Ir para conteúdo

Foto

Memória RAM com 66% de consumo, pc lento, navegador Firefox travando...


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
22 respostas neste tópico

#1
Supra

Supra

    Novato

  • Novato
  • Pip
  • 14 posts
Olá a todos.


Primeiramente, desculpem pela minha inatividade. Apesar de esta minha conta ser relativamente antiga, eu não sou tão ativo no fórum, no entanto, reconheço sua utilidade, uma vez que vem ajudando milhares de pessoas em todo o Brasil.

O meu problema é, basicamente, "lentidão". Já faz uns dias que tenho percebido o meu notebook meio esquisito. Estou suspeitando de algum vírus: spyware/malware/trojan, não sei qual em específico.


As configurações básicas são as seguintes:

Processador Intel® Core™ i3 CPU M350 @ 2.27GHz
Memória RAM: 3,00 GB (utilizável: 2,86 GB)
Windows 7 Ultimate 32 bits
Conexão com a Internet: CaboTelecom - 10 MBs de Download - 1 MB de Upload


Descrição detalhada do problema:

1- O meu notebook tem apresentado o círculo perto da seta do mouse (o ícone que corresponde à ampulheta no Windows XP) constantemente, como se tivesse dizendo que algum arquivo/aplicativo está sendo executado. Ora some, ora aparece. Muito frequente.

2- O navegador Firefox tem travado 95% das vezes, especialmente quando entro no Facebook.

3- O navegador Google Chrome tem travado depois de inserir os e-mails destinatários e o assunto, na parte de escrever a mensagem. Ela fica bloqueada depois de clicar em "Nova Mensagem", simplesmente.

4- Os arquivos de texto têm apresentado MUITA lentidão ao abrir.

5- As imagens (fotos, de formatos diversos) têm apresentado MUITA lentidão ao abrir.

6- Todos os navegadores têm apresentado certa lentidão ao executar e MUITA lentidão ao abrir uma página.

7- O meu AntiVirus atual é o Avast FREE 7.0. Está atualizado e funcionando corretamente. Tentei rodá-lo na tentativa de encontrar vírus e não achei nada.

8- Baixei o combo Fix e rodei, mas durante a instalação, apareceu o seguinte erro: "Do not run combofix in compatibility mode" "Doing so may damage the machine."

9- Já rodei programas como CCleaner e Advanced System Care.

10- Sou administrador de uma rede de jogos online. Recentemente, algumas pessoas descobriram meu ip e têm realizado diversos ataques DDoS em mim, a fim de me derrubar. Tenho medo do que podem estar fazendo com o meu ip. Não sei se seriam capazes de invadir o meu pc, por exemplo.

11- O programa Performance Monitor está mostrando que a minha RAM está sendo consumida em 69%, mas não tenho nenhum programa aberto além de algumas abas do Google Chrome.
Vejam uma imagem da minha área de trabalho com o programa aberto:
http://i.imgur.com/AFFDf.png

Agora, vejam uma imagem do meu Gerenciador de Tarefas aberto, com os processos (nem todos aparecendo) em execução:
http://i.imgur.com/kSFED.jpg
(Percebam que existem, neste momento, 144 processos rodando, dos quais aparecem apenas ALGUNS ali na janela)



Log do HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 05:06:50, on 02/11/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\BrowserCompanion\BCHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Keyboard status\Key_status.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
C:\32788R22FWJFW\EN-US\iexplore.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mspaint.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Léo\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...&utm_medium=fft
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?s=C9Ma205
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...&utm_medium=fft
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=817404911
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.plusnetw...hTerms}&t=a0806
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.plusnetw...hTerms}&t=a0806
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.v9.com/s#...rms}&gsc.page=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.v9.com/s#...rms}&gsc.page=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 173.212.255.178 embedded.garena.com
O1 - Hosts: 173.212.255.178 embedded.garenanow.com
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Teste Warcraft\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: PSafe ClikSeguro - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Acelerador de Downloads\iefdm2.dll
O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS}
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GarenaCIG] "C:\ProgramData\GarenaCIG\3.0.824\GarenaCIG.exe" --tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Key_status.lnk = C:\Program Files\Keyboard status\Key_status.exe
O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: Garena Cafe Service (GarenaCIG) - Unknown owner - C:\ProgramData\GarenaCIG\3.0.824\GarenaCIG.exe" --service (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)





Log do AdwCleaner[S1]:



# AdwCleaner v2.006 - Logfile created 11/02/2012 at 05:14:33
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Léo - LÉO-PC
# Boot Mode : Normal
# Running from : C:\Users\Léo\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Léo\AppData\Local\funmoods.crx
File Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\searchplugins\funmoods.xml
File Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\searchplugins\Messenger Plus Smartbar Search.xml
File Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\searchplugins\search.xml
File Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\browsermngr_prefs.js
File Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\searchplugins\browsemngr.xml
Folder Deleted : C:\Program Files\BrowserCompanion
Folder Deleted : C:\Program Files\Complitly
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DealPly
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Léo\AppData\Local\APN
Folder Deleted : C:\Users\Léo\AppData\Local\Conduit
Folder Deleted : C:\Users\Léo\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Léo\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\Léo\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Léo\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Léo\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Léo\AppData\Roaming\BrowserCompanion
Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\CT2269050
Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\extensions\bbrs_002@blabbers.com
Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\Smartbar
Folder Deleted : C:\Users\Léo\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Teste Warcraft\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Teste Warcraft\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Teste Warcraft\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\BabylonToolbar
Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Complitly
Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\Users\Teste Warcraft\AppData\Roaming\OpenCandy

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browser companion helper]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DyDyCyDyBtCyEtCtA0A0EtN0D0Tzu0StByByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=817404911 --> hxxp://www.google.com
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=44444&tt=120912_ccp_3712_6&babsrc=HP_ss&mntrId=823513ae0000000000001c659d565714 --> hxxp://www.google.com
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=BR&userid=7c1a1ad8-8661-4af2-809e-0ddde3bad359&sp=addr&q={searchTerms}&t=a0806 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=BR&userid=7c1a1ad8-8661-4af2-809e-0ddde3bad359&sp=addr&q={searchTerms}&t=a0806 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (pt-BR)

Profile name : default
File : C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\prefs.js

C:\Users\Léo\AppData\Roaming\Mozilla\Firefox\Profiles\kkze6pft.default\user.js ... Deleted !

Deleted : user_pref("CT2269050.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Deleted : user_pref("CT2269050.1000234.TWC_TMP_city", "SAO PAULO");
Deleted : user_pref("CT2269050.1000234.TWC_TMP_country", "BR");
Deleted : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2269050.FirstTime", "true");
Deleted : user_pref("CT2269050.FirstTimeFF3", "true");
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.UserID", "UN09320095153688396");
Deleted : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2269050.autoDisableScopes", -1);
Deleted : user_pref("CT2269050.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2269050.enableAlerts", "always");
Deleted : user_pref("CT2269050.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2269050.fixUrls", true);
Deleted : user_pref("CT2269050.installType", "Unknown");
Deleted : user_pref("CT2269050.isCheckedStartAsHidden", true);
Deleted : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT2269050.isNewTabEnabled", false);
Deleted : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2269050.keyword", true);
Deleted : user_pref("CT2269050.migrateAppsAndComponents", true);
Deleted : user_pref("CT2269050.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.facebook.com[...]
Deleted : user_pref("CT2269050.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT2269050.openThankYouPage", "FALSE");
Deleted : user_pref("CT2269050.openUninstallPage", "FALSE");
Deleted : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Deleted : user_pref("CT2269050.search.searchCount", "0");
Deleted : user_pref("CT2269050.searchInNewTabEnabled", "false");
Deleted : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350934148301");
Deleted : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1351260847858");
Deleted : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350934159632");
Deleted : user_pref("CT2269050.serviceLayer_services_login_10.13.1.89_lastUpdate", "1351321534894");
Deleted : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1351306971829");
Deleted : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350934159723");
Deleted : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1351260848448");
Deleted : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1351260846800");
Deleted : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350934159685");
Deleted : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1351321559862");
Deleted : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1351260847115");
Deleted : user_pref("CT2269050.settingsINI", true);
Deleted : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Deleted : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Deleted : user_pref("CT2269050.smartbar.Uninstall", "0");
Deleted : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Deleted : user_pref("CT2269050.startPage", "FALSE");
Deleted : user_pref("CT2269050.toolbarBornServerTime", "22-10-2012");
Deleted : user_pref("CT2269050.toolbarCurrentServerTime", "27-10-2012");
Deleted : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=44444&tt=120912_ccp_3712_6[...]
Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110823&tt=120912_nocpc_3812_2");
Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt");
Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "10");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "BR");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "0");
Deleted : user_pref("extensions.BabylonToolbar.dpk", "a239ee63432785bc9c5f6d9c56596c52");
Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.firstrun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "476E0ADE1E123AB385B2850FA0AA1A1F");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.hrdid", "823513ae0000000000001c659d565714");
Deleted : user_pref("extensions.BabylonToolbar.id", "823513ae0000000000001c659d565714");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15632");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.instlday", "15604");
Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst");
Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.BabylonToolbar.keywordurl", "");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1218:22:28");
Deleted : user_pref("extensions.BabylonToolbar.lastdp", 23);
Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.newtab", "false");
Deleted : user_pref("extensions.BabylonToolbar.newtaburl", "");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "azb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss");
Deleted : user_pref("extensions.BabylonToolbar.srch", "");
Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", "");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1218:22:28");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1218:22:28");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=120912_nocpc_3812_2");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "823513ae0000000000001c659d565714");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "823513ae0000000000001c659d565714");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15540");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=4212_[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.812:21:30");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.enabledAddons", "{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.32.1,ffxtlbr@funmood[...]
Deleted : user_pref("extensions.funmoods.aflt", "ironpub");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "BR");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "51064B44E9CA852D709DC616FF7E5936");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2[...]
Deleted : user_pref("extensions.funmoods.hrdid", "1C659D56571413AE");
Deleted : user_pref("extensions.funmoods.id", "1C659D56571413AE");
Deleted : user_pref("extensions.funmoods.instlDay", "15614");
Deleted : user_pref("extensions.funmoods.instlRef", "ironpub");
Deleted : user_pref("extensions.funmoods.instlday", "15577");
Deleted : user_pref("extensions.funmoods.instlref", "ironpub");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2218:52:45");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.similarsitesstorage-pid2", "3aa39776ff614cab");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=ironpub&chnl=ironpub&[...]
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2218:52:45");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.222:9:41");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2218:52:45");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=44444&tt=120912_ccp_371[...]

