.ini moved successfully.

C:\Windows\System32\npuailglpt.dat moved successfully.

C:\Windows\System32\netcd.ini moved successfully.

C:\Windows\System32\ndpxrjvfik.dat moved successfully.

C:\Windows\System32\narceunvfsr.ini moved successfully.

C:\Windows\System32\mxdvmytw.ini moved successfully.

C:\Windows\System32\mwzhlh.ini moved successfully.

C:\Windows\System32\mwuwz.dat moved successfully.

C:\Windows\System32\mvhxlyyr.dat moved successfully.

C:\Windows\System32\mpuqpwyjjoe.ini moved successfully.

C:\Windows\System32\mlfml.ini moved successfully.

C:\Windows\System32\minowwpnhw.dat moved successfully.

C:\Windows\System32\mhymnl.ini moved successfully.

C:\Windows\System32\mhefcltipun.ini moved successfully.

C:\Windows\System32\mflohpswrxl.dat moved successfully.

C:\Windows\System32\mcrrrdylbyb.dat moved successfully.

C:\Windows\System32\mbufohzbd.dat moved successfully.

C:\Windows\System32\mbpbf.ini moved successfully.

C:\Windows\System32\maynwlp.ini moved successfully.

C:\Windows\System32\lxjydaq.dat moved successfully.

C:\Windows\System32\lwcnbd.ini moved successfully.

C:\Windows\System32\lvzw.dat moved successfully.

C:\Windows\System32\lvjfqnrfy.dat moved successfully.

C:\Windows\System32\lqya.dat moved successfully.

C:\Windows\System32\lnm.ini moved successfully.

C:\Windows\System32\lmkwvtfa.ini moved successfully.

C:\Windows\System32\liif.ini moved successfully.

C:\Windows\System32\lhlcj.ini moved successfully.

C:\Windows\System32\lffhqjpt.dat moved successfully.

C:\Windows\System32\ldna.ini moved successfully.

C:\Windows\System32\ktkvvqws.dat moved successfully.

C:\Windows\kragnbr.dat moved successfully.

C:\Windows\System32\kppamcnflm.dat moved successfully.

C:\Windows\System32\kokjkgnayl.dat moved successfully.

C:\Windows\System32\knk.ini moved successfully.

C:\Windows\System32\kkrk.ini moved successfully.

C:\Windows\System32\kjvzwobzke.ini moved successfully.

C:\Windows\System32\kgqeevfnt.dat moved successfully.

C:\Windows\System32\kfkegdfzsmf.dat moved successfully.

C:\Windows\System32\kblu.ini moved successfully.

C:\Windows\System32\kaddzumq.ini moved successfully.

C:\Windows\System32\jxqxva.ini moved successfully.

C:\Windows\System32\jvpytddxshm.ini moved successfully.

C:\Windows\System32\jvanbm.ini moved successfully.

C:\Windows\System32\jscxtijpp.ini moved successfully.

C:\Windows\System32\jecbuzopv.ini moved successfully.

C:\Windows\System32\jazdltqdat.ini moved successfully.

C:\Windows\System32\ixrmyzmuf.ini moved successfully.

C:\Windows\System32\ivz.ini moved successfully.

C:\Windows\System32\itshnv.ini moved successfully.

C:\Windows\System32\ithugwck.dat moved successfully.

C:\Windows\System32\isnvgwxvzx.ini moved successfully.

C:\Windows\System32\imisiwl.ini moved successfully.

C:\Windows\System32\ilppyukvb.ini moved successfully.

C:\Windows\System32\ikvd.ini moved successfully.

C:\Windows\System32\ifvbafbi.dat moved successfully.

C:\Windows\System32\iduxw.ini moved successfully.

C:\Windows\System32\ict.ini moved successfully.

C:\Windows\System32\ibqvywo.ini moved successfully.

C:\Windows\System32\hxpuo.dat moved successfully.

C:\Windows\System32\hxokmtz.ini moved successfully.

C:\Windows\System32\hulemjbpzih.dat moved successfully.

C:\Windows\System32\htzs.dat moved successfully.

C:\Windows\System32\htubwk.ini moved successfully.

C:\Windows\System32\hrfumedgw.ini moved successfully.

C:\Windows\System32\hqwxnfwmq.ini moved successfully.

C:\Windows\System32\hoboh.dat moved successfully.

C:\Windows\System32\hmzimwaq.dat moved successfully.

C:\Windows\System32\hiushfclfla.ini moved successfully.

C:\Windows\System32\hhxjfatux.dat moved successfully.

C:\Windows\System32\hgu.ini moved successfully.

C:\Windows\System32\hgdxppghmnp.dat moved successfully.

C:\Windows\System32\hfaptb.dat moved successfully.

C:\Windows\System32\hbqnkzjqm.dat moved successfully.

C:\Windows\System32\gzswrdxw.ini moved successfully.

C:\Windows\System32\gxveh.dat moved successfully.

C:\Windows\System32\gxiglgpq.ini moved successfully.

C:\Windows\System32\gwegf.dat moved successfully.

C:\Windows\System32\gswxesatox.ini moved successfully.

C:\Windows\System32\gksspjwk.dat moved successfully.

C:\Windows\System32\gjrxn.dat moved successfully.

C:\Windows\System32\giemuzl.ini moved successfully.

C:\Windows\System32\ghdvcccqxcv.ini moved successfully.

C:\Windows\System32\ggjxmqh.ini moved successfully.

C:\Windows\System32\gecrm.ini moved successfully.

C:\Windows\System32\gcgii.ini moved successfully.

