DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32 Run by Gilson at 18:26:49 on 2014-11-27 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.479.183 [GMT -2:00] . AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* . ============== Running Processes ================ . C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dmwu.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\Ralink\Common\RaRegistry.exe C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\jmdp\stij.exe C:\Arquivos de programas\Vimicro Corporation\VMUVC\VMonitor.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Ralink\Common\RaUI.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=WDC_WD800BB-00JHC0_WD-WCAM9E45937259372&ts=1381962567 mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=WDC_WD800BB-00JHC0_WD-WCAM9E45937259372&ts=1381962567 uInternet Connection Wizard,ShellNext = iexplore uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre6\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll BHO: Auxiliar de Conexćo do Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Downloada keeper: {C278F8F5-76AE-9EC0-5564-F1517A38E0B0} - c:\documents and settings\all users\dados de aplicativos\downloada keeper\FJBEGACaYU.dll BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [VMonitorVMUVC] "c:\arquivos de programas\vimicro corporation\vmuvc\VMonitor.exe" VMUVC mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe" mRun: [SweetIM] c:\arquivos de programas\sweetim\messenger\SweetIM.exe mRun: [Sweetpacks Communicator] c:\arquivos de programas\sweetim\communicator\SweetPacksUpdateManager.exe mRun: [SunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe" mRun: [AvastUI.exe] "c:\arquivos de programas\alwil software\avast5\AvastUI.exe" /nogui dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\gilson\menuin~1\progra~1\inicia~1\recort~1.lnk - c:\arquivos de programas\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ralink~1.lnk - c:\arquivos de programas\ralink\common\RaUI.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000 IE: Search the Web - c:\arquivos de programas\sweetim\toolbars\internet explorer\resources\menuext.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquivos de programas\microsoft office\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 4.2.2.1 4.2.2.2 TCP: Interfaces\{6C378D57-217F-4C19-A701-0888476FD6A8} : DHCPNameServer = 4.2.2.1 4.2.2.2 TCP: Interfaces\{8321BEE1-B678-474E-BAA3-D2C34A8CF7D1} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{BF72B4CD-745F-4D27-AAAB-E69D4B3C5081} : DHCPNameServer = 192.168.200.1 200.165.132.155 200.149.55.142 TCP: Interfaces\{D94E37A5-C84E-4B15-A0EA-A6233C9B6AB5} : DHCPNameServer = 4.2.2.1 4.2.2.2 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquivos de programas\arquivos comuns\skype\Skype4COM.dll Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\gilson\dados de aplicativos\mozilla\firefox\profiles\iso74d0x.default\ FF - prefs.js: browser.search.selectedEngine - Ask Search FF - prefs.js: browser.startup.homepage - about:home FF - plugin: c:\arquivos de programas\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\arquivos de programas\java\jre6\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\arquivos de programas\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\documents and settings\gilson\configurać§ćµes locais\dados de aplicativos\facebook\video\skype\npFacebookVideoCalling.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 80770739000000000000000c4389c2ad FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15826 FF - user.js: extensions.delta.vrsn - 1.8.16.16 FF - user.js: extensions.delta.vrsni - 1.8.16.16 FF - user.js: extensions.delta.vrsnTs - 1.8.16.1615:17:24 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-11 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-11 192352] R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2011-10-20 47192] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-12-3 779536] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2011-12-2 414520] R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-7-7 24184] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-11 67824] R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2011-12-2 50344] R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-6-2 1167152] R2 RalinkRegistryWriter;Ralink Registry Writer;c:\arquivos de programas\ralink\common\RaRegistry.exe [2011-7-21 185632] R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2011-7-21 19072] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\dados de aplicativos\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000] S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\skype\updater\Updater.exe [2013-10-23 172192] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2011-7-21 250752] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2011-7-21 398720] SUnknown GbpSv;GbpSv; [x] . =============== File Associations =============== . FileExt: .vbe: VBEFile=c:\windows\system32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist] FileExt: .vbs: VBSFile=c:\windows\system32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist] FileExt: .js: JSFile=c:\windows\system32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist] FileExt: .jse: JSEFile=c:\windows\system32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist] FileExt: .wsf: WSFFile=c:\windows\system32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist] . =============== Created Last 30 ================ . 2014-11-21 20:22:38 -------- d--h--w- c:\windows\system32issas . ==================== Find3M ==================== . 2014-11-27 01:54:33 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2013-07-12 23:28:46 0 ----a-w- c:\arquivos de programas\GUT5.tmp 2013-06-22 15:41:28 4096000 ----a-w- c:\arquivos de programas\GUT4.tmp . ============= FINISH: 18:27:44,71 ===============