Profile name : default
File : C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\prefs.js

C:\Users\Teste Warcraft\AppData\Roaming\Mozilla\Firefox\Profiles\iahsrlap.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&bab[...]
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "823513ae0000000000001c659d565714");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15630");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=16101[...]
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.820:20:02");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&babsrc=KW_[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.43] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.46] : keyword = "babylon.com",
Deleted [l.49] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=112558&tt=2912_7&babsrc=SP_ss&mntrId=823513ae0000000000001c659d565714",

File : C:\Users\Teste Warcraft\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&babsrc=HP_ss&mntrId=823513ae0000000000001c659d565714",
Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&babsrc=HP_ss&mntrId=823513ae0000000000001c659d565714" ]
Deleted [l.36] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.39] : keyword = "babylon.com",
Deleted [l.42] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=161012_lehcoz_4212_4&babsrc=SP_ss&mntrId=823513ae0000000000001c659d565714",
Deleted [l.1733] : homepage = "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&babsrc=HP_ss&mntrId=823513ae0000000000001c659d565714",
Deleted [l.2003] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110824&tt=161012_lehcoz_4212_4&babsrc=HP_ss&mntrId=823513ae0000000000001c659d565714" ]

*************************

AdwCleaner[S1].txt - [32512 octets] - [02/11/2012 05:14:33]

########## EOF - C:\AdwCleaner[S1].txt - [32573 octets] ##########



Alguém me ajude por favor.
O que devo fazer?

Editado por Supra, 02 novembro 2012 - 04:23.


#2
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 57.167 posts
Supra,

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares

Poste um novo log do Hijackthis.

Por favor, observe o seguinte:

  • Não utilize softwares que não foram indicado.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em Seguir este tópico, Imagem Postada,
    para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma Mensagem Privada (MP)

** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#3
Supra

Supra

    Novato

  • Novato
  • Pip
  • 14 posts
Ok, desculpe.


Novo log do HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 17:48:21, on 02/11/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\GarenaCIG\3.0.824\GarenaCIG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Keyboard status\Key_status.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\online\rgc.exe
C:\Program Files\online\rgc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Léo\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...&utm_medium=fft
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?s=C9Ma205
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...&utm_medium=fft
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.v9.com/s#...rms}&gsc.page=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.v9.com/s#...rms}&gsc.page=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 173.212.255.178 embedded.garena.com
O1 - Hosts: 173.212.255.178 embedded.garenanow.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: PSafe ClikSeguro - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Acelerador de Downloads\iefdm2.dll
O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GarenaCIG] "C:\ProgramData\GarenaCIG\3.0.824\GarenaCIG.exe" --tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Key_status.lnk = C:\Program Files\Keyboard status\Key_status.exe
O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: Garena Cafe Service (GarenaCIG) - Unknown owner - C:\ProgramData\GarenaCIG\3.0.824\GarenaCIG.exe" --service (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

#4
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 57.167 posts
Supra,

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.
NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#5
Supra

Supra

    Novato

  • Novato
  • Pip
  • 14 posts
1º Log:




Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Versão da Base de Dados: v2012.11.02.11

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Léo :: LÉO-PC [administrador]

Proteção: Permitir

02/11/2012 19:44:05
mbam-log-2012-11-02 (19-44-05).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 210764
Tempo decorrido: 7 minuto(s), 29 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 2
C:\directory\CyberGate (Trojan.PWS) -> Enviado para a Quarentena e deletado com sucesso.
C:\directory\CyberGate\install (Trojan.PWS) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 7
C:\Users\Teste Warcraft\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Nenhuma ação foi feita.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Nenhuma ação foi feita.
C:\$Recycle.Bin\S-1-5-21-1067274514-2849233628-662287575-1000\$R47D6WM\rDos.exe (HackTool.DOS) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Léo\AppData\Roaming\cglogs.dat (Malware.Trace) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Teste Warcraft\AppData\Roaming\cglogs.dat (Malware.Trace) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Teste Warcraft\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Teste Warcraft\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Enviado para a Quarentena e deletado com sucesso.

(fim)



2º Log:



2012/11/02 19:43:05 -0200 LÉO-PC Léo MESSAGE Starting protection
2012/11/02 19:43:05 -0200 LÉO-PC Léo MESSAGE Protection started successfully
2012/11/02 19:43:05 -0200 LÉO-PC Léo MESSAGE Starting IP protection
2012/11/02 19:43:09 -0200 LÉO-PC Léo MESSAGE IP Protection started successfully
2012/11/02 19:43:21 -0200 LÉO-PC Léo MESSAGE Starting database refresh
2012/11/02 19:43:21 -0200 LÉO-PC Léo MESSAGE Stopping IP protection
2012/11/02 19:43:21 -0200 LÉO-PC Léo MESSAGE IP Protection stopped successfully
2012/11/02 19:43:24 -0200 LÉO-PC Léo MESSAGE Database refreshed successfully
2012/11/02 19:43:24 -0200 LÉO-PC Léo MESSAGE Starting IP protection
2012/11/02 19:43:26 -0200 LÉO-PC Léo MESSAGE IP Protection started successfully
2012/11/02 19:46:06 -0200 LÉO-PC Léo IP-BLOCK 213.186.33.17 (Type: outgoing, Port: 65361, Process: avastsvc.exe)
2012/11/02 19:54:57 -0200 LÉO-PC Léo MESSAGE Starting protection
2012/11/02 19:54:57 -0200 LÉO-PC Léo MESSAGE Protection started successfully
2012/11/02 19:54:57 -0200 LÉO-PC Léo MESSAGE Starting IP protection
2012/11/02 19:54:59 -0200 LÉO-PC Léo MESSAGE IP Protection started successfully

#6
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 57.167 posts
Supra,

Não é necessário me enviar Mensagem Privada informando da resposta ao tópico.

--------

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


CREATERESTOREPOINT
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%PROGRAMFILES%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\system32\tasks\*.* /s
%windir%\tasks\*.* /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
/md5start
services.*
/md5stop


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Imagem Postada

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#7
Supra

Supra

    Novato

  • Novato
  • Pip
  • 14 posts
Os dois arquivos foram anexados porque ficaram muito grandes.

Arquivo(s) anexado(s)



#8
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 57.167 posts
Supra,

Acesse o VirusTotal.com

Clique no botão Choose File e localize o arquivo abaixo.

C:\Users\Léo\AppData\Roaming\driver.sys

Depois clique no botão Scan it!

Aguarde a análise terminar, depois copie o link que estará na barra de endereço do seu navegador e cole na sua próxima resposta. Exemplo:

https://www.virustot...sis/1331728637/

Obs: Se você usar o VirusTotal, caso o arquivo já tenha sido analisado anteriormente pelo site, você verá uma imagem semelhante a esta:

Imagem Postada

Se isso acontecer, reanalise o arquivo.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#9
Supra

Supra

    Novato

  • Novato
  • Pip
  • 14 posts
Ciro, eu não achei este arquivo:
C:\Users\Léo\AppData\Roaming\driver.sys

#10
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 57.167 posts
Supra,

Selecione e copie o texto dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.