C:\Windows\System32\gbx.ini moved successfully.

C:\Windows\System32\fzzu.dat moved successfully.

C:\Windows\System32\fyvyvw.ini moved successfully.

C:\Windows\System32\fqat.dat moved successfully.

C:\Windows\System32\fnyj.ini moved successfully.

C:\Windows\System32\fnxe.dat moved successfully.

C:\Windows\System32\fmlgoxxnn.ini moved successfully.

C:\Windows\System32\fkuuzbgv.dat moved successfully.

C:\Windows\System32\fhagevihj.dat moved successfully.

C:\Windows\fas.ini moved successfully.

C:\Windows\System32\ezafudvoiyt.ini moved successfully.

C:\Windows\err.ini moved successfully.

C:\Windows\System32\epuzw.ini moved successfully.

C:\Windows\System32\ehe.dat moved successfully.

C:\Windows\System32\egskehx.ini moved successfully.

C:\Windows\eewo.ini moved successfully.

C:\Windows\System32\eesejbzog.ini moved successfully.

C:\Windows\System32\edsljcdivuy.ini moved successfully.

C:\Windows\ecisfvuhpa.ini moved successfully.

C:\Windows\System32\dxrnzku.ini moved successfully.

C:\Windows\System32\dqajfj.ini moved successfully.

C:\Windows\System32\dmuuqmc.ini moved successfully.

C:\Windows\System32\dmtlsnues.dat moved successfully.

C:\Windows\System32\dkfd.ini moved successfully.

C:\Windows\System32\djzobvavx.ini moved successfully.

C:\Windows\System32\dgppwo.dat moved successfully.

C:\Windows\System32\dgckkqqq.ini moved successfully.

C:\Windows\System32\dfswulgomz.ini moved successfully.

C:\Windows\System32\detwvkklv.ini moved successfully.

C:\Windows\System32\defhdp.ini moved successfully.

C:\Windows\System32\ctxnogspj.ini moved successfully.

C:\Windows\System32\cqbt.ini moved successfully.

C:\Windows\System32\cntaml.ini moved successfully.

C:\Windows\System32\civwzqm.ini moved successfully.

C:\Windows\System32\cfclssx.ini moved successfully.

C:\Windows\System32\cdntf.dat moved successfully.

C:\Windows\System32\cbqynozbpo.ini moved successfully.

C:\Windows\System32\cbgvboorrjj.dat moved successfully.

C:\Windows\System32\bzyz.dat moved successfully.

C:\Windows\System32\byoqvakieh.ini moved successfully.

C:\Windows\System32\bxqecmpfn.ini moved successfully.

C:\Windows\System32\bulcyfilrrd.dat moved successfully.

C:\Windows\System32\bsxkwl.dat moved successfully.

C:\Windows\System32\bsmobir.dat moved successfully.

C:\Windows\System32\blxcchdo.dat moved successfully.

C:\Windows\System32\betjex.ini moved successfully.

C:\Windows\baxqskha.dat moved successfully.

C:\Windows\System32\azuxhafgo.ini moved successfully.

C:\Windows\System32\ayyyufnvi.ini moved successfully.

C:\Windows\System32\auemdu.ini moved successfully.

C:\Windows\System32\aso.dat moved successfully.

C:\Windows\System32\arembuqqlhl.ini moved successfully.

C:\Windows\System32\apluecjxljh.ini moved successfully.

C:\Windows\System32\akjgqsepny.ini moved successfully.

C:\Windows\System32\ajnzyssdz.dat moved successfully.

C:\Windows\System32\ajfm.ini moved successfully.

C:\Windows\System32\aesvs.dat moved successfully.

C:\Windows\System32\aclcvmx.ini moved successfully.

C:\.rnd moved successfully.

File C:\Windows\system32\tasks\DealPlyUpdate not found.

ADS C:\ProgramData\TEMP:56E2E879 deleted successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Léo

->Temp folder emptied: 109143111 bytes

->Temporary Internet Files folder emptied: 20341244 bytes

->Java cache emptied: 1004406 bytes

->FireFox cache emptied: 77675653 bytes

->Google Chrome cache emptied: 350536598 bytes

->Flash cache emptied: 1472 bytes

User: L‚o

User: Public

User: Teste Warcraft

->Temp folder emptied: 538090743 bytes

->Temporary Internet Files folder emptied: 16745153 bytes

->Java cache emptied: 455474 bytes

->FireFox cache emptied: 61444889 bytes

->Google Chrome cache emptied: 364667308 bytes

->Flash cache emptied: 1908 bytes

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 795976 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6934296 bytes

RecycleBin emptied: 242745313 bytes

Total Files Cleaned = 1.708,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11042012_201409

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Log do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 20:33:23, on 04/11/2012

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe

C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe

C:\Windows\notepad.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\FSP\FspUip.exe

C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Program Files\DAP\DAP.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Keyboard status\Key_status.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Léo\Downloads\HijackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.../?pid=%s&aid=%s

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=947195188

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: 173.212.255.178 embedded.garena.com

O1 - Hosts: 173.212.255.178 embedded.garenanow.com

O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\GinyasBrowserCompanion\jsloader.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\GinyasBrowserCompanion\updatebhoWin32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Acelerador de Downloads\iefdm2.dll

O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe"

O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe

O4 - HKCU\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: tbhcn.lnk = ?