:OTL
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Users\Léo\AppData\Roaming\driver.sys -- (AlxKill)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=fft
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.v9.com/s#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.v9.com/s#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=pcmega1&chnl=pcmega1&cd=2XzutAtN2Y1L1QzutC0CyCyDzy0DyDyCyDyBtCyEtCtA0A0EtN0D0TzutBtDtCtBtDyCtDtA&cr=1139112003
IE - HKLM\..\SearchScopes\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}: "URL" = http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=BR&userid=7c1a1ad8-8661-4af2-809e-0ddde3bad359&sp=addr&q={searchTerms}&t=a0806
IE - HKLM\..\SearchScopes\{6B54B081-AF74-0C4F-8608-479CB9AF069C}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DyDyCyDyBtCyEtCtA0A0EtN0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1580841226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=fft
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?s=C9Ma205
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0EB6806E-B904-4774-B0AF-7A9BB68C99EF}: "URL" = http://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.v9.com/s#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
IE - HKCU\..\SearchScopes\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}: "URL" = http://isearch.avg.com/search?cid={43EF517A-D3BA-49DE-83A8-B40F54C9B40A}&mid=8562cc90ffe247d0a7ced1a90aeba32d-57ecd0b1cdd608290096e7ae5f4c5b5e6ab1bed3&lang=pt-br&ds=od011&pr=sa&d=2012-07-09 13:03:52&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{6B54B081-AF74-0C4F-8608-479CB9AF069C}: "URL" = http://home.speedbit.com/search.aspx?s=C9Ma206&q={searchTerms}
IE - HKCU\..\SearchScopes\{72271B3A-3554-9520-BB57-5BC380905350}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=220512_53ctrl&babsrc=SP_ss&mntrId=823513ae0000000000001c659d565714
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q={searchTerms}
IE - HKCU\..\SearchScopes\{9F24CD44-FA98-4FFF-A181-DF25F8169D84}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYBR&apn_uid=2d55986a-fc0c-4b0e-8609-694428616c3e&apn_sauid=A1E6D633-FCBA-4DEC-B7AB-68C4C4D6A412
FF - prefs.js..browser.search.defaultenginename: "Speedbit"
FF - prefs.js..browser.search.defaulturl: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
FF - prefs.js..browser.search.order.1: "Speedbit"
FF - prefs.js..browser.search.selectedEngine: "Speedbit"
FF - prefs.js..keyword.URL: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
[2012/10/27 01:05:12 | 000,001,028 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\dvdvideosofttb-customized-web-search.xml
[2012/11/01 00:13:00 | 000,002,520 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\speedbit.xml
File not found (No name found) -- C:\USERS\LéO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KKZE6PFT.DEFAULT\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&affID=112558&tt=2912_7&babsrc=SP_ss&mntrId=823513ae0000000000001c659d565714
O2 - BHO: (no name) - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - No CLSID value found.
[2012/09/21 19:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft
[2012/11/03 14:14:17 | 000,000,600 | ---- | M] () -- C:\Users\Léo\AppData\Local\PUTTY.RND
[2012/10/10 00:11:40 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\3393.exe
[2012/10/09 22:28:32 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\C7B3.exe
[2012/10/08 11:02:21 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\EB1A.exe
[2012/10/08 10:55:31 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\AC46.exe
[2012/10/08 09:46:30 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\7C7C.exe
[2012/10/08 09:23:30 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\6DBB.exe
[2012/10/08 09:00:30 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\5E9D.exe
[2012/10/08 08:37:31 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\51FE.exe
[2012/10/08 08:14:30 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\40BE.exe
[2012/10/08 07:51:29 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\2F7E.exe
[2012/10/08 07:28:29 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\1FC4.exe
[2012/10/08 06:42:30 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\6E4.exe
[2012/10/08 06:19:29 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\F517.exe
[2012/10/08 05:56:30 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\E8A7.exe
[2012/10/08 05:33:29 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\D832.exe
[2012/10/08 05:10:28 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\C55C.exe
[2012/10/08 04:47:29 | 000,000,000 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\BA63.exe
[2012/10/08 04:11:19 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\9DBC.exe
[2012/10/08 03:50:49 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\D6D4.exe
[2012/10/08 03:36:14 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\7E96.exe
[2012/10/07 23:03:43 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\A0.exe
[2012/10/07 22:44:04 | 000,000,369 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\BE.exe
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zzmbkjttcv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zyadeizbstq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zvxuplfqaiv.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmulmsalvp.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmpm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zlvlgaoro.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zhbezzk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zgtn.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zbu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yztg.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ywcotf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yruogei.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yqwnxmuqkr.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ynbpico.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yft.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfguqg.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfddtyco.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yeqc.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ybcwdcj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xrjmwls.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xratz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xnrwoffi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xkiazoygsu.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xitroqxj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\xibfo.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhxj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhliavnncf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhi.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhepiahgu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xei.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xdu.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbwudob.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbeumyws.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xabxrnwognq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wztapis.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvpmojcpagc.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvmaql.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wuienx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wtkvqxla.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmcwjfwebcg.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmaeoulj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjjkwjxof.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wgfzxqxc.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwvpxtf.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vuzy.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vtccpjjxhbl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vpymgh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vky.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vhgdwwy.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vexcv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vekhfmquvd.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uvhkeoo.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uuknvmo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\upqsk.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ujupkolaxz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uilhoi.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uhgxcxne.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ugh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\udixx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ubomomrwsdk.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uaqqwmjt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tubh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tttpgilubhz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tmksiwyo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tjerrruiu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tixbprzs.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgysztaa.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgp.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tcu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\szanch.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swrosmstc.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swmx.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\svh.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\surl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sthnpbr.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\srt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sqrvkkbktxz.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sntlrnm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\slfzi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skjqlknoa.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skcx.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sjzadmi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sfsz.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rzuc.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rvitifkhda.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ruwy.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rumiqlhw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rtsquze.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rpz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\rnni.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rnaxcorvnpm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rmkgnn.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\riffaw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rifbww.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rhw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rfbddh.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\refyhravcw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rckntimj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rbou.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qzegqoobxiy.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qxbus.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qttwzyei.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qsopsnklrnj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qrpcq.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqewpfdl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qpghwlpi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qnretzig.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qheefqe.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\qgqkumwr.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qbdvroefxtf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\pxluctu.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pvsbacopgo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\puxozpwjj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ptfcgaof.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psxulyb.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psuezqksw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqognjycvt.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqjjgvrcrr.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pplmagu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pjtdqi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\phcioojd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pefaimbebk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pedcjlq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pcpmvigyknw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pclkwlz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pathdekgnl.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oxxpcqneqfk.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ousspnt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otvbczqzr.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otorwgb.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofzxmm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofsbkfk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ooaomuyhvz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\onuhfaqdr.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olhdsirhbjm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olcfhmx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\okbzdweogsf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oicryjbsxhd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogn.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogknbwh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ocduhsoaeky.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ntpp.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\npuailglpt.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\netcd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ndpxrjvfik.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\narceunvfsr.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mxdvmytw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwzhlh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwuwz.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mvhxlyyr.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mpuqpwyjjoe.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mlfml.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\minowwpnhw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhymnl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhefcltipun.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mflohpswrxl.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mcrrrdylbyb.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbufohzbd.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbpbf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\maynwlp.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lxjydaq.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lwcnbd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvzw.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvjfqnrfy.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lqya.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lnm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lmkwvtfa.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\liif.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lhlcj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lffhqjpt.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ldna.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ktkvvqws.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\kragnbr.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kppamcnflm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kokjkgnayl.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\knk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kkrk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kjvzwobzke.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kgqeevfnt.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kfkegdfzsmf.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kblu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kaddzumq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jxqxva.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvpytddxshm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvanbm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jscxtijpp.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jecbuzopv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jazdltqdat.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ixrmyzmuf.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ivz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\itshnv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ithugwck.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\isnvgwxvzx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\imisiwl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ilppyukvb.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ikvd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ifvbafbi.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\iduxw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ict.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ibqvywo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxpuo.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxokmtz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hulemjbpzih.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htzs.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htubwk.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hrfumedgw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hqwxnfwmq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hoboh.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hmzimwaq.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hiushfclfla.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hhxjfatux.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgdxppghmnp.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hfaptb.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hbqnkzjqm.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gzswrdxw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxveh.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxiglgpq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gwegf.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gswxesatox.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gksspjwk.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gjrxn.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\giemuzl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ghdvcccqxcv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ggjxmqh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gecrm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gcgii.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gbx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fzzu.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fyvyvw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fqat.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnyj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnxe.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fmlgoxxnn.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fkuuzbgv.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fhagevihj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\fas.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ezafudvoiyt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\err.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\epuzw.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ehe.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\egskehx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\eewo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\eesejbzog.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\edsljcdivuy.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\ecisfvuhpa.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dxrnzku.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dqajfj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmuuqmc.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmtlsnues.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dkfd.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\djzobvavx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgppwo.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgckkqqq.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dfswulgomz.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\detwvkklv.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\defhdp.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ctxnogspj.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cqbt.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cntaml.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\civwzqm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cfclssx.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cdntf.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbqynozbpo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbgvboorrjj.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bzyz.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\byoqvakieh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bxqecmpfn.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bulcyfilrrd.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsxkwl.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsmobir.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\blxcchdo.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\betjex.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\baxqskha.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\azuxhafgo.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ayyyufnvi.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\auemdu.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aso.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\arembuqqlhl.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\apluecjxljh.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\akjgqsepny.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajnzyssdz.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajfm.ini
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aesvs.dat
[2012/04/23 16:25:41 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aclcvmx.ini
[2012/07/13 10:09:05 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/10/17 21:20:25 | 000,003,316 | ---- | M] () -- C:\Windows\system32\tasks\DealPlyUpdate
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão Imagem Postada

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log.

Poste também um novo log do Hijackthis.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#11
Supra

Supra

    Novato

  • Novato
  • Pip
  • 14 posts
Log do OTL:

All processes killed
========== OTL ==========
Service AlxKill stopped successfully!
Service AlxKill deleted successfully!
File C:\Users\Léo\AppData\Roaming\driver.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B54B081-AF74-0C4F-8608-479CB9AF069C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B54B081-AF74-0C4F-8608-479CB9AF069C}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0EB6806E-B904-4774-B0AF-7A9BB68C99EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EB6806E-B904-4774-B0AF-7A9BB68C99EF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53B0DD91-AA8F-1F6A-3DC8-4B54A6F73506}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B54B081-AF74-0C4F-8608-479CB9AF069C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B54B081-AF74-0C4F-8608-479CB9AF069C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{72271B3A-3554-9520-BB57-5BC380905350}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72271B3A-3554-9520-BB57-5BC380905350}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F24CD44-FA98-4FFF-A181-DF25F8169D84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F24CD44-FA98-4FFF-A181-DF25F8169D84}\ not found.
Prefs.js: "Speedbit" removed from browser.search.defaultenginename
Prefs.js: "http://home.speedbit...d=%s&shr=%d&q=" removed from browser.search.defaulturl
Prefs.js: "Speedbit" removed from browser.search.order.1
Prefs.js: "Speedbit" removed from browser.search.selectedEngine
Prefs.js: "http://home.speedbit...d=%s&shr=%d&q=" removed from keyword.URL
C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\dvdvideosofttb-customized-web-search.xml moved successfully.
C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\speedbit.xml moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{802D2971-E7C7-4219-8D5C-AFDCD0DA939E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{802D2971-E7C7-4219-8D5C-AFDCD0DA939E}\ not found.
C:\Program Files\v9Soft folder moved successfully.
C:\Users\Léo\AppData\Local\PUTTY.RND moved successfully.
C:\Users\Léo\AppData\Roaming\3393.exe moved successfully.
C:\Users\Léo\AppData\Roaming\C7B3.exe moved successfully.
C:\Users\Léo\AppData\Roaming\EB1A.exe moved successfully.
C:\Users\Léo\AppData\Roaming\AC46.exe moved successfully.
C:\Users\Léo\AppData\Roaming\7C7C.exe moved successfully.
C:\Users\Léo\AppData\Roaming\6DBB.exe moved successfully.
C:\Users\Léo\AppData\Roaming\5E9D.exe moved successfully.
C:\Users\Léo\AppData\Roaming\51FE.exe moved successfully.
C:\Users\Léo\AppData\Roaming\40BE.exe moved successfully.
C:\Users\Léo\AppData\Roaming\2F7E.exe moved successfully.
C:\Users\Léo\AppData\Roaming\1FC4.exe moved successfully.
C:\Users\Léo\AppData\Roaming\6E4.exe moved successfully.
C:\Users\Léo\AppData\Roaming\F517.exe moved successfully.
C:\Users\Léo\AppData\Roaming\E8A7.exe moved successfully.
C:\Users\Léo\AppData\Roaming\D832.exe moved successfully.
C:\Users\Léo\AppData\Roaming\C55C.exe moved successfully.
C:\Users\Léo\AppData\Roaming\BA63.exe moved successfully.
C:\Users\Léo\AppData\Roaming\9DBC.exe moved successfully.
C:\Users\Léo\AppData\Roaming\D6D4.exe moved successfully.
C:\Users\Léo\AppData\Roaming\7E96.exe moved successfully.
C:\Users\Léo\AppData\Roaming\A0.exe moved successfully.
C:\Users\Léo\AppData\Roaming\BE.exe moved successfully.
C:\Windows\System32\zzmbkjttcv.ini moved successfully.
C:\Windows\System32\zyadeizbstq.ini moved successfully.
C:\Windows\System32\zvxuplfqaiv.dat moved successfully.
C:\Windows\System32\zmulmsalvp.ini moved successfully.
C:\Windows\System32\zmpm.dat moved successfully.
C:\Windows\System32\zlvlgaoro.dat moved successfully.
C:\Windows\System32\zhbezzk.ini moved successfully.
C:\Windows\System32\zgtn.dat moved successfully.
C:\Windows\System32\zbu.ini moved successfully.
C:\Windows\System32\yztg.dat moved successfully.
C:\Windows\System32\ywcotf.ini moved successfully.
C:\Windows\System32\yruogei.ini moved successfully.
C:\Windows\System32\yqwnxmuqkr.ini moved successfully.
C:\Windows\System32\ynbpico.ini moved successfully.
C:\Windows\System32\yft.ini moved successfully.
C:\Windows\System32\yfguqg.dat moved successfully.
C:\Windows\System32\yfddtyco.ini moved successfully.
C:\Windows\System32\yeqc.ini moved successfully.
C:\Windows\System32\ybcwdcj.ini moved successfully.
C:\Windows\System32\xrjmwls.ini moved successfully.
C:\Windows\System32\xratz.ini moved successfully.
C:\Windows\System32\xnrwoffi.ini moved successfully.
C:\Windows\System32\xkiazoygsu.dat moved successfully.
C:\Windows\System32\xitroqxj.dat moved successfully.
C:\Windows\xibfo.dat moved successfully.
C:\Windows\System32\xhxj.ini moved successfully.
C:\Windows\System32\xhliavnncf.ini moved successfully.
C:\Windows\System32\xhi.dat moved successfully.
C:\Windows\System32\xhepiahgu.ini moved successfully.
C:\Windows\System32\xei.ini moved successfully.
C:\Windows\System32\xdu.dat moved successfully.
C:\Windows\System32\xbwudob.ini moved successfully.
C:\Windows\System32\xbeumyws.ini moved successfully.
C:\Windows\System32\xabxrnwognq.ini moved successfully.
C:\Windows\System32\wztapis.ini moved successfully.
C:\Windows\System32\wvpmojcpagc.ini moved successfully.
C:\Windows\System32\wvmaql.ini moved successfully.
C:\Windows\System32\wuienx.ini moved successfully.
C:\Windows\System32\wtkvqxla.ini moved successfully.
C:\Windows\System32\wmcwjfwebcg.dat moved successfully.
C:\Windows\System32\wmaeoulj.ini moved successfully.
C:\Windows\System32\wjjkwjxof.dat moved successfully.
C:\Windows\System32\wjd.ini moved successfully.
C:\Windows\System32\wgfzxqxc.dat moved successfully.
C:\Windows\System32\vwx.ini moved successfully.
C:\Windows\System32\vwvpxtf.dat moved successfully.
C:\Windows\System32\vuzy.ini moved successfully.
C:\Windows\System32\vtccpjjxhbl.ini moved successfully.
C:\Windows\System32\vpymgh.ini moved successfully.
C:\Windows\System32\vky.dat moved successfully.
C:\Windows\System32\vhgdwwy.ini moved successfully.
C:\Windows\System32\vexcv.ini moved successfully.
C:\Windows\System32\vekhfmquvd.dat moved successfully.
C:\Windows\System32\uvhkeoo.dat moved successfully.
C:\Windows\System32\uuknvmo.ini moved successfully.
C:\Windows\System32\upqsk.dat moved successfully.
C:\Windows\System32\ujupkolaxz.ini moved successfully.
C:\Windows\System32\uilhoi.dat moved successfully.
C:\Windows\System32\uhgxcxne.ini moved successfully.
C:\Windows\System32\ugh.ini moved successfully.
C:\Windows\System32\udixx.ini moved successfully.
C:\Windows\System32\ubomomrwsdk.dat moved successfully.
C:\Windows\System32\uaqqwmjt.ini moved successfully.
C:\Windows\System32\tubh.ini moved successfully.
C:\Windows\System32\tttpgilubhz.ini moved successfully.
C:\Windows\System32\tmksiwyo.ini moved successfully.
C:\Windows\System32\tjerrruiu.ini moved successfully.
C:\Windows\System32\tixbprzs.dat moved successfully.
C:\Windows\System32\tgysztaa.ini moved successfully.
C:\Windows\System32\tgp.dat moved successfully.
C:\Windows\System32\tcu.ini moved successfully.
C:\Windows\System32\szanch.dat moved successfully.
C:\Windows\System32\swrosmstc.ini moved successfully.
C:\Windows\System32\swmx.dat moved successfully.
C:\Windows\System32\svh.dat moved successfully.
C:\Windows\System32\surl.ini moved successfully.
C:\Windows\System32\sthnpbr.ini moved successfully.
C:\Windows\System32\srt.ini moved successfully.
C:\Windows\System32\sqrvkkbktxz.dat moved successfully.
C:\Windows\System32\sntlrnm.dat moved successfully.
C:\Windows\System32\slfzi.ini moved successfully.
C:\Windows\System32\skjqlknoa.ini moved successfully.
C:\Windows\System32\skcx.dat moved successfully.
C:\Windows\System32\sjzadmi.ini moved successfully.
C:\Windows\System32\sfsz.dat moved successfully.
C:\Windows\System32\rzuc.ini moved successfully.
C:\Windows\System32\rvitifkhda.ini moved successfully.
C:\Windows\System32\ruwy.dat moved successfully.
C:\Windows\System32\rumiqlhw.dat moved successfully.
C:\Windows\System32\rtsquze.dat moved successfully.
C:\Windows\System32\rpz.ini moved successfully.
C:\Windows\rnni.ini moved successfully.
C:\Windows\System32\rnaxcorvnpm.ini moved successfully.
C:\Windows\System32\rmkgnn.ini moved successfully.
C:\Windows\System32\riffaw.ini moved successfully.
C:\Windows\System32\rifbww.ini moved successfully.
C:\Windows\System32\rhw.dat moved successfully.
C:\Windows\System32\rfbddh.dat moved successfully.
C:\Windows\refyhravcw.dat moved successfully.
C:\Windows\System32\rckntimj.dat moved successfully.
C:\Windows\System32\rbou.dat moved successfully.
C:\Windows\System32\qzegqoobxiy.ini moved successfully.
C:\Windows\System32\qxbus.dat moved successfully.
C:\Windows\System32\qttwzyei.dat moved successfully.
C:\Windows\System32\qsopsnklrnj.dat moved successfully.
C:\Windows\System32\qrpcq.dat moved successfully.
C:\Windows\System32\qqqt.ini moved successfully.
C:\Windows\System32\qqqewpfdl.ini moved successfully.
C:\Windows\System32\qpghwlpi.ini moved successfully.
C:\Windows\System32\qnretzig.ini moved successfully.
C:\Windows\System32\qheefqe.dat moved successfully.
C:\Windows\qgqkumwr.ini moved successfully.
C:\Windows\System32\qbdvroefxtf.ini moved successfully.
C:\Windows\pxluctu.dat moved successfully.
C:\Windows\System32\pvsbacopgo.ini moved successfully.
C:\Windows\System32\puxozpwjj.dat moved successfully.
C:\Windows\System32\ptfcgaof.dat moved successfully.
C:\Windows\System32\psxulyb.ini moved successfully.
C:\Windows\System32\psuezqksw.dat moved successfully.
C:\Windows\System32\pqognjycvt.dat moved successfully.
C:\Windows\System32\pqjjgvrcrr.ini moved successfully.
C:\Windows\System32\pplmagu.ini moved successfully.
C:\Windows\System32\pjtdqi.ini moved successfully.
C:\Windows\System32\phcioojd.ini moved successfully.
C:\Windows\System32\pefaimbebk.ini moved successfully.
C:\Windows\System32\pedcjlq.ini moved successfully.
C:\Windows\System32\pcpmvigyknw.dat moved successfully.
C:\Windows\System32\pclkwlz.ini moved successfully.
C:\Windows\System32\pathdekgnl.dat moved successfully.
C:\Windows\System32\oxxpcqneqfk.dat moved successfully.
C:\Windows\System32\ousspnt.ini moved successfully.
C:\Windows\System32\otvbczqzr.dat moved successfully.
C:\Windows\System32\otorwgb.ini moved successfully.
C:\Windows\System32\oofzxmm.dat moved successfully.
C:\Windows\System32\oofsbkfk.ini moved successfully.
C:\Windows\System32\ooaomuyhvz.ini moved successfully.
C:\Windows\System32\onuhfaqdr.dat moved successfully.
C:\Windows\System32\olhdsirhbjm.dat moved successfully.
C:\Windows\System32\olcfhmx.ini moved successfully.
C:\Windows\System32\okbzdweogsf.ini moved successfully.
C:\Windows\System32\oicryjbsxhd.ini moved successfully.
C:\Windows\System32\ogn.ini moved successfully.
C:\Windows\System32\ogknbwh.ini moved successfully.
C:\Windows\System32\ocduhsoaeky.ini moved successfully.
C:\Windows\System32\ntpp.ini moved successfully.
C:\Windows\System32\npuailglpt.dat moved successfully.
C:\Windows\System32\netcd.ini moved successfully.
C:\Windows\System32\ndpxrjvfik.dat moved successfully.
C:\Windows\System32\narceunvfsr.ini moved successfully.
C:\Windows\System32\mxdvmytw.ini moved successfully.
C:\Windows\System32\mwzhlh.ini moved successfully.
C:\Windows\System32\mwuwz.dat moved successfully.
C:\Windows\System32\mvhxlyyr.dat moved successfully.
C:\Windows\System32\mpuqpwyjjoe.ini moved successfully.
C:\Windows\System32\mlfml.ini moved successfully.
C:\Windows\System32\minowwpnhw.dat moved successfully.
C:\Windows\System32\mhymnl.ini moved successfully.
C:\Windows\System32\mhefcltipun.ini moved successfully.
C:\Windows\System32\mflohpswrxl.dat moved successfully.
C:\Windows\System32\mcrrrdylbyb.dat moved successfully.
C:\Windows\System32\mbufohzbd.dat moved successfully.
C:\Windows\System32\mbpbf.ini moved successfully.
C:\Windows\System32\maynwlp.ini moved successfully.
C:\Windows\System32\lxjydaq.dat moved successfully.
C:\Windows\System32\lwcnbd.ini moved successfully.
C:\Windows\System32\lvzw.dat moved successfully.
C:\Windows\System32\lvjfqnrfy.dat moved successfully.
C:\Windows\System32\lqya.dat moved successfully.
C:\Windows\System32\lnm.ini moved successfully.
C:\Windows\System32\lmkwvtfa.ini moved successfully.
C:\Windows\System32\liif.ini moved successfully.
C:\Windows\System32\lhlcj.ini moved successfully.
C:\Windows\System32\lffhqjpt.dat moved successfully.
C:\Windows\System32\ldna.ini moved successfully.
C:\Windows\System32\ktkvvqws.dat moved successfully.
C:\Windows\kragnbr.dat moved successfully.
C:\Windows\System32\kppamcnflm.dat moved successfully.
C:\Windows\System32\kokjkgnayl.dat moved successfully.
C:\Windows\System32\knk.ini moved successfully.
C:\Windows\System32\kkrk.ini moved successfully.
C:\Windows\System32\kjvzwobzke.ini moved successfully.
C:\Windows\System32\kgqeevfnt.dat moved successfully.
C:\Windows\System32\kfkegdfzsmf.dat moved successfully.
C:\Windows\System32\kblu.ini moved successfully.
C:\Windows\System32\kaddzumq.ini moved successfully.
C:\Windows\System32\jxqxva.ini moved successfully.
C:\Windows\System32\jvpytddxshm.ini moved successfully.
C:\Windows\System32\jvanbm.ini moved successfully.
C:\Windows\System32\jscxtijpp.ini moved successfully.
C:\Windows\System32\jecbuzopv.ini moved successfully.
C:\Windows\System32\jazdltqdat.ini moved successfully.
C:\Windows\System32\ixrmyzmuf.ini moved successfully.
C:\Windows\System32\ivz.ini moved successfully.
C:\Windows\System32\itshnv.ini moved successfully.
C:\Windows\System32\ithugwck.dat moved successfully.
C:\Windows\System32\isnvgwxvzx.ini moved successfully.
C:\Windows\System32\imisiwl.ini moved successfully.
C:\Windows\System32\ilppyukvb.ini moved successfully.
C:\Windows\System32\ikvd.ini moved successfully.
C:\Windows\System32\ifvbafbi.dat moved successfully.
C:\Windows\System32\iduxw.ini moved successfully.
C:\Windows\System32\ict.ini moved successfully.
C:\Windows\System32\ibqvywo.ini moved successfully.
C:\Windows\System32\hxpuo.dat moved successfully.
C:\Windows\System32\hxokmtz.ini moved successfully.
C:\Windows\System32\hulemjbpzih.dat moved successfully.
C:\Windows\System32\htzs.dat moved successfully.
C:\Windows\System32\htubwk.ini moved successfully.
C:\Windows\System32\hrfumedgw.ini moved successfully.
C:\Windows\System32\hqwxnfwmq.ini moved successfully.
C:\Windows\System32\hoboh.dat moved successfully.
C:\Windows\System32\hmzimwaq.dat moved successfully.
C:\Windows\System32\hiushfclfla.ini moved successfully.
C:\Windows\System32\hhxjfatux.dat moved successfully.
C:\Windows\System32\hgu.ini moved successfully.
C:\Windows\System32\hgdxppghmnp.dat moved successfully.
C:\Windows\System32\hfaptb.dat moved successfully.
C:\Windows\System32\hbqnkzjqm.dat moved successfully.
C:\Windows\System32\gzswrdxw.ini moved successfully.
C:\Windows\System32\gxveh.dat moved successfully.
C:\Windows\System32\gxiglgpq.ini moved successfully.
C:\Windows\System32\gwegf.dat moved successfully.
C:\Windows\System32\gswxesatox.ini moved successfully.
C:\Windows\System32\gksspjwk.dat moved successfully.
C:\Windows\System32\gjrxn.dat moved successfully.
C:\Windows\System32\giemuzl.ini moved successfully.
C:\Windows\System32\ghdvcccqxcv.ini moved successfully.
C:\Windows\System32\ggjxmqh.ini moved successfully.
C:\Windows\System32\gecrm.ini moved successfully.
C:\Windows\System32\gcgii.ini moved successfully.
C:\Windows\System32\gbx.ini moved successfully.
C:\Windows\System32\fzzu.dat moved successfully.
C:\Windows\System32\fyvyvw.ini moved successfully.
C:\Windows\System32\fqat.dat moved successfully.
C:\Windows\System32\fnyj.ini moved successfully.
C:\Windows\System32\fnxe.dat moved successfully.
C:\Windows\System32\fmlgoxxnn.ini moved successfully.
C:\Windows\System32\fkuuzbgv.dat moved successfully.
C:\Windows\System32\fhagevihj.dat moved successfully.
C:\Windows\fas.ini moved successfully.
C:\Windows\System32\ezafudvoiyt.ini moved successfully.
C:\Windows\err.ini moved successfully.
C:\Windows\System32\epuzw.ini moved successfully.
C:\Windows\System32\ehe.dat moved successfully.
C:\Windows\System32\egskehx.ini moved successfully.
C:\Windows\eewo.ini moved successfully.
C:\Windows\System32\eesejbzog.ini moved successfully.
C:\Windows\System32\edsljcdivuy.ini moved successfully.
C:\Windows\ecisfvuhpa.ini moved successfully.
C:\Windows\System32\dxrnzku.ini moved successfully.
C:\Windows\System32\dqajfj.ini moved successfully.
C:\Windows\System32\dmuuqmc.ini moved successfully.
C:\Windows\System32\dmtlsnues.dat moved successfully.
C:\Windows\System32\dkfd.ini moved successfully.
C:\Windows\System32\djzobvavx.ini moved successfully.
C:\Windows\System32\dgppwo.dat moved successfully.
C:\Windows\System32\dgckkqqq.ini moved successfully.
C:\Windows\System32\dfswulgomz.ini moved successfully.
C:\Windows\System32\detwvkklv.ini moved successfully.
C:\Windows\System32\defhdp.ini moved successfully.
C:\Windows\System32\ctxnogspj.ini moved successfully.
C:\Windows\System32\cqbt.ini moved successfully.
C:\Windows\System32\cntaml.ini moved successfully.
C:\Windows\System32\civwzqm.ini moved successfully.
C:\Windows\System32\cfclssx.ini moved successfully.
C:\Windows\System32\cdntf.dat moved successfully.
C:\Windows\System32\cbqynozbpo.ini moved successfully.
C:\Windows\System32\cbgvboorrjj.dat moved successfully.
C:\Windows\System32\bzyz.dat moved successfully.
C:\Windows\System32\byoqvakieh.ini moved successfully.
C:\Windows\System32\bxqecmpfn.ini moved successfully.
C:\Windows\System32\bulcyfilrrd.dat moved successfully.
C:\Windows\System32\bsxkwl.dat moved successfully.
C:\Windows\System32\bsmobir.dat moved successfully.
C:\Windows\System32\blxcchdo.dat moved successfully.
C:\Windows\System32\betjex.ini moved successfully.
C:\Windows\baxqskha.dat moved successfully.
C:\Windows\System32\azuxhafgo.ini moved successfully.
C:\Windows\System32\ayyyufnvi.ini moved successfully.
C:\Windows\System32\auemdu.ini moved successfully.
C:\Windows\System32\aso.dat moved successfully.
C:\Windows\System32\arembuqqlhl.ini moved successfully.
C:\Windows\System32\apluecjxljh.ini moved successfully.
C:\Windows\System32\akjgqsepny.ini moved successfully.
C:\Windows\System32\ajnzyssdz.dat moved successfully.
C:\Windows\System32\ajfm.ini moved successfully.
C:\Windows\System32\aesvs.dat moved successfully.
C:\Windows\System32\aclcvmx.ini moved successfully.
C:\.rnd moved successfully.
File C:\Windows\system32\tasks\DealPlyUpdate not found.
ADS C:\ProgramData\TEMP:56E2E879 deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Léo
->Temp folder emptied: 109143111 bytes
->Temporary Internet Files folder emptied: 20341244 bytes
->Java cache emptied: 1004406 bytes
->FireFox cache emptied: 77675653 bytes
->Google Chrome cache emptied: 350536598 bytes
->Flash cache emptied: 1472 bytes