O4 - Global Startup: Key_status.lnk = C:\Program Files\Keyboard status\Key_status.exe

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\GinyasBrowserCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\GinyasBrowserCompanion\tdataprotocol.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\GinyasBrowserCompanion\tdataprotocol.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Editado por Supra

Compartilhar este post


Link para o post
Compartilhar em outros sites

Supra,

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.* /s

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.com

%systemroot%\*.scr

%PROGRAMFILES%\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

%systemroot%\system32\tasks\*.* /s

%windir%\tasks\*.* /s

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP

HKCU\Software\Microsoft\Internet Explorer\Downloads

/md5start

services.*

/md5stop

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ciro, desculpe, mas quando eu colei o texto no OTL, depois acabei clicando sem querer em "consertar" em vez de clicar no "verificar". Depois disso, apareceu uma mensagem de sucesso (falando que foi consertado, algo assim), daí então eu colei novamente e aí cliquei em "verificar". O processo de verificação iniciou e, quando terminou, só abriu o OTL.txt.

OTL.Txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Supra,

Você não me deve desculpas, porém é interessante ter cuidado ao seguir as instruções, em uma bobeira dessas você poderá inutilizar seu sistema operacional. Sugiro também mais cuidado com os programas que instala para evitar a instalação de adwares no PC.

-----------

Selecione e copie o texto dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.