User: L‚o

User: Public

User: Teste Warcraft
->Temp folder emptied: 538090743 bytes
->Temporary Internet Files folder emptied: 16745153 bytes
->Java cache emptied: 455474 bytes
->FireFox cache emptied: 61444889 bytes
->Google Chrome cache emptied: 364667308 bytes
->Flash cache emptied: 1908 bytes

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 795976 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6934296 bytes
RecycleBin emptied: 242745313 bytes

Total Files Cleaned = 1.708,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11042012_201409

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...








Log do HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 20:33:23, on 04/11/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
C:\Windows\notepad.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Keyboard status\Key_status.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Léo\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.../?pid=%s&aid=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=947195188
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 173.212.255.178 embedded.garena.com
O1 - Hosts: 173.212.255.178 embedded.garenanow.com
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\GinyasBrowserCompanion\jsloader.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\GinyasBrowserCompanion\updatebhoWin32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Acelerador de Downloads\iefdm2.dll
O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: tbhcn.lnk = ?
O4 - Global Startup: Key_status.lnk = C:\Program Files\Keyboard status\Key_status.exe
O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\GinyasBrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\GinyasBrowserCompanion\tdataprotocol.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\GinyasBrowserCompanion\tdataprotocol.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Editado por Supra, 04 novembro 2012 - 19:40.


#12
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 57.167 posts
Supra,

Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


CREATERESTOREPOINT
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%PROGRAMFILES%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\system32\tasks\*.* /s
%windir%\tasks\*.* /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
/md5start
services.*
/md5stop


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Imagem Postada

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#13
Supra

Supra

    Novato

  • Novato
  • Pip
  • 14 posts
Ciro, desculpe, mas quando eu colei o texto no OTL, depois acabei clicando sem querer em "consertar" em vez de clicar no "verificar". Depois disso, apareceu uma mensagem de sucesso (falando que foi consertado, algo assim), daí então eu colei novamente e aí cliquei em "verificar". O processo de verificação iniciou e, quando terminou, só abriu o OTL.txt.

Arquivo(s) anexado(s)

  • Arquivo anexado  OTL.Txt   355,31K   1 Downloads


#14
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 57.167 posts
Supra,

Você não me deve desculpas, porém é interessante ter cuidado ao seguir as instruções, em uma bobeira dessas você poderá inutilizar seu sistema operacional. Sugiro também mais cuidado com os programas que instala para evitar a instalação de adwares no PC.

-----------

Selecione e copie o texto dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.

:OTL
PRC - [2012/10/21 10:52:20 | 000,741,056 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe
MOD - [2012/10/21 10:52:20 | 000,741,056 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/
IE - HKLM\..\SearchScopes\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DyDyCyDyBtCyEtCtA0A0EtN0D0Tzu0CtAtDzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=947195188
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?pid=%s&aid=%s
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {33D59858-89D9-4AC2-A956-93875EB02323}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=4412_1&babsrc=SP_ss&mntrId=823513ae00000000000000ff49f58324
IE - HKCU\..\SearchScopes\{33D59858-89D9-4AC2-A956-93875EB02323}: "URL" = http://find.localstrike.net/?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}: "URL" = http://isearch.avg.com/search?cid={59501A9A-D290-4C36-8208-2E5EDB7007CA}&mid=8562cc90ffe247d0a7ced1a90aeba32d-57ecd0b1cdd608290096e7ae5f4c5b5e6ab1bed3&lang=en&ds=ft011&pr=sa&d=2012-11-04 01:46:12&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DyDyCyDyBtCyEtCtA0A0EtN0D0Tzu0CtAtDzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=947195188
FF - prefs.js..browser.search.defaultenginename: "Speedbit"
FF - prefs.js..browser.search.defaulturl: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
FF - prefs.js..browser.search.order.1: "Speedbit"
FF - prefs.js..browser.search.selectedEngine: "Speedbit"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.speedbit.com/?pid=%s&aid=%s"
FF - prefs.js..keyword.URL: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
[2012/11/04 03:16:16 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Léo\AppData\Roaming\mozilla\Firefox\Profiles\kkze6pft.default\extensions\bbrs_002@blabbers.com
[2012/11/04 03:14:53 | 000,009,787 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\Funmoods.xml
[2011/08/30 17:37:02 | 000,002,156 | ---- | M] () -- C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\localstrike-search.xml
[2012/11/04 01:45:34 | 000,003,546 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/11/04 03:16:14 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/22 01:05:39 | 000,000,429 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
CHR - homepage: http://find.localstrike.net/
CHR - default_search_provider: LocalStrike Search (Enabled)
CHR - default_search_provider: search_url = http://find.localstrike.net/?q={searchTerms}
CHR - homepage: http://find.localstrike.net/
CHR - Extension: Funmoods = C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: Ginyas Browser Companion = C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
O2 - BHO: (Ginyas Browser Companion) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Arquivos de Programas\GinyasBrowserCompanion\jsloader.dll ( )
O2 - BHO: (Ginyas Browser Companion Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Arquivos de Programas\GinyasBrowserCompanion\updatebhoWin32.dll ( )
O4 - Startup: C:\Users\Léo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe ()
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
[2012/11/04 03:16:14 | 000,000,000 | ---D | C] -- C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion
[2012/11/04 03:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\GinyasBrowserCompanion
[2012/11/04 03:16:05 | 000,000,000 | ---D | C] -- C:\Users\Léo\AppData\Roaming\Babylon
[2012/11/04 03:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/08/25 03:17:55 | 000,000,000 | ---D | C] -- C:\Users\Léo\AppData\Roaming\Positivo
[2012/08/25 03:17:09 | 000,000,000 | ---D | C] -- C:\Positivo
[2012/11/05 18:54:07 | 000,000,600 | ---- | M] () -- C:\Users\Léo\AppData\Local\PUTTY.RND
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zzmbkjttcv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zyadeizbstq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zvxuplfqaiv.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zmulmsalvp.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zmpm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zlvlgaoro.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zhbezzk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zgtn.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\zbu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yztg.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ywcotf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yruogei.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yqwnxmuqkr.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ynbpico.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yft.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yfguqg.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yfddtyco.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\yeqc.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ybcwdcj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xrjmwls.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xratz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xnrwoffi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xkiazoygsu.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xitroqxj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\xibfo.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xhxj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xhliavnncf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xhi.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xhepiahgu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xei.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xdu.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xbwudob.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xbeumyws.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\xabxrnwognq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wztapis.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wvpmojcpagc.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wvmaql.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wuienx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wtkvqxla.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wmcwjfwebcg.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wmaeoulj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wjjkwjxof.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wjd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\wgfzxqxc.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vwx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vwvpxtf.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vuzy.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vtccpjjxhbl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vpymgh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vky.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vhgdwwy.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vexcv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\vekhfmquvd.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\uvhkeoo.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\uuknvmo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\upqsk.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ujupkolaxz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\uilhoi.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\uhgxcxne.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ugh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\udixx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ubomomrwsdk.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\uaqqwmjt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tubh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tttpgilubhz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tmksiwyo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tjerrruiu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tixbprzs.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tgysztaa.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tgp.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\tcu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\szanch.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\swrosmstc.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\swmx.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\svh.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\surl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\sthnpbr.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\srt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\sqrvkkbktxz.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\sntlrnm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\slfzi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\skjqlknoa.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\skcx.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\sjzadmi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\sfsz.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rzuc.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rvitifkhda.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ruwy.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rumiqlhw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rtsquze.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rpz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\rnni.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rnaxcorvnpm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rmkgnn.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\riffaw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rifbww.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rhw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rfbddh.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\refyhravcw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rckntimj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\rbou.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qzegqoobxiy.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qxbus.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qttwzyei.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qsopsnklrnj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qrpcq.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qqqt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qqqewpfdl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qpghwlpi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qnretzig.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qheefqe.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\qgqkumwr.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\qbdvroefxtf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\pxluctu.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pvsbacopgo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\puxozpwjj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ptfcgaof.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\psxulyb.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\psuezqksw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pqognjycvt.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pqjjgvrcrr.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pplmagu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pjtdqi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\phcioojd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pefaimbebk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pedcjlq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pcpmvigyknw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pclkwlz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\pathdekgnl.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\oxxpcqneqfk.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ousspnt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\otvbczqzr.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\otorwgb.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\oofzxmm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\oofsbkfk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ooaomuyhvz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\onuhfaqdr.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\olhdsirhbjm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\olcfhmx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\okbzdweogsf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\oicryjbsxhd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ogn.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ogknbwh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ocduhsoaeky.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ntpp.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\npuailglpt.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\netcd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ndpxrjvfik.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\narceunvfsr.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mxdvmytw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mwzhlh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mwuwz.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mvhxlyyr.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mpuqpwyjjoe.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mlfml.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\minowwpnhw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mhymnl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mhefcltipun.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mflohpswrxl.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mcrrrdylbyb.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mbufohzbd.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\mbpbf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\maynwlp.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lxjydaq.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lwcnbd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lvzw.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lvjfqnrfy.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lqya.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lnm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lmkwvtfa.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\liif.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lhlcj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\lffhqjpt.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ldna.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ktkvvqws.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\kragnbr.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kppamcnflm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kokjkgnayl.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\knk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kkrk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kjvzwobzke.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kgqeevfnt.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kfkegdfzsmf.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kblu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\kaddzumq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jxqxva.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jvpytddxshm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jvanbm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jscxtijpp.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jecbuzopv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\jazdltqdat.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ixrmyzmuf.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ivz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\itshnv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ithugwck.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\isnvgwxvzx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\imisiwl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ilppyukvb.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ikvd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ifvbafbi.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\iduxw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ict.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ibqvywo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hxpuo.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hxokmtz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hulemjbpzih.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\htzs.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\htubwk.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hrfumedgw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hqwxnfwmq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hoboh.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hmzimwaq.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hiushfclfla.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hhxjfatux.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hgu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hgdxppghmnp.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hfaptb.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\hbqnkzjqm.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gzswrdxw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gxveh.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gxiglgpq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gwegf.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gswxesatox.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gksspjwk.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gjrxn.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\giemuzl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ghdvcccqxcv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ggjxmqh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gecrm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gcgii.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\gbx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fzzu.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fyvyvw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fqat.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fnyj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fnxe.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fmlgoxxnn.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fkuuzbgv.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\fhagevihj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\fas.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ezafudvoiyt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\err.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\epuzw.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ehe.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\egskehx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\eewo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\eesejbzog.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\edsljcdivuy.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\ecisfvuhpa.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dxrnzku.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dqajfj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dmuuqmc.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dmtlsnues.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dkfd.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\djzobvavx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dgppwo.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dgckkqqq.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\dfswulgomz.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\detwvkklv.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\defhdp.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ctxnogspj.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cqbt.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cntaml.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\civwzqm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cfclssx.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cdntf.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cbqynozbpo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\cbgvboorrjj.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\bzyz.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\byoqvakieh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\bxqecmpfn.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\bulcyfilrrd.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\bsxkwl.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\bsmobir.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\blxcchdo.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\betjex.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\baxqskha.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\azuxhafgo.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ayyyufnvi.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\auemdu.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\aso.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\arembuqqlhl.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\apluecjxljh.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\akjgqsepny.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ajnzyssdz.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\ajfm.ini
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\aesvs.dat
[2012/11/04 23:30:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\aclcvmx.ini
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão Imagem Postada