:OTL
PRC - [2012/10/21 10:52:20 | 000,741,056 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe
MOD - [2012/10/21 10:52:20 | 000,741,056 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/
IE - HKLM\..\SearchScopes\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DyDyCyDyBtCyEtCtA0A0EtN0D0Tzu0CtAtDzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=947195188
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?pid=%s&aid=%s
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {33D59858-89D9-4AC2-A956-93875EB02323}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=4412_1&babsrc=SP_ss&mntrId=823513ae00000000000000ff49f58324
IE - HKCU\..\SearchScopes\{33D59858-89D9-4AC2-A956-93875EB02323}: "URL" = http://find.localstrike.net/?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}: "URL" = http://isearch.avg.com/search?cid={59501A9A-D290-4C36-8208-2E5EDB7007CA}&mid=8562cc90ffe247d0a7ced1a90aeba32d-57ecd0b1cdd608290096e7ae5f4c5b5e6ab1bed3&lang=en&ds=ft011&pr=sa&d=2012-11-04 01:46:12&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DyDyCyDyBtCyEtCtA0A0EtN0D0Tzu0CtAtDzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=947195188
FF - prefs.js..browser.search.defaultenginename: "Speedbit"
FF - prefs.js..browser.search.defaulturl: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
FF - prefs.js..browser.search.order.1: "Speedbit"
FF - prefs.js..browser.search.selectedEngine: "Speedbit"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.speedbit.com/?pid=%s&aid=%s"
FF - prefs.js..keyword.URL: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
[2012/11/04 03:16:16 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Léo\AppData\Roaming\mozilla\Firefox\Profiles\kkze6pft.default\extensions\bbrs_002@blabbers.com
[2012/11/04 03:14:53 | 000,009,787 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\Funmoods.xml
[2011/08/30 17:37:02 | 000,002,156 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\localstrike-search.xml
[2012/11/04 01:45:34 | 000,003,546 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/11/04 03:16:14 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/22 01:05:39 | 000,000,429 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
CHR - homepage: http://find.localstrike.net/
CHR - default_search_provider: LocalStrike Search (Enabled)
CHR - default_search_provider: search_url = http://find.localstrike.net/?q={searchTerms}
CHR - homepage: http://find.localstrike.net/
CHR - Extension: Funmoods = C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: Ginyas Browser Companion = C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
O2 - BHO: (Ginyas Browser Companion) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Arquivos de Programas\GinyasBrowserCompanion\jsloader.dll ( )
O2 - BHO: (Ginyas Browser Companion Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Arquivos de Programas\GinyasBrowserCompanion\updatebhoWin32.dll ( )
O4 - Startup: C:\Users\Léo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe ()
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
[2012/11/04 03:16:14 | 000,000,000 | ---D | C] -- C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion
[2012/11/04 03:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\GinyasBrowserCompanion
[2012/11/04 03:16:05 | 000,000,000 | ---D | C] -- C:\Users\Léo\AppData\Roaming\Babylon
[2012/11/04 03:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/08/25 03:17:55 | 000,000,000 | ---D | C] -- C:\Users\Léo\AppData\Roaming\Positivo
[2012/08/25 03:17:09 | 000,000,000 | ---D | C] -- C:\Positivo
[2012/11/05 18:54:07 | 000,000,600 | ---- | M] () -- C:\Users\Léo\AppData\Local\PUTTY.RND
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zzmbkjttcv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zyadeizbstq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zvxuplfqaiv.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zmulmsalvp.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zmpm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zlvlgaoro.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zhbezzk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zgtn.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zbu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yztg.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ywcotf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yruogei.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yqwnxmuqkr.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ynbpico.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yft.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yfguqg.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yfddtyco.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yeqc.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ybcwdcj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xrjmwls.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xratz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xnrwoffi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xkiazoygsu.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xitroqxj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\xibfo.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xhxj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xhliavnncf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xhi.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xhepiahgu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xei.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xdu.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xbwudob.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xbeumyws.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xabxrnwognq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wztapis.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wvpmojcpagc.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wvmaql.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wuienx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wtkvqxla.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wmcwjfwebcg.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wmaeoulj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wjjkwjxof.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wjd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wgfzxqxc.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vwx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vwvpxtf.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vuzy.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vtccpjjxhbl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vpymgh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vky.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vhgdwwy.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vexcv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vekhfmquvd.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\uvhkeoo.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\uuknvmo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\upqsk.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ujupkolaxz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\uilhoi.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\uhgxcxne.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ugh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\udixx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ubomomrwsdk.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\uaqqwmjt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tubh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tttpgilubhz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tmksiwyo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tjerrruiu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tixbprzs.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tgysztaa.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tgp.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tcu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\szanch.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\swrosmstc.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\swmx.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\svh.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\surl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\sthnpbr.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\srt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\sqrvkkbktxz.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\sntlrnm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\slfzi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\skjqlknoa.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\skcx.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\sjzadmi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\sfsz.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rzuc.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rvitifkhda.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ruwy.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rumiqlhw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rtsquze.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rpz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\rnni.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rnaxcorvnpm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rmkgnn.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\riffaw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rifbww.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rhw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rfbddh.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\refyhravcw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rckntimj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rbou.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qzegqoobxiy.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qxbus.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qttwzyei.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qsopsnklrnj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qrpcq.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qqqt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qqqewpfdl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qpghwlpi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qnretzig.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qheefqe.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\qgqkumwr.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qbdvroefxtf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\pxluctu.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pvsbacopgo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\puxozpwjj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ptfcgaof.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\psxulyb.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\psuezqksw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pqognjycvt.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pqjjgvrcrr.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pplmagu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pjtdqi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\phcioojd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pefaimbebk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pedcjlq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pcpmvigyknw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pclkwlz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pathdekgnl.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\oxxpcqneqfk.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ousspnt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\otvbczqzr.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\otorwgb.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\oofzxmm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\oofsbkfk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ooaomuyhvz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\onuhfaqdr.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\olhdsirhbjm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\olcfhmx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\okbzdweogsf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\oicryjbsxhd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ogn.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ogknbwh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ocduhsoaeky.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ntpp.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\npuailglpt.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\netcd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ndpxrjvfik.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\narceunvfsr.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mxdvmytw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mwzhlh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mwuwz.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mvhxlyyr.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mpuqpwyjjoe.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mlfml.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\minowwpnhw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mhymnl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mhefcltipun.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mflohpswrxl.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mcrrrdylbyb.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mbufohzbd.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mbpbf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\maynwlp.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lxjydaq.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lwcnbd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lvzw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lvjfqnrfy.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lqya.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lnm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lmkwvtfa.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\liif.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lhlcj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lffhqjpt.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ldna.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ktkvvqws.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\kragnbr.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kppamcnflm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kokjkgnayl.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\knk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kkrk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kjvzwobzke.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kgqeevfnt.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kfkegdfzsmf.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kblu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kaddzumq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jxqxva.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jvpytddxshm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jvanbm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jscxtijpp.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jecbuzopv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jazdltqdat.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ixrmyzmuf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ivz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\itshnv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ithugwck.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\isnvgwxvzx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\imisiwl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ilppyukvb.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ikvd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ifvbafbi.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\iduxw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ict.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ibqvywo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hxpuo.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hxokmtz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hulemjbpzih.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\htzs.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\htubwk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hrfumedgw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hqwxnfwmq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hoboh.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hmzimwaq.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hiushfclfla.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hhxjfatux.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hgu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hgdxppghmnp.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hfaptb.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hbqnkzjqm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gzswrdxw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gxveh.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gxiglgpq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gwegf.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gswxesatox.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gksspjwk.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gjrxn.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\giemuzl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ghdvcccqxcv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ggjxmqh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gecrm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gcgii.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gbx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fzzu.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fyvyvw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fqat.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fnyj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fnxe.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fmlgoxxnn.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fkuuzbgv.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fhagevihj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\fas.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ezafudvoiyt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\err.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\epuzw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ehe.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\egskehx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\eewo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\eesejbzog.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\edsljcdivuy.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\ecisfvuhpa.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dxrnzku.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dqajfj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dmuuqmc.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dmtlsnues.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dkfd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\djzobvavx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dgppwo.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dgckkqqq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dfswulgomz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\detwvkklv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\defhdp.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ctxnogspj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cqbt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cntaml.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\civwzqm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cfclssx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cdntf.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cbqynozbpo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cbgvboorrjj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\bzyz.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\byoqvakieh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\bxqecmpfn.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\bulcyfilrrd.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\bsxkwl.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\bsmobir.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\blxcchdo.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\betjex.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\baxqskha.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\azuxhafgo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ayyyufnvi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\auemdu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\aso.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\arembuqqlhl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\apluecjxljh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\akjgqsepny.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ajnzyssdz.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ajfm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\aesvs.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\aclcvmx.ini
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão fixotl.png

O programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

Compartilhar este post


Link para o post
Compartilhar em outros sites

All processes killed

========== OTL ==========

No active process named tbhcn.exe was found!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33D59858-89D9-4AC2-A956-93875EB02323}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33D59858-89D9-4AC2-A956-93875EB02323}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Prefs.js: "Speedbit" removed from browser.search.defaultenginename

Prefs.js: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q=" removed from browser.search.defaulturl

Prefs.js: "Speedbit" removed from browser.search.order.1

Prefs.js: "Speedbit" removed from browser.search.selectedEngine

Prefs.js: true removed from browser.search.useDBForOrder

Prefs.js: "http://home.speedbit.com/?pid=%s&aid=%s" removed from browser.startup.homepage

Prefs.js: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q=" removed from keyword.URL

Folder C:\Users\Léo\AppData\Roaming\mozilla\Firefox\Profiles\kkze6pft.default\extensions\bbrs_002@blabbers.com\ not found.

File C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\Funmoods.xml not found.

File C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\localstrike-search.xml not found.

File C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml not found.

File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.

File C:\Program Files\mozilla firefox\searchplugins\v9.xml not found.

Use Chrome's Settings page to change the HomePage.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to change the HomePage.

File C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0 not found.

File C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0 not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ not found.

File C:\Arquivos de Programas\GinyasBrowserCompanion\jsloader.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}\ not found.

File C:\Arquivos de Programas\GinyasBrowserCompanion\updatebhoWin32.dll not found.

File move failed. C:\Users\Léo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk scheduled to be moved on reboot.

File C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe not found.

File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ not found.

File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.

File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ not found.

File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.

File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox\ not found.

File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.

Folder C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\ not found.

Folder C:\Program Files\GinyasBrowserCompanion\ not found.

Folder C:\Users\Léo\AppData\Roaming\Babylon\ not found.

Folder C:\ProgramData\Babylon\ not found.

Folder C:\Users\Léo\AppData\Roaming\Positivo\ not found.

Folder C:\Positivo\ not found.

File C:\Users\Léo\AppData\Local\PUTTY.RND not found.

File C:\Windows\System32\zzmbkjttcv.ini not found.

File C:\Windows\System32\zyadeizbstq.ini not found.

File C:\Windows\System32\zvxuplfqaiv.dat not found.

File C:\Windows\System32\zmulmsalvp.ini not found.

File C:\Windows\System32\zmpm.dat not found.

File C:\Windows\System32\zlvlgaoro.dat not found.

File C:\Windows\System32\zhbezzk.ini not found.

File C:\Windows\System32\zgtn.dat not found.

File C:\Windows\System32\zbu.ini not found.

File C:\Windows\System32\yztg.dat not found.

File C:\Windows\System32\ywcotf.ini not found.

File C:\Windows\System32\yruogei.ini not found.

File C:\Windows\System32\yqwnxmuqkr.ini not found.

File C:\Windows\System32\ynbpico.ini not found.

File C:\Windows\System32\yft.ini not found.

File C:\Windows\System32\yfguqg.dat not found.

File C:\Windows\System32\yfddtyco.ini not found.

File C:\Windows\System32\yeqc.ini not found.

File C:\Windows\System32\ybcwdcj.ini not found.

File C:\Windows\System32\xrjmwls.ini not found.

File C:\Windows\System32\xratz.ini not found.

File C:\Windows\System32\xnrwoffi.ini not found.

File C:\Windows\System32\xkiazoygsu.dat not found.

File C:\Windows\System32\xitroqxj.dat not found.

File C:\Windows\xibfo.dat not found.

File C:\Windows\System32\xhxj.ini not found.

File C:\Windows\System32\xhliavnncf.ini not found.

File C:\Windows\System32\xhi.dat not found.

File C:\Windows\System32\xhepiahgu.ini not found.

File C:\Windows\System32\xei.ini not found.

File C:\Windows\System32\xdu.dat not found.

File C:\Windows\System32\xbwudob.ini not found.

File C:\Windows\System32\xbeumyws.ini not found.

File C:\Windows\System32\xabxrnwognq.ini not found.

File C:\Windows\System32\wztapis.ini not found.

File C:\Windows\System32\wvpmojcpagc.ini not found.

File C:\Windows\System32\wvmaql.ini not found.

File C:\Windows\System32\wuienx.ini not found.

File C:\Windows\System32\wtkvqxla.ini not found.

File C:\Windows\System32\wmcwjfwebcg.dat not found.

File C:\Windows\System32\wmaeoulj.ini not found.

File C:\Windows\System32\wjjkwjxof.dat not found.

File C:\Windows\System32\wjd.ini not found.

File C:\Windows\System32\wgfzxqxc.dat not found.

File C:\Windows\System32\vwx.ini not found.

File C:\Windows\System32\vwvpxtf.dat not found.

File C:\Windows\System32\vuzy.ini not found.

File C:\Windows\System32\vtccpjjxhbl.ini not found.

File C:\Windows\System32\vpymgh.ini not found.

File C:\Windows\System32\vky.dat not found.

File C:\Windows\System32\vhgdwwy.ini not found.

File C:\Windows\System32\vexcv.ini not found.

File C:\Windows\System32\vekhfmquvd.dat not found.

File C:\Windows\System32\uvhkeoo.dat not found.

File C:\Windows\System32\uuknvmo.ini not found.

File C:\Windows\System32\upqsk.dat not found.

File C:\Windows\System32\ujupkolaxz.ini not found.

File C:\Windows\System32\uilhoi.dat not found.

File C:\Windows\System32\uhgxcxne.ini not found.

File C:\Windows\System32\ugh.ini not found.

File C:\Windows\System32\udixx.ini not found.

File C:\Windows\System32\ubomomrwsdk.dat not found.

File C:\Windows\System32\uaqqwmjt.ini not found.

File C:\Windows\System32\tubh.ini not found.

File C:\Windows\System32\tttpgilubhz.ini not found.

File C:\Windows\System32\tmksiwyo.ini not found.

File C:\Windows\System32\tjerrruiu.ini not found.

File C:\Windows\System32\tixbprzs.dat not found.

File C:\Windows\System32\tgysztaa.ini not found.

File C:\Windows\System32\tgp.dat not found.

File C:\Windows\System32\tcu.ini not found.

File C:\Windows\System32\szanch.dat not found.

File C:\Windows\System32\swrosmstc.ini not found.

File C:\Windows\System32\swmx.dat not found.

File C:\Windows\System32\svh.dat not found.

File C:\Windows\System32\surl.ini not found.

File C:\Windows\System32\sthnpbr.ini not found.

File C:\Windows\System32\srt.ini not found.

File C:\Windows\System32\sqrvkkbktxz.dat not found.

File C:\Windows\System32\sntlrnm.dat not found.

File C:\Windows\System32\slfzi.ini not found.

File C:\Windows\System32\skjqlknoa.ini not found.

File C:\Windows\System32\skcx.dat not found.

File C:\Windows\System32\sjzadmi.ini not found.

File C:\Windows\System32\sfsz.dat not found.

File C:\Windows\System32\rzuc.ini not found.

File C:\Windows\System32\rvitifkhda.ini not found.

File C:\Windows\System32\ruwy.dat not found.

File C:\Windows\System32\rumiqlhw.dat not found.

File C:\Windows\System32\rtsquze.dat not found.

File C:\Windows\System32\rpz.ini not found.

File C:\Windows\rnni.ini not found.

File C:\Windows\System32\rnaxcorvnpm.ini not found.

File C:\Windows\System32\rmkgnn.ini not found.

File C:\Windows\System32\riffaw.ini not found.

File C:\Windows\System32\rifbww.ini not found.

File C:\Windows\System32\rhw.dat not found.

File C:\Windows\System32\rfbddh.dat not found.

File C:\Windows\refyhravcw.dat not found.

File C:\Windows\System32\rckntimj.dat not found.

File C:\Windows\System32\rbou.dat not found.

File C:\Windows\System32\qzegqoobxiy.ini not found.

File C:\Windows\System32\qxbus.dat not found.

File C:\Windows\System32\qttwzyei.dat not found.

File C:\Windows\System32\qsopsnklrnj.dat not found.

File C:\Windows\System32\qrpcq.dat not found.

File C:\Windows\System32\qqqt.ini not found.

File C:\Windows\System32\qqqewpfdl.ini not found.

File C:\Windows\System32\qpghwlpi.ini not found.

File C:\Windows\System32\qnretzig.ini not found.

File C:\Windows\System32\qheefqe.dat not found.

File C:\Windows\qgqkumwr.ini not found.

File C:\Windows\System32\qbdvroefxtf.ini not found.

File C:\Windows\pxluctu.dat not found.

File C:\Windows\System32\pvsbacopgo.ini not found.

File C:\Windows\System32\puxozpwjj.dat not found.

File C:\Windows\System32\ptfcgaof.dat not found.

File C:\Windows\System32\psxulyb.ini not found.

File C:\Windows\System32\psuezqksw.dat not found.

File C:\Windows\System32\pqognjycvt.dat not found.

File C:\Windows\System32\pqjjgvrcrr.ini not found.

File C:\Windows\System32\pplmagu.ini not found.

File C:\Windows\System32\pjtdqi.ini not found.

File C:\Windows\System32\phcioojd.ini not found.

File C:\Windows\System32\pefaimbebk.ini not found.

File C:\Windows\System32\pedcjlq.ini not found.

File C:\Windows\System32\pcpmvigyknw.dat not found.

File C:\Windows\System32\pclkwlz.ini not found.

File C:\Windows\System32\pathdekgnl.dat not found.

File C:\Windows\System32\oxxpcqneqfk.dat not found.

File C:\Windows\System32\ousspnt.ini not found.

File C:\Windows\System32\otvbczqzr.dat not found.

File C:\Windows\System32\otorwgb.ini not found.

File C:\Windows\System32\oofzxmm.dat not found.

File C:\Windows\System32\oofsbkfk.ini not found.

File C:\Windows\System32\ooaomuyhvz.ini not found.

File C:\Windows\System32\onuhfaqdr.dat not found.

File C:\Windows\System32\olhdsirhbjm.dat not found.

File C:\Windows\System32\olcfhmx.ini not found.

File C:\Windows\System32\okbzdweogsf.ini not found.

File C:\Windows\System32\oicryjbsxhd.ini not found.

File C:\Windows\System32\ogn.ini not found.

File C:\Windows\System32\ogknbwh.ini not found.

File C:\Windows\System32\ocduhsoaeky.ini not found.

File C:\Windows\System32\ntpp.ini not found.

File C:\Windows\System32\npuailglpt.dat not found.

File C:\Windows\System32\netcd.ini not found.

File C:\Windows\System32\ndpxrjvfik.dat not found.

File C:\Windows\System32\narceunvfsr.ini not found.

File C:\Windows\System32\mxdvmytw.ini not found.

File C:\Windows\System32\mwzhlh.ini not found.

File C:\Windows\System32\mwuwz.dat not found.

File C:\Windows\System32\mvhxlyyr.dat not found.

File C:\Windows\System32\mpuqpwyjjoe.ini not found.

File C:\Windows\System32\mlfml.ini not found.

File C:\Windows\System32\minowwpnhw.dat not found.

File C:\Windows\System32\mhymnl.ini not found.

File C:\Windows\System32\mhefcltipun.ini not found.

File C:\Windows\System32\mflohpswrxl.dat not found.

File C:\Windows\System32\mcrrrdylbyb.dat not found.

File C:\Windows\System32\mbufohzbd.dat not found.

File C:\Windows\System32\mbpbf.ini not found.

File C:\Windows\System32\maynwlp.ini not found.

File C:\Windows\System32\lxjydaq.dat not found.

File C:\Windows\System32\lwcnbd.ini not found.

File C:\Windows\System32\lvzw.dat not found.

File C:\Windows\System32\lvjfqnrfy.dat not found.

File C:\Windows\System32\lqya.dat not found.

File C:\Windows\System32\lnm.ini not found.

File C:\Windows\System32\lmkwvtfa.ini not found.

File C:\Windows\System32\liif.ini not found.

File C:\Windows\System32\lhlcj.ini not found.

File C:\Windows\System32\lffhqjpt.dat not found.

File C:\Windows\System32\ldna.ini not found.

File C:\Windows\System32\ktkvvqws.dat not found.

File C:\Windows\kragnbr.dat not found.

File C:\Windows\System32\kppamcnflm.dat not found.

File C:\Windows\System32\kokjkgnayl.dat not found.

File C:\Windows\System32\knk.ini not found.

File C:\Windows\System32\kkrk.ini not found.

File C:\Windows\System32\kjvzwobzke.ini not found.

File C:\Windows\System32\kgqeevfnt.dat not found.

File C:\Windows\System32\kfkegdfzsmf.dat not found.

File C:\Windows\System32\kblu.ini not found.

File C:\Windows\System32\kaddzumq.ini not found.

File C:\Windows\System32\jxqxva.ini not found.

File C:\Windows\System32\jvpytddxshm.ini not found.

File C:\Windows\System32\jvanbm.ini not found.

File C:\Windows\System32\jscxtijpp.ini not found.

File C:\Windows\System32\jecbuzopv.ini not found.

File C:\Windows\System32\jazdltqdat.ini not found.

File C:\Windows\System32\ixrmyzmuf.ini not found.

File C:\Windows\System32\ivz.ini not found.

File C:\Windows\System32\itshnv.ini not found.

File C:\Windows\System32\ithugwck.dat not found.

File C:\Windows\System32\isnvgwxvzx.ini not found.

File C:\Windows\System32\imisiwl.ini not found.

File C:\Windows\System32\ilppyukvb.ini not found.

File C:\Windows\System32\ikvd.ini not found.

File C:\Windows\System32\ifvbafbi.dat not found.

File C:\Windows\System32\iduxw.ini not found.

File C:\Windows\System32\ict.ini not found.

File C:\Windows\System32\ibqvywo.ini not found.

File C:\Windows\System32\hxpuo.dat not found.

File C:\Windows\System32\hxokmtz.ini not found.

File C:\Windows\System32\hulemjbpzih.dat not found.

File C:\Windows\System32\htzs.dat not found.

File C:\Windows\System32\htubwk.ini not found.

File C:\Windows\System32\hrfumedgw.ini not found.

File C:\Windows\System32\hqwxnfwmq.ini not found.

File C:\Windows\System32\hoboh.dat not found.

File C:\Windows\System32\hmzimwaq.dat not found.

File C:\Windows\System32\hiushfclfla.ini not found.

File C:\Windows\System32\hhxjfatux.dat not found.

File C:\Windows\System32\hgu.ini not found.

File C:\Windows\System32\hgdxppghmnp.dat not found.

File C:\Windows\System32\hfaptb.dat not found.

File C:\Windows\System32\hbqnkzjqm.dat not found.

File C:\Windows\System32\gzswrdxw.ini not found.

File C:\Windows\System32\gxveh.dat not found.

File C:\Windows\System32\gxiglgpq.ini not found.

File C:\Windows\System32\gwegf.dat not found.

File C:\Windows\System32\gswxesatox.ini not found.

File C:\Windows\System32\gksspjwk.dat not found.

File C:\Windows\System32\gjrxn.dat not found.

File C:\Windows\System32\giemuzl.ini not found.

File C:\Windows\System32\ghdvcccqxcv.ini not found.

File C:\Windows\System32\ggjxmqh.ini not found.

File C:\Windows\System32\gecrm.ini not found.

File C:\Windows\System32\gcgii.ini not found.

File C:\Windows\System32\gbx.ini not found.

File C:\Windows\System32\fzzu.dat not found.

File C:\Windows\System32\fyvyvw.ini not found.

File C:\Windows\System32\fqat.dat not found.

File C:\Windows\System32\fnyj.ini not found.

File C:\Windows\System32\fnxe.dat not found.

File C:\Windows\System32\fmlgoxxnn.ini not found.

File C:\Windows\System32\fkuuzbgv.dat not found.

File C:\Windows\System32\fhagevihj.dat not found.

File C:\Windows\fas.ini not found.

File C:\Windows\System32\ezafudvoiyt.ini not found.

File C:\Windows\err.ini not found.

File C:\Windows\System32\epuzw.ini not found.

File C:\Windows\System32\ehe.dat not found.

File C:\Windows\System32\egskehx.ini not found.

File C:\Windows\eewo.ini not found.

File C:\Windows\System32\eesejbzog.ini not found.

File C:\Windows\System32\edsljcdivuy.ini not found.

File C:\Windows\ecisfvuhpa.ini not found.

File C:\Windows\System32\dxrnzku.ini not found.

File C:\Windows\System32\dqajfj.ini not found.

File C:\Windows\System32\dmuuqmc.ini not found.

File C:\Windows\System32\dmtlsnues.dat not found.

File C:\Windows\System32\dkfd.ini not found.

File C:\Windows\System32\djzobvavx.ini not found.

File C:\Windows\System32\dgppwo.dat not found.

File C:\Windows\System32\dgckkqqq.ini not found.

File C:\Windows\System32\dfswulgomz.ini not found.

File C:\Windows\System32\detwvkklv.ini not found.

File C:\Windows\System32\defhdp.ini not found.

File C:\Windows\System32\ctxnogspj.ini not found.

File C:\Windows\System32\cqbt.ini not found.

File C:\Windows\System32\cntaml.ini not found.

File C:\Windows\System32\civwzqm.ini not found.

File C:\Windows\System32\cfclssx.ini not found.

File C:\Windows\System32\cdntf.dat not found.

File C:\Windows\System32\cbqynozbpo.ini not found.

File C:\Windows\System32\cbgvboorrjj.dat not found.

File C:\Windows\System32\bzyz.dat not found.

File C:\Windows\System32\byoqvakieh.ini not found.

File C:\Windows\System32\bxqecmpfn.ini not found.

File C:\Windows\System32\bulcyfilrrd.dat not found.

File C:\Windows\System32\bsxkwl.dat not found.

File C:\Windows\System32\bsmobir.dat not found.

File C:\Windows\System32\blxcchdo.dat not found.

File C:\Windows\System32\betjex.ini not found.

File C:\Windows\baxqskha.dat not found.

File C:\Windows\System32\azuxhafgo.ini not found.

File C:\Windows\System32\ayyyufnvi.ini not found.

File C:\Windows\System32\auemdu.ini not found.

File C:\Windows\System32\aso.dat not found.

File C:\Windows\System32\arembuqqlhl.ini not found.

File C:\Windows\System32\apluecjxljh.ini not found.

File C:\Windows\System32\akjgqsepny.ini not found.

File C:\Windows\System32\ajnzyssdz.dat not found.

File C:\Windows\System32\ajfm.ini not found.

File C:\Windows\System32\aesvs.dat not found.

File C:\Windows\System32\aclcvmx.ini not found.

ADS C:\ProgramData\TEMP:56E2E879 deleted successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Léo

->Temp folder emptied: 416935 bytes

->Temporary Internet Files folder emptied: 139792 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 7841785 bytes

->Flash cache emptied: 0 bytes

User: L‚o

User: Public

User: Teste Warcraft

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 8,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11072012_103253

Files\Folders moved on Reboot...

File\Folder C:\Users\Léo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk not found!

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Supra,

Faltou postar o novo log do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, desculpe.

Logfile of HijackThis v1.99.1

Scan saved at 14:53:45, on 08/11/2012

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\FSP\FspUip.exe

C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Program Files\DAP\DAP.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\Léo\AppData\Roaming\Dashlane\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlane.exe

C:\Program Files\Garena Plus\GarenaMessenger.exe

C:\Program Files\Keyboard status\Key_status.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\online\rgc.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Léo\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?pid=%s&aid=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: 173.212.255.178 embedded.garena.com

O1 - Hosts: 173.212.255.178 embedded.garenanow.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Léo\AppData\Roaming\Dashlane\bin\Dashlanei.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Acelerador de Downloads\iefdm2.dll

O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Léo\AppData\Roaming\Dashlane\bin\KWIEBar.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe"

O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe

O4 - HKCU\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Dashlane] C:\Users\Léo\AppData\Roaming\Dashlane\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlane.exe

O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Key_status.lnk = C:\Program Files\Keyboard status\Key_status.exe

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Dashlane Button - {40354A83-504E-4611-ACAE-3D137F6F595E} - C:\Users\Léo\AppData\Roaming\Dashlane\bin\Dashlanei.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Supra,

Sugiro que tome mais cuidado ao instalar programas e extensões, você tem instalado muitos adwares no PC.

-----------

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.* /s

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.com

%systemroot%\*.scr

%PROGRAMFILES%\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

%systemroot%\system32\tasks\*.* /s

%windir%\tasks\*.* /s

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP

HKCU\Software\Microsoft\Internet Explorer\Downloads

/md5start

services.*

/md5stop

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt.

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ciro, eu excluí o antigo ComboFix e reinstalei. Quando executei, apareceu este erro:

"Warning!

Do not run ComboFix in Compability Mode.

Doing so may damage the machine."

Compartilhar este post


Link para o post
Compartilhar em outros sites

Supra,

Atenção: Imprima estas instruções pois você não terá acesso a esta página durante este procedimento. Observe bem os comandos digitados, pois não pode haver erros de digitação, ou os comandos não irão funcionar. Se tiver dúvidas, pergunte antes de fazer.

6j1soy.png Baixe o Farbar Recovery Scan Tool

por um computador limpo e salve-o em um pendrive igualmente formatado e limpo.

http://download.blee...farbar/FRST.exe

Conecte o pendrive com o Farbar Recovery Scan Tool (FRST) ao seu computador. Reinicie e

fique pressionando a tecla F8, até aparecer um menu com as Opções Avançadas.

CRVista.png

Escolha a opção Reparar o seu computador e aperte a tecla Enter. Selecione o método

de entrada de teclado (seu idioma) e depois clique em Avançar.

Selecione o Sistema Operacional a ser reparado (se houver mais de um). Depois coloque o seu

usuário (administrador) e se houver senha, digite-a. Dê o Ok.

Escolha a opção Prompt de Comando.

console7.png

No prompt, digite: notepad

O bloco de notas irá abrir. Vá no menu Arquivo e escolha Abrir. Selecione Meu

Computador e veja qual é a letra do seu drive removível.

* Isso é porque a letra pode não ser a mesma que aparece em modo normal.

Feche o bloco de notas e na janela do prompt digite:

z:\frst

ATENÇÃO: substitua o z pela letra que viu que era do seu

drive removível.

O FRST64 irá rodar. Aceite o contrato e depois clique no botão

a57siq.png.

Aguarde e ao final, o log FRST.txt será salvo no seu drive removível.

Reinicie o computador normalmente e depois selecione, copie e cole o conteúdo deste log em sua

próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  
Seguidores 0

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.