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#15
Supra

Supra

    Novato

  • Novato
  • Pip
  • 14 posts
All processes killed
========== OTL ==========
No active process named tbhcn.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33D59858-89D9-4AC2-A956-93875EB02323}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33D59858-89D9-4AC2-A956-93875EB02323}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ED4AAFF-B4A5-F100-31E4-1513A74D6C2C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "Speedbit" removed from browser.search.defaultenginename
Prefs.js: "http://home.speedbit...d=%s&shr=%d&q=" removed from browser.search.defaulturl
Prefs.js: "Speedbit" removed from browser.search.order.1
Prefs.js: "Speedbit" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://home.speedbit...?pid=%s&aid=%s" removed from browser.startup.homepage
Prefs.js: "http://home.speedbit...d=%s&shr=%d&q=" removed from keyword.URL
Folder C:\Users\Léo\AppData\Roaming\mozilla\Firefox\Profiles\kkze6pft.default\extensions\bbrs_002@blabbers.com\ not found.
File C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\Funmoods.xml not found.
File C:\Users\Léo\AppData\Roaming\mozilla\firefox\profiles\kkze6pft.default\searchplugins\localstrike-search.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\v9.xml not found.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
File C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0 not found.
File C:\Users\Léo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ not found.
File C:\Arquivos de Programas\GinyasBrowserCompanion\jsloader.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}\ not found.
File C:\Arquivos de Programas\GinyasBrowserCompanion\updatebhoWin32.dll not found.
File move failed. C:\Users\Léo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk scheduled to be moved on reboot.
File C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe not found.
File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ not found.
File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.
File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ not found.
File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.
File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox\ not found.
File C:\Arquivos de Programas\GinyasBrowserCompanion\tdataprotocol.dll not found.
Folder C:\Users\Léo\AppData\Roaming\GinyasBrowserCompanion\ not found.
Folder C:\Program Files\GinyasBrowserCompanion\ not found.
Folder C:\Users\Léo\AppData\Roaming\Babylon\ not found.
Folder C:\ProgramData\Babylon\ not found.
Folder C:\Users\Léo\AppData\Roaming\Positivo\ not found.
Folder C:\Positivo\ not found.
File C:\Users\Léo\AppData\Local\PUTTY.RND not found.
File C:\Windows\System32\zzmbkjttcv.ini not found.
File C:\Windows\System32\zyadeizbstq.ini not found.
File C:\Windows\System32\zvxuplfqaiv.dat not found.
File C:\Windows\System32\zmulmsalvp.ini not found.
File C:\Windows\System32\zmpm.dat not found.
File C:\Windows\System32\zlvlgaoro.dat not found.
File C:\Windows\System32\zhbezzk.ini not found.
File C:\Windows\System32\zgtn.dat not found.
File C:\Windows\System32\zbu.ini not found.
File C:\Windows\System32\yztg.dat not found.
File C:\Windows\System32\ywcotf.ini not found.
File C:\Windows\System32\yruogei.ini not found.
File C:\Windows\System32\yqwnxmuqkr.ini not found.
File C:\Windows\System32\ynbpico.ini not found.
File C:\Windows\System32\yft.ini not found.
File C:\Windows\System32\yfguqg.dat not found.
File C:\Windows\System32\yfddtyco.ini not found.
File C:\Windows\System32\yeqc.ini not found.
File C:\Windows\System32\ybcwdcj.ini not found.
File C:\Windows\System32\xrjmwls.ini not found.
File C:\Windows\System32\xratz.ini not found.
File C:\Windows\System32\xnrwoffi.ini not found.
File C:\Windows\System32\xkiazoygsu.dat not found.
File C:\Windows\System32\xitroqxj.dat not found.
File C:\Windows\xibfo.dat not found.
File C:\Windows\System32\xhxj.ini not found.
File C:\Windows\System32\xhliavnncf.ini not found.
File C:\Windows\System32\xhi.dat not found.
File C:\Windows\System32\xhepiahgu.ini not found.
File C:\Windows\System32\xei.ini not found.
File C:\Windows\System32\xdu.dat not found.
File C:\Windows\System32\xbwudob.ini not found.
File C:\Windows\System32\xbeumyws.ini not found.
File C:\Windows\System32\xabxrnwognq.ini not found.
File C:\Windows\System32\wztapis.ini not found.
File C:\Windows\System32\wvpmojcpagc.ini not found.
File C:\Windows\System32\wvmaql.ini not found.
File C:\Windows\System32\wuienx.ini not found.
File C:\Windows\System32\wtkvqxla.ini not found.
File C:\Windows\System32\wmcwjfwebcg.dat not found.
File C:\Windows\System32\wmaeoulj.ini not found.
File C:\Windows\System32\wjjkwjxof.dat not found.
File C:\Windows\System32\wjd.ini not found.
File C:\Windows\System32\wgfzxqxc.dat not found.
File C:\Windows\System32\vwx.ini not found.
File C:\Windows\System32\vwvpxtf.dat not found.
File C:\Windows\System32\vuzy.ini not found.
File C:\Windows\System32\vtccpjjxhbl.ini not found.
File C:\Windows\System32\vpymgh.ini not found.
File C:\Windows\System32\vky.dat not found.
File C:\Windows\System32\vhgdwwy.ini not found.
File C:\Windows\System32\vexcv.ini not found.
File C:\Windows\System32\vekhfmquvd.dat not found.
File C:\Windows\System32\uvhkeoo.dat not found.
File C:\Windows\System32\uuknvmo.ini not found.
File C:\Windows\System32\upqsk.dat not found.
File C:\Windows\System32\ujupkolaxz.ini not found.
File C:\Windows\System32\uilhoi.dat not found.
File C:\Windows\System32\uhgxcxne.ini not found.
File C:\Windows\System32\ugh.ini not found.
File C:\Windows\System32\udixx.ini not found.
File C:\Windows\System32\ubomomrwsdk.dat not found.
File C:\Windows\System32\uaqqwmjt.ini not found.
File C:\Windows\System32\tubh.ini not found.
File C:\Windows\System32\tttpgilubhz.ini not found.
File C:\Windows\System32\tmksiwyo.ini not found.
File C:\Windows\System32\tjerrruiu.ini not found.
File C:\Windows\System32\tixbprzs.dat not found.
File C:\Windows\System32\tgysztaa.ini not found.
File C:\Windows\System32\tgp.dat not found.
File C:\Windows\System32\tcu.ini not found.
File C:\Windows\System32\szanch.dat not found.
File C:\Windows\System32\swrosmstc.ini not found.
File C:\Windows\System32\swmx.dat not found.
File C:\Windows\System32\svh.dat not found.
File C:\Windows\System32\surl.ini not found.
File C:\Windows\System32\sthnpbr.ini not found.
File C:\Windows\System32\srt.ini not found.
File C:\Windows\System32\sqrvkkbktxz.dat not found.
File C:\Windows\System32\sntlrnm.dat not found.
File C:\Windows\System32\slfzi.ini not found.
File C:\Windows\System32\skjqlknoa.ini not found.
File C:\Windows\System32\skcx.dat not found.
File C:\Windows\System32\sjzadmi.ini not found.
File C:\Windows\System32\sfsz.dat not found.
File C:\Windows\System32\rzuc.ini not found.
File C:\Windows\System32\rvitifkhda.ini not found.
File C:\Windows\System32\ruwy.dat not found.
File C:\Windows\System32\rumiqlhw.dat not found.
File C:\Windows\System32\rtsquze.dat not found.
File C:\Windows\System32\rpz.ini not found.
File C:\Windows\rnni.ini not found.
File C:\Windows\System32\rnaxcorvnpm.ini not found.
File C:\Windows\System32\rmkgnn.ini not found.
File C:\Windows\System32\riffaw.ini not found.
File C:\Windows\System32\rifbww.ini not found.
File C:\Windows\System32\rhw.dat not found.
File C:\Windows\System32\rfbddh.dat not found.
File C:\Windows\refyhravcw.dat not found.
File C:\Windows\System32\rckntimj.dat not found.
File C:\Windows\System32\rbou.dat not found.
File C:\Windows\System32\qzegqoobxiy.ini not found.
File C:\Windows\System32\qxbus.dat not found.
File C:\Windows\System32\qttwzyei.dat not found.
File C:\Windows\System32\qsopsnklrnj.dat not found.
File C:\Windows\System32\qrpcq.dat not found.
File C:\Windows\System32\qqqt.ini not found.
File C:\Windows\System32\qqqewpfdl.ini not found.
File C:\Windows\System32\qpghwlpi.ini not found.
File C:\Windows\System32\qnretzig.ini not found.
File C:\Windows\System32\qheefqe.dat not found.
File C:\Windows\qgqkumwr.ini not found.
File C:\Windows\System32\qbdvroefxtf.ini not found.
File C:\Windows\pxluctu.dat not found.
File C:\Windows\System32\pvsbacopgo.ini not found.
File C:\Windows\System32\puxozpwjj.dat not found.
File C:\Windows\System32\ptfcgaof.dat not found.
File C:\Windows\System32\psxulyb.ini not found.
File C:\Windows\System32\psuezqksw.dat not found.
File C:\Windows\System32\pqognjycvt.dat not found.
File C:\Windows\System32\pqjjgvrcrr.ini not found.
File C:\Windows\System32\pplmagu.ini not found.
File C:\Windows\System32\pjtdqi.ini not found.
File C:\Windows\System32\phcioojd.ini not found.
File C:\Windows\System32\pefaimbebk.ini not found.
File C:\Windows\System32\pedcjlq.ini not found.
File C:\Windows\System32\pcpmvigyknw.dat not found.
File C:\Windows\System32\pclkwlz.ini not found.
File C:\Windows\System32\pathdekgnl.dat not found.
File C:\Windows\System32\oxxpcqneqfk.dat not found.
File C:\Windows\System32\ousspnt.ini not found.
File C:\Windows\System32\otvbczqzr.dat not found.
File C:\Windows\System32\otorwgb.ini not found.
File C:\Windows\System32\oofzxmm.dat not found.
File C:\Windows\System32\oofsbkfk.ini not found.
File C:\Windows\System32\ooaomuyhvz.ini not found.
File C:\Windows\System32\onuhfaqdr.dat not found.
File C:\Windows\System32\olhdsirhbjm.dat not found.
File C:\Windows\System32\olcfhmx.ini not found.
File C:\Windows\System32\okbzdweogsf.ini not found.
File C:\Windows\System32\oicryjbsxhd.ini not found.
File C:\Windows\System32\ogn.ini not found.
File C:\Windows\System32\ogknbwh.ini not found.
File C:\Windows\System32\ocduhsoaeky.ini not found.
File C:\Windows\System32\ntpp.ini not found.
File C:\Windows\System32\npuailglpt.dat not found.
File C:\Windows\System32\netcd.ini not found.
File C:\Windows\System32\ndpxrjvfik.dat not found.
File C:\Windows\System32\narceunvfsr.ini not found.
File C:\Windows\System32\mxdvmytw.ini not found.
File C:\Windows\System32\mwzhlh.ini not found.
File C:\Windows\System32\mwuwz.dat not found.
File C:\Windows\System32\mvhxlyyr.dat not found.
File C:\Windows\System32\mpuqpwyjjoe.ini not found.
File C:\Windows\System32\mlfml.ini not found.
File C:\Windows\System32\minowwpnhw.dat not found.
File C:\Windows\System32\mhymnl.ini not found.
File C:\Windows\System32\mhefcltipun.ini not found.
File C:\Windows\System32\mflohpswrxl.dat not found.
File C:\Windows\System32\mcrrrdylbyb.dat not found.
File C:\Windows\System32\mbufohzbd.dat not found.
File C:\Windows\System32\mbpbf.ini not found.
File C:\Windows\System32\maynwlp.ini not found.
File C:\Windows\System32\lxjydaq.dat not found.
File C:\Windows\System32\lwcnbd.ini not found.
File C:\Windows\System32\lvzw.dat not found.
File C:\Windows\System32\lvjfqnrfy.dat not found.
File C:\Windows\System32\lqya.dat not found.
File C:\Windows\System32\lnm.ini not found.
File C:\Windows\System32\lmkwvtfa.ini not found.
File C:\Windows\System32\liif.ini not found.
File C:\Windows\System32\lhlcj.ini not found.
File C:\Windows\System32\lffhqjpt.dat not found.
File C:\Windows\System32\ldna.ini not found.
File C:\Windows\System32\ktkvvqws.dat not found.
File C:\Windows\kragnbr.dat not found.
File C:\Windows\System32\kppamcnflm.dat not found.
File C:\Windows\System32\kokjkgnayl.dat not found.
File C:\Windows\System32\knk.ini not found.
File C:\Windows\System32\kkrk.ini not found.
File C:\Windows\System32\kjvzwobzke.ini not found.
File C:\Windows\System32\kgqeevfnt.dat not found.
File C:\Windows\System32\kfkegdfzsmf.dat not found.
File C:\Windows\System32\kblu.ini not found.
File C:\Windows\System32\kaddzumq.ini not found.
File C:\Windows\System32\jxqxva.ini not found.
File C:\Windows\System32\jvpytddxshm.ini not found.
File C:\Windows\System32\jvanbm.ini not found.
File C:\Windows\System32\jscxtijpp.ini not found.
File C:\Windows\System32\jecbuzopv.ini not found.
File C:\Windows\System32\jazdltqdat.ini not found.
File C:\Windows\System32\ixrmyzmuf.ini not found.
File C:\Windows\System32\ivz.ini not found.
File C:\Windows\System32\itshnv.ini not found.
File C:\Windows\System32\ithugwck.dat not found.
File C:\Windows\System32\isnvgwxvzx.ini not found.
File C:\Windows\System32\imisiwl.ini not found.
File C:\Windows\System32\ilppyukvb.ini not found.
File C:\Windows\System32\ikvd.ini not found.
File C:\Windows\System32\ifvbafbi.dat not found.
File C:\Windows\System32\iduxw.ini not found.
File C:\Windows\System32\ict.ini not found.
File C:\Windows\System32\ibqvywo.ini not found.
File C:\Windows\System32\hxpuo.dat not found.
File C:\Windows\System32\hxokmtz.ini not found.
File C:\Windows\System32\hulemjbpzih.dat not found.
File C:\Windows\System32\htzs.dat not found.
File C:\Windows\System32\htubwk.ini not found.
File C:\Windows\System32\hrfumedgw.ini not found.
File C:\Windows\System32\hqwxnfwmq.ini not found.
File C:\Windows\System32\hoboh.dat not found.
File C:\Windows\System32\hmzimwaq.dat not found.
File C:\Windows\System32\hiushfclfla.ini not found.
File C:\Windows\System32\hhxjfatux.dat not found.
File C:\Windows\System32\hgu.ini not found.
File C:\Windows\System32\hgdxppghmnp.dat not found.
File C:\Windows\System32\hfaptb.dat not found.
File C:\Windows\System32\hbqnkzjqm.dat not found.
File C:\Windows\System32\gzswrdxw.ini not found.
File C:\Windows\System32\gxveh.dat not found.
File C:\Windows\System32\gxiglgpq.ini not found.
File C:\Windows\System32\gwegf.dat not found.
File C:\Windows\System32\gswxesatox.ini not found.
File C:\Windows\System32\gksspjwk.dat not found.
File C:\Windows\System32\gjrxn.dat not found.
File C:\Windows\System32\giemuzl.ini not found.
File C:\Windows\System32\ghdvcccqxcv.ini not found.
File C:\Windows\System32\ggjxmqh.ini not found.
File C:\Windows\System32\gecrm.ini not found.
File C:\Windows\System32\gcgii.ini not found.
File C:\Windows\System32\gbx.ini not found.
File C:\Windows\System32\fzzu.dat not found.
File C:\Windows\System32\fyvyvw.ini not found.
File C:\Windows\System32\fqat.dat not found.
File C:\Windows\System32\fnyj.ini not found.
File C:\Windows\System32\fnxe.dat not found.
File C:\Windows\System32\fmlgoxxnn.ini not found.
File C:\Windows\System32\fkuuzbgv.dat not found.
File C:\Windows\System32\fhagevihj.dat not found.
File C:\Windows\fas.ini not found.
File C:\Windows\System32\ezafudvoiyt.ini not found.
File C:\Windows\err.ini not found.
File C:\Windows\System32\epuzw.ini not found.
File C:\Windows\System32\ehe.dat not found.
File C:\Windows\System32\egskehx.ini not found.
File C:\Windows\eewo.ini not found.
File C:\Windows\System32\eesejbzog.ini not found.
File C:\Windows\System32\edsljcdivuy.ini not found.
File C:\Windows\ecisfvuhpa.ini not found.
File C:\Windows\System32\dxrnzku.ini not found.
File C:\Windows\System32\dqajfj.ini not found.
File C:\Windows\System32\dmuuqmc.ini not found.
File C:\Windows\System32\dmtlsnues.dat not found.
File C:\Windows\System32\dkfd.ini not found.
File C:\Windows\System32\djzobvavx.ini not found.
File C:\Windows\System32\dgppwo.dat not found.
File C:\Windows\System32\dgckkqqq.ini not found.
File C:\Windows\System32\dfswulgomz.ini not found.
File C:\Windows\System32\detwvkklv.ini not found.
File C:\Windows\System32\defhdp.ini not found.
File C:\Windows\System32\ctxnogspj.ini not found.
File C:\Windows\System32\cqbt.ini not found.
File C:\Windows\System32\cntaml.ini not found.
File C:\Windows\System32\civwzqm.ini not found.
File C:\Windows\System32\cfclssx.ini not found.
File C:\Windows\System32\cdntf.dat not found.
File C:\Windows\System32\cbqynozbpo.ini not found.
File C:\Windows\System32\cbgvboorrjj.dat not found.
File C:\Windows\System32\bzyz.dat not found.
File C:\Windows\System32\byoqvakieh.ini not found.
File C:\Windows\System32\bxqecmpfn.ini not found.
File C:\Windows\System32\bulcyfilrrd.dat not found.
File C:\Windows\System32\bsxkwl.dat not found.
File C:\Windows\System32\bsmobir.dat not found.
File C:\Windows\System32\blxcchdo.dat not found.
File C:\Windows\System32\betjex.ini not found.
File C:\Windows\baxqskha.dat not found.
File C:\Windows\System32\azuxhafgo.ini not found.
File C:\Windows\System32\ayyyufnvi.ini not found.
File C:\Windows\System32\auemdu.ini not found.
File C:\Windows\System32\aso.dat not found.
File C:\Windows\System32\arembuqqlhl.ini not found.
File C:\Windows\System32\apluecjxljh.ini not found.
File C:\Windows\System32\akjgqsepny.ini not found.
File C:\Windows\System32\ajnzyssdz.dat not found.
File C:\Windows\System32\ajfm.ini not found.
File C:\Windows\System32\aesvs.dat not found.
File C:\Windows\System32\aclcvmx.ini not found.
ADS C:\ProgramData\TEMP:56E2E879 deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Léo
->Temp folder emptied: 416935 bytes
->Temporary Internet Files folder emptied: 139792 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 7841785 bytes
->Flash cache emptied: 0 bytes

User: L‚o

User: Public

User: Teste Warcraft
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11072012_103253

Files\Folders moved on Reboot...
File\Folder C:\Users\Léo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#16
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 57.167 posts
Supra,

Faltou postar o novo log do Hijackthis.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#17
Supra

Supra

    Novato

  • Novato
  • Pip
  • 14 posts
Ok, desculpe.




Logfile of HijackThis v1.99.1
Scan saved at 14:53:45, on 08/11/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Léo\AppData\Roaming\Dashlane\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlane.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Program Files\Keyboard status\Key_status.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\online\rgc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Léo\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.../?pid=%s&aid=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 173.212.255.178 embedded.garena.com
O1 - Hosts: 173.212.255.178 embedded.garenanow.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Léo\AppData\Roaming\Dashlane\bin\Dashlanei.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Acelerador de Downloads\iefdm2.dll
O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Léo\AppData\Roaming\Dashlane\bin\KWIEBar.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dashlane] C:\Users\Léo\AppData\Roaming\Dashlane\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlane.exe
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Key_status.lnk = C:\Program Files\Keyboard status\Key_status.exe
O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Dashlane Button - {40354A83-504E-4611-ACAE-3D137F6F595E} - C:\Users\Léo\AppData\Roaming\Dashlane\bin\Dashlanei.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

#18
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 57.167 posts
Supra,

Sugiro que tome mais cuidado ao instalar programas e extensões, você tem instalado muitos adwares no PC.

-----------

Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


CREATERESTOREPOINT
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%PROGRAMFILES%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\system32\tasks\*.* /s
%windir%\tasks\*.* /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
/md5start
services.*
/md5stop


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Imagem Postada

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt.
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#19
Supra

Supra

    Novato

  • Novato
  • Pip
  • 14 posts
Ok, Ciro. Obrigado.

Olha, só abriu um log de OTL.

Arquivo(s) anexado(s)

  • Arquivo anexado  OTL.Txt   313,77K   1 Downloads


#20
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 57.167 posts
Supra,

Caso ainda tenha o arquivo ComboFix na sua área de trabalho, exclua-o. Baixe uma nova cópia e salve novamente na área e trabalho, tente executá-lo.

http://download.blee...Bs/ComboFix.exe
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota