Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
MicaelCarneiro

Virus pelo pendrive

Recommended Posts

Oi, usei um pendrive de uma amiga e encheu o notebook com vírus e desde então não consigo usar alguns programas e restaurar o sistema. Queria saber como posso tirar tudo. Segue os logs abaixo:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL

Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2

Run by usuario at 10:58:23 on 2013-07-11

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3895.2793 [GMT -3:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=EE225CAC4C96E71B&affID=119352&tt=040713_ifrmful&tsp=4938

uSearch Bar = hxxp://www.bing.com

uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome

mWinlogon: Userinit = userinit.exe,

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: SuperLyrics: {3F954646-744D-46D8-8E07-AEF2486FAB9F} - C:\Program Files (x86)\SuperLyrics\sprlrcs.dll

BHO: LyricsTab: {3FBEAF13-3559-41DC-B964-C695708A0751} - C:\Program Files (x86)\LyricsTab\120.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [662d] C:\Users\usuario\AppData\Roaming\70\662d.js

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\373.js

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001025-0002-0025-ABCDEFFEDCBC} - <orphaned>

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 10.1.1.1 192.168.0.1

TCP: Interfaces\{3829A31C-A22C-4B5C-93E8-016BE67BDB53} : DHCPNameServer = 10.1.1.1 192.168.0.1

TCP: Interfaces\{3829A31C-A22C-4B5C-93E8-016BE67BDB53}\46C696E6B6 : DHCPNameServer = 10.1.1.1 192.168.0.1

TCP: Interfaces\{BFCF7D4B-FB4E-4831-824E-47612518372D} : DHCPNameServer = 10.1.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\oudn2zc6.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-06-06 09:45; findlyrics@findlyrics.co; C:\Program Files (x86)\FindLyrics\FF

FF - ExtSQL: 2013-07-05 15:46; {c50ca3c4-5656-43c2-a061-13e717f73fc8}; C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\oudn2zc6.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi

FF - ExtSQL: 2013-07-06 12:07; translator@zoli.bod; C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\oudn2zc6.default\extensions\translator@zoli.bod.xpi

FF - ExtSQL: 2013-07-08 23:21; superlrcs@svenyor.net; C:\Program Files (x86)\SuperLyrics\FF

FF - ExtSQL: 2013-07-10 08:29; connect@LyricsTab.co; C:\Program Files (x86)\LyricsTab\120.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - ee22da620000000000005cac4c96e71b

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15895

FF - user.js: extensions.delta.vrsn - 1.8.21.5

FF - user.js: extensions.delta.vrsni - 1.8.21.5

FF - user.js: extensions.delta.vrsnTs - 1.8.21.523:22:40

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - pt

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.ffxUnstlRst - true

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta_i.babTrack - affID=119352&tt=040713_ifrmful&tsp=4938

FF - user.js: extensions.delta_i.babExt -

FF - user.js: extensions.delta_i.srcExt - ss

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

FF - user.js: extensions.autoDisableScopes - 0

FF - user.js: extensions.shownSelectionUI - true

.

============= SERVICES / DRIVERS ===============

.

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-6 65336]

S0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-6 189936]

S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-7 1030952]

S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-7 378944]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe [2012-12-7 89600]

S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-7 33400]

S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-7 80816]

S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-7-5 46808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2013-2-28 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-2-28 128512]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-7 13336]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-8 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-8 701512]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]

S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S2 WMCoreService;Mobile Broadband Core Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [2009-10-28 444416]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-12-11 172704]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-12-7 151936]

S3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-7 244736]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-8 25928]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-9 19456]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-9 57856]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-11 1255736]

.

=============== Created Last 30 ================

.

2013-07-11 02:32:54 -------- d-----w- C:\ProgramData\eMule

2013-07-11 02:32:07 -------- d-----w- C:\Users\usuario\AppData\Local\eMule

2013-07-11 02:32:03 -------- d-----w- C:\Program Files (x86)\eMule

2013-07-11 02:31:56 -------- d-----w- C:\Program Files (x86)\DealPlyLive

2013-07-11 02:31:50 -------- d-----w- C:\Program Files (x86)\DealPly

2013-07-10 11:29:37 -------- d-----w- C:\Program Files (x86)\LyricsTab

2013-07-09 02:22:48 -------- d-----w- C:\Users\usuario\AppData\Roaming\Open It! - Zip Extractor Packages

2013-07-09 02:21:45 -------- d-----w- C:\Users\usuario\AppData\Roaming\DSite

2013-07-09 02:21:45 -------- d-----w- C:\ProgramData\Babylon

2013-07-09 02:21:45 -------- d-----w- C:\Program Files (x86)\SuperLyrics

2013-07-08 22:02:40 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-07-08 22:02:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-05 19:40:57 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{97871792-F37E-4930-9F6D-0F164FB6B89C}\mpengine.dll

2013-07-03 12:29:41 -------- d-sh--w- C:\Users\usuario\AppData\Roaming\70

2013-07-03 12:29:41 -------- d-sh--w- C:\71a

2013-07-01 12:22:39 -------- d-----w- C:\Users\usuario\AppData\Roaming\PSafe

2013-07-01 12:22:38 -------- d-----w- C:\Users\usuario\AppData\Local\PSafe

2013-07-01 12:22:38 -------- d-----w- C:\Users\usuario\AppData\Local\cache

2013-07-01 12:22:13 383488 ----a-r- C:\Windows\System32\PsClikS64.dll

2013-07-01 12:22:13 323584 ----a-r- C:\Windows\SysWow64\PsClikS.dll

2013-07-01 12:21:56 288688 ----a-r- C:\Windows\System32\drivers\360FltOEM.sys

2013-07-01 12:20:47 94208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

2013-07-01 12:20:47 140864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

2013-07-01 12:20:41 -------- d-----w- C:\Program Files (x86)\Real Alternative

2013-07-01 12:20:06 -------- d-----w- C:\ProgramData\PSafe

2013-06-30 23:50:17 -------- d-----w- C:\Users\usuario\AppData\Local\JDownloader v2.0

2013-06-30 23:49:06 -------- d-----w- C:\Users\usuario\AppData\Roaming\BabSolution

2013-06-23 13:31:09 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-20 21:56:42 -------- d-----w- C:\FOTOS NOAN

2013-06-18 16:51:37 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-06-14 19:07:12 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-06-14 19:07:06 -------- d-----w- C:\Users\usuario\AppData\Local\DealPlyLive

2013-06-14 19:07:06 -------- d-----w- C:\ProgramData\DealPlyLive

2013-06-14 19:07:03 -------- d-----w- C:\Users\usuario\AppData\Roaming\Dealply

2013-06-12 15:06:12 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-12 15:06:00 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-06-12 15:06:00 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-06-12 15:04:45 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-06-12 15:04:45 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

.

==================== Find3M ====================

.

2013-07-05 17:21:12 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-07-05 17:21:12 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-06-23 13:31:00 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-23 13:31:00 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-12 16:19:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 16:19:36 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr

2013-05-02 05:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-27 17:10:45 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-04-27 17:10:45 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2010-01-26 12:11:08 444283 ----a-w- C:\Program Files\Common Files\WinPcapNmap.exe

.

============= FINISH: 10:58:50,43 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 07/12/2012 11:56:57

System Uptime: 11/07/2013 09:45:45 (1 hours ago)

.

Motherboard: Dell Inc. | | 056TK2

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU 1 | 2261/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 195 GiB total, 34,349 GiB free.

D: is FIXED (NTFS) - 270 GiB total, 228,39 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\SMO8800\1

Manufacturer:

Name:

PNP Device ID: ACPI\SMO8800\1

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: aswRvrt

Device ID: ROOT\LEGACY_ASWRVRT\0000

Manufacturer:

Name: aswRvrt

PNP Device ID: ROOT\LEGACY_ASWRVRT\0000

Service: aswRvrt

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: aswVmm

Device ID: ROOT\LEGACY_ASWVMM\0000

Manufacturer:

Name: aswVmm

PNP Device ID: ROOT\LEGACY_ASWVMM\0000

Service: aswVmm

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP135: 02/07/2013 10:00:48 - Windows Update

RP136: 05/07/2013 16:40:16 - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.21 (x64 edition)

ABBYY FineReader 9.0 Sprint

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03) - Português

Advanced Audio FX Engine

Ares 2.1.9

Ashampoo Burning Studio 2012 v10.0.15

Assistente de Conexão do Windows Live

µTorrent

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

aTube Catcher

avast! Free Antivirus

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Counter-Strike: Global Offensive

CutePDF Writer 3.0

Dell Touchpad

Dell Webcam Central

Dell Wireless HSPA Mini-Card Drivers

Delta Chrome Toolbar

Desinstalar impressora EPSON TX133 TX135 Series

DW WLAN Card Utility

eMule

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

Epson Event Manager

EPSON Scan

Ferramenta de Carregamento do Windows Live

FormatFactory 2.50

Glary Utilities 2.49.0.1600

Google Chrome

Google Earth

Google Update Helper

IDT Audio

Intel PROSet Wireless

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

Java 7 Update 25

Java Auto Updater

JDownloader 2

Live! Cam Avatar Creator

LyricsTab

Malwarebytes Anti-Malware versão 1.75.0.1300

Messenger Plus! 6

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Web Platform Installer 4.5

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

MorphVOX Pro

Mozilla Firefox 22.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2758694)

Nero 8 Essentials

neroxml

Open It! - Zip Extractor Packages

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pando Media Booster

PhotoScape

Real Alternative 2.0.2

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

RegClean Pro

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Skype Click to Call

Skype™ 6.1

Software Intel® PROSet/Wireless WiFi

Steam

Subtitle Workshop 2.51

SUPERAntiSpyware

SuperLyrics

System Requirements Lab for Intel

Text-To-Speech-Runtime

Unlocker 1.9.1-x64

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition

Update for Open It! - Zip Extractor

VC80CRTRedist - 8.0.50727.6195

VCRedistSetup

VDownloader 3.9.1360

VLC media player 2.0.7

WiFi-Manager SDK v4.3 Trial

WinAVI Video Converter

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Messenger

Windows Live Movie Maker

Windows Live Sync

WinPcap 4.1.1

WinRAR 4.20 (32-bit)

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-07-11 19:02:12

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB

Running: gmer.exe; Driver: C:\Users\usuario\AppData\Local\Temp\kxtiafow.sys

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_onexit] [2952a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_lock] [294f8]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!__dllonexit] [294c8]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_unlock] [2aa10]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!?terminate@@YAXXZ] [2a9c0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [2a978]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_amsg_exit] [2b048]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_initterm] [2b072]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_XcptFilter] [2b0a0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!memset] [2b11e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!malloc] [2b168]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!wcsstr] [2b192]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_ui64tow] [2b1ca]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!vswprintf_s] [2b212]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_vscwprintf] [2b250]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_wcsicmp] [2b2a2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!wcstok_s] [2b2c6]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!iswspace] [29602]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!memcmp] [2962e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!memcpy] [2968e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!wcstol] [296c4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!wcscspn] [2abcc]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!calloc] [2a5a2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!free] [2949a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!memmove_s] [29444]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!memcpy_s] [29410]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_wsplitpath_s] [293d2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_vsnwprintf] [29398]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!sqrtf] [2936e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!logf] [2933e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!__CxxFrameHandler3] [2930e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!_CxxThrowException] [292de]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[msvcrt.dll!ceilf] [292b2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetModuleHandleW] [29226]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateToolhelp32Snapshot] [291f4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetCurrentThreadId] [291cc]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!Sleep] [29194]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CompareStringOrdinal] [2915e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetVersion] [29128]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LocalFree] [290f8]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SetLastError] [290a8]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!DeactivateActCtx] [29058]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetLastError] [29006]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LoadLibraryW] [28fb4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetProcAddress] [28f68]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!ActivateActCtx] [28f36]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FindActCtxSectionStringW] [28f0a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateActCtxW] [28ee4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetModuleFileNameW] [28ebe]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetModuleHandleExW] [28e82]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!QueryActCtxW] [28e26]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!OutputDebugStringA] [28dfa]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CloseHandle] [28d60]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!WaitForSingleObject] [28c7a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateEventW] [28c5a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SetEvent] [28c3a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!DeleteFileW] [28c06]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CompareFileTime] [28bda]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!lstrlenW] [28bd0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SetFileAttributesW] [28b9c]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateFileW] [28b72]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalFree] [28b4a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateThread] [28b1e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LocalAlloc] [2976e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!lstrcmpW] [297ae]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!lstrcmpiW] [297d8]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FreeLibrary] [29804]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SizeofResource] [2984c]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LockResource] [29892]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LoadResource] [298c0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FindResourceW] [298f2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FindResourceExW] [29920]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetFileAttributesW] [29968]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetSystemTime] [299aa]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SystemTimeToTzSpecificLocalTime] [299e8]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!WaitForMultipleObjects] [29a16]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FileTimeToSystemTime] [29a42]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalAlloc] [29a72]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalReAlloc] [29aa2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SystemTimeToFileTime] [29ad6]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetTickCount] [29b02]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!Process32FirstW] [29b42]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!ReadFile] [29b86]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!WriteFile] [29bae]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SetFilePointerEx] [2a944]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FlushFileBuffers] [2a8fc]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetFileInformationByHandle] [2a8be]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalSize] [2a87e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalLock] [2a840]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GlobalUnlock] [2a80a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetCurrentProcessId] [2a7de]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FileTimeToLocalFileTime] [2a7a4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetDateFormatW] [2a770]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetTimeFormatW] [2a71c]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!FormatMessageW] [29bd8]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!ReleaseActCtx] [2a6dc]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [2a69c]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!DosDateTimeToFileTime] [2a672]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!EnumUILanguagesW] [2a64a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetUserDefaultUILanguage] [2a60a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetLocaleInfoW] [2a5c6]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetDriveTypeW] [2971c]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetProcessHeap] [2a55a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!HeapFree] [2a536]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!DisableThreadLibraryCalls] [2a4e8]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetSystemDirectoryW] [2a4ae]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetNumberFormatW] [2a478]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!MulDiv] [2a450]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetTempPathW] [2a41e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!CreateDirectoryW] [2a3ec]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!TzSpecificLocalTimeToSystemTime] [2a3c0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!QueryPerformanceCounter] [2a39c]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!QueryPerformanceFrequency] [2a364]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!ResetEvent] [2a342]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!LoadLibraryExA] [2a316]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!DelayLoadFailureHook] [2a2ee]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!HeapDestroy] [2a2b6]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!RaiseException] [2a240]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetVersionExA] [2a232]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [2a220]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!TerminateProcess] [2a1e2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetCurrentProcess] [2a1be]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!UnhandledExceptionFilter] [2a172]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [2a138]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!RtlVirtualUnwind] [2a0f2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!RtlLookupFunctionEntry] [2a0b0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!RtlCaptureContext] [2a088]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!Process32NextW] [2a046]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!OpenProcess] [2a01a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[KERNEL32.dll!GetProcessTimes] [29fd2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptAcquireContextW] [29f64]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptImportKey] [29f2e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptCreateHash] [29ede]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptHashData] [29ea4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptSignHashW] [29e80]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptDestroyHash] [29e62]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptDestroyKey] [29e44]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!CryptReleaseContext] [29e0a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!RegCloseKey] [29daa]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!RegOpenKeyExW] [29d7e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!RegQueryValueExW] [29d56]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[ADVAPI32.dll!RegEnumKeyW] [29d2a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!GetDeviceCaps] [28a64]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!DeleteDC] [28a54]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!GetTextExtentPoint32W] [2b356]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!GetStockObject] [2b332]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!GetTextExtentPointW] [2b34a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!CreateDIBSection] [0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!DeleteObject] [28ad4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[GDI32.dll!CreateCompatibleDC] [28af2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!StrRetToBufW] [283f6]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!SHGetThreadRef] [28410]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!SHRegGetValueW] [283d0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!StrStrIW] [283ae]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!PathCombineW] [28380]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!StrCmpIW] [2834c]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!StrStrW] [2833a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!StrCSpnW] [28330]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!PathFindFileNameW] [28314]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!StrFormatByteSizeW] [28308]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!StrCmpW] [282fc]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!SHGetValueW] [282ec]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!StrCmpLogicalW] [282c6]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!PathRemoveBlanksW] [282b6]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!AssocQueryKeyW] [282a4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!PathRemoveExtensionW] [28292]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!SHStrDupW] [28286]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!PathStripPathW] [2827a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!PathAddBackslashW] [28268]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!PathAppendW] [2824c]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!AssocCreate] [28232]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!PathFindExtensionW] [28218]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[sHLWAPI.dll!PathRemoveFileSpecW] [281e6]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!UnregisterClassA] [281b4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!DialogBoxParamW] [281a6]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!InsertMenuW] [2819a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!CharNextW] [28184]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!RemoveMenu] [2816c]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetSubMenu] [28160]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!TrackPopupMenu] [28148]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SetFocus] [28136]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SetForegroundWindow] [28126]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetForegroundWindow] [28114]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetShellWindow] [28108]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!LoadMenuW] [280f2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!DestroyMenu] [280dc]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!LoadStringW] [280c4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SendMessageW] [280b2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetClassNameW] [280a2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SetMenuDefaultItem] [28086]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!LoadIconW] [28072]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SetWindowTextW] [28060]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SetDlgItemTextW] [28050]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!EndDialog] [28042]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetDlgItem] [2b2f4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetWindowLongPtrW] [0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SetWindowLongPtrW] [80000000000000ba]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!IsDlgButtonChecked] [80000000000000a1]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!UnhookWindowsHookEx] [80000000000000a3]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SendDlgItemMessageW] [8000000000000004]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!CheckDlgButton] [8000000000000007]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!EnableWindow] [8000000000000002]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!ShowWindow] [8000000000000009]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetWindowLongW] [8000000000000008]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SetWindowLongW] [8000000000000006]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetClientRect] [8000000000000115]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetSystemMetrics] [0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!LoadImageW] [289b4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetParent] [289c4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!IsChild] [289d4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!CallNextHookEx] [289a2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!CreateWindowExW] [0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SetWindowPos] [2b302]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SetWindowsHookExW] [2b314]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetDC] [2b31c]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!ReleaseDC] [28974]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetWindowRect] [28962]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!ScreenToClient] [28956]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SetTimer] [28946]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!KillTimer] [28934]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!PostMessageW] [28920]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetDlgCtrlID] [2890c]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!DestroyIcon] [288fe]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetWindowTextW] [288f0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!CopyImage] [288da]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetSysColor] [288c6]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetCursorPos] [288ba]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetClassInfoW] [288a0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!LoadCursorW] [2888e]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!RegisterClassW] [2887a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!FindWindowW] [28866]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetWindow] [28858]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetWindowThreadProcessId] [28846]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SendMessageTimeoutW] [28836]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!SwitchToThisWindow] [28826]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetLastActivePopup] [2881a]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!DestroyWindow] [28802]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!RegisterClipboardFormatW] [287f0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetMenuItemInfoW] [287e2]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[uSER32.dll!GetMenuItemCount] [287d4]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[WINMM.dll!timeSetEvent] [287b0]

IAT C:\Windows\Explorer.EXE[724] @ C:\Windows\system32\wpdshext.dll[WINMM.dll!timeKillEvent] [28794]

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 13-07-12.01 - usuario 12/07/2013 17:30:21.1.4 - x64 MINIMAL

    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3895.2661 [GMT -3:00]

    Executando de: c:\users\usuario\Downloads\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Criado um novo ponto de restauração

    .

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\program files (x86)\DealPly

    c:\program files (x86)\DealPly\uninst.exe

    c:\program files (x86)\LyricsTab\120.dll

    c:\windows\SysWow64\Packet.dll

    c:\windows\SysWow64\pthreadVC.dll

    c:\windows\SysWow64\wpcap.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Legacy_NPF

    -------\Service_npf

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2013-06-12 to 2013-07-12 ))))))))))))))))))))))))))))

    .

    .

    2013-07-12 20:00 . 2013-07-12 20:26 47542 ----a-w- c:\users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\346.js

    2013-07-11 15:24 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

    2013-07-11 15:24 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

    2013-07-11 15:07 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A1D4E15-2728-4047-A16C-E0FD5CA46F8C}\mpengine.dll

    2013-07-11 02:32 . 2013-07-11 02:32 -------- d-----w- c:\programdata\eMule

    2013-07-11 02:32 . 2013-07-11 02:37 -------- d-----w- c:\users\usuario\AppData\Local\eMule

    2013-07-11 02:32 . 2013-07-11 02:32 -------- d-----w- c:\program files (x86)\eMule

    2013-07-11 02:31 . 2013-07-11 03:37 -------- d-----w- c:\program files (x86)\DealPlyLive

    2013-07-10 11:29 . 2013-07-12 20:36 -------- d-----w- c:\program files (x86)\LyricsTab

    2013-07-09 02:22 . 2013-07-09 02:22 -------- d-----w- c:\users\usuario\AppData\Roaming\Open It! - Zip Extractor Packages

    2013-07-09 02:21 . 2013-07-12 17:46 -------- d-----w- c:\program files (x86)\SuperLyrics

    2013-07-09 02:21 . 2013-07-09 02:21 -------- d-----w- c:\users\usuario\AppData\Roaming\DSite

    2013-07-09 02:21 . 2013-07-09 02:21 -------- d-----w- c:\programdata\Babylon

    2013-07-08 22:02 . 2013-07-08 22:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2013-07-08 22:02 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

    2013-07-08 13:38 . 2013-07-08 13:44 -------- d-----w- c:\users\Micael\Concursos

    2013-07-03 12:54 . 2013-07-03 13:09 -------- d-----w- c:\program files\Recuva

    2013-07-03 12:32 . 2013-07-03 12:36 -------- d-----w- c:\users\Micael\Pós-Graduação

    2013-07-03 12:29 . 2013-07-03 12:29 -------- d-----w- C:\71a

    2013-07-03 12:29 . 2013-07-03 12:29 -------- d-sh--w- c:\users\usuario\AppData\Roaming\70

    2013-07-01 12:22 . 2013-07-01 12:22 -------- d-----w- c:\users\usuario\AppData\Roaming\PSafe

    2013-07-01 12:22 . 2013-07-01 12:22 -------- d-----w- c:\users\usuario\AppData\Local\PSafe

    2013-07-01 12:22 . 2013-07-01 12:22 -------- d-----w- c:\users\usuario\AppData\Local\cache

    2013-07-01 12:22 . 2013-06-19 22:38 383488 ----a-r- c:\windows\system32\PsClikS64.dll

    2013-07-01 12:22 . 2013-06-19 22:38 323584 ----a-r- c:\windows\SysWow64\PsClikS.dll

    2013-07-01 12:21 . 2013-06-19 22:51 288688 ----a-r- c:\windows\system32\drivers\360FltOEM.sys

    2013-07-01 12:20 . 2013-07-03 12:52 -------- d-----w- c:\program files (x86)\Real Alternative

    2013-07-01 12:20 . 2013-07-01 12:22 -------- d-----w- c:\programdata\PSafe

    2013-06-30 23:50 . 2013-07-12 20:19 -------- d-----w- c:\users\usuario\AppData\Local\JDownloader v2.0

    2013-06-30 23:49 . 2013-06-30 23:49 -------- d-----w- c:\users\usuario\AppData\Roaming\BabSolution

    2013-06-23 13:31 . 2013-06-23 13:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2013-06-23 13:30 . 2013-06-23 13:30 -------- d-----w- c:\program files (x86)\Java

    2013-06-20 21:56 . 2013-06-20 21:56 -------- d-----w- C:\FOTOS NOAN

    2013-06-18 16:51 . 2013-06-08 14:08 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

    2013-06-14 19:08 . 2013-07-12 19:43 -------- d-----w- c:\users\usuario\AppData\Roaming\vlc

    2013-06-14 19:07 . 2013-06-14 19:07 -------- d-----w- c:\program files (x86)\VideoLAN

    2013-06-14 19:07 . 2013-06-14 19:07 -------- d-----w- c:\users\usuario\AppData\Local\DealPlyLive

    2013-06-14 19:07 . 2013-06-14 19:07 -------- d-----w- c:\programdata\DealPlyLive

    2013-06-14 19:07 . 2013-06-14 19:07 -------- d-----w- c:\users\usuario\AppData\Roaming\Dealply

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-07-05 17:21 . 2013-03-06 05:13 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

    2013-07-05 17:21 . 2012-12-07 14:22 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2013-07-05 17:21 . 2012-12-07 14:22 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2013-06-23 13:31 . 2013-02-19 03:51 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2013-06-23 13:31 . 2013-02-19 03:51 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2013-06-18 16:57 . 2013-03-09 00:51 75825640 ----a-w- c:\windows\system32\MRT.exe

    2013-06-12 16:19 . 2012-12-07 14:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-06-12 16:19 . 2012-12-07 14:20 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2013-05-13 05:51 . 2013-06-12 15:05 184320 ----a-w- c:\windows\system32\cryptsvc.dll

    2013-05-13 05:51 . 2013-06-12 15:05 1464320 ----a-w- c:\windows\system32\crypt32.dll

    2013-05-13 05:51 . 2013-06-12 15:05 139776 ----a-w- c:\windows\system32\cryptnet.dll

    2013-05-13 05:50 . 2013-06-12 15:05 52224 ----a-w- c:\windows\system32\certenc.dll

    2013-05-13 04:45 . 2013-06-12 15:05 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll

    2013-05-13 04:45 . 2013-06-12 15:05 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

    2013-05-13 04:45 . 2013-06-12 15:05 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

    2013-05-13 03:43 . 2013-06-12 15:05 1192448 ----a-w- c:\windows\system32\certutil.exe

    2013-05-13 03:08 . 2013-06-12 15:05 903168 ----a-w- c:\windows\SysWow64\certutil.exe

    2013-05-13 03:08 . 2013-06-12 15:05 43008 ----a-w- c:\windows\SysWow64\certenc.dll

    2013-05-10 05:49 . 2013-06-12 15:05 30720 ----a-w- c:\windows\system32\cryptdlg.dll

    2013-05-10 03:20 . 2013-06-12 15:05 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

    2013-05-09 08:59 . 2013-03-06 05:13 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

    2013-05-09 08:59 . 2012-12-07 14:22 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

    2013-05-09 08:59 . 2012-12-07 14:22 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2013-05-09 08:59 . 2012-12-07 14:22 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2013-05-09 08:59 . 2012-12-07 14:22 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2013-05-09 08:58 . 2012-12-07 14:22 41664 ----a-w- c:\windows\avastSS.scr

    2013-05-09 08:58 . 2012-12-07 14:22 287840 ----a-w- c:\windows\system32\aswBoot.exe

    2013-05-08 06:39 . 2013-06-12 15:06 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2013-05-02 05:06 . 2012-12-07 14:35 278800 ------w- c:\windows\system32\MpSigStub.exe

    2013-04-27 17:10 . 2012-12-29 19:39 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

    2013-04-27 17:10 . 2012-12-29 19:39 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

    2013-04-26 05:51 . 2013-06-12 15:06 751104 ----a-w- c:\windows\system32\win32spl.dll

    2013-04-26 04:55 . 2013-06-12 15:06 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

    2013-04-25 23:30 . 2013-06-12 15:04 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

    2013-04-22 13:30 . 2013-04-22 13:30 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

    2013-04-22 13:30 . 2013-04-22 13:30 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

    2013-04-22 13:30 . 2013-04-22 13:30 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

    2013-04-22 13:30 . 2013-04-22 13:30 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

    2013-04-22 13:30 . 2013-04-22 13:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

    2013-04-22 13:30 . 2013-04-22 13:30 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

    2013-04-22 13:30 . 2013-04-22 13:30 361984 ----a-w- c:\windows\SysWow64\html.iec

    2013-04-22 13:30 . 2013-04-22 13:30 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

    2013-04-22 13:30 . 2013-04-22 13:30 226304 ----a-w- c:\windows\system32\elshyph.dll

    2013-04-22 13:30 . 2013-04-22 13:30 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

    2013-04-22 13:30 . 2013-04-22 13:30 158720 ----a-w- c:\windows\SysWow64\msls31.dll

    2013-04-22 13:30 . 2013-04-22 13:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

    2013-04-22 13:30 . 2013-04-22 13:30 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

    2013-04-22 13:30 . 2013-04-22 13:30 138752 ----a-w- c:\windows\SysWow64\wextract.exe

    2013-04-22 13:30 . 2013-04-22 13:30 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

    2013-04-22 13:30 . 2013-04-22 13:30 12800 ----a-w- c:\windows\SysWow64\mshta.exe

    2013-04-22 13:30 . 2013-04-22 13:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

    2013-04-22 13:30 . 2013-04-22 13:30 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

    2013-04-22 13:30 . 2013-04-22 13:30 97280 ----a-w- c:\windows\system32\mshtmled.dll

    2013-04-22 13:30 . 2013-04-22 13:30 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

    2013-04-22 13:30 . 2013-04-22 13:30 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

    2013-04-22 13:30 . 2013-04-22 13:30 81408 ----a-w- c:\windows\system32\icardie.dll

    2013-04-22 13:30 . 2013-04-22 13:30 77312 ----a-w- c:\windows\system32\tdc.ocx

    2013-04-22 13:30 . 2013-04-22 13:30 762368 ----a-w- c:\windows\system32\ieapfltr.dll

    2013-04-22 13:30 . 2013-04-22 13:30 62976 ----a-w- c:\windows\system32\pngfilt.dll

    2013-04-22 13:30 . 2013-04-22 13:30 599552 ----a-w- c:\windows\system32\vbscript.dll

    2013-04-22 13:30 . 2013-04-22 13:30 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

    2013-04-22 13:30 . 2013-04-22 13:30 51200 ----a-w- c:\windows\system32\imgutil.dll

    2013-04-22 13:30 . 2013-04-22 13:30 48640 ----a-w- c:\windows\system32\mshtmler.dll

    2013-04-22 13:30 . 2013-04-22 13:30 452096 ----a-w- c:\windows\system32\dxtmsft.dll

    2013-04-22 13:30 . 2013-04-22 13:30 441856 ----a-w- c:\windows\system32\html.iec

    2013-04-22 13:30 . 2013-04-22 13:30 281600 ----a-w- c:\windows\system32\dxtrans.dll

    2013-04-22 13:30 . 2013-04-22 13:30 27648 ----a-w- c:\windows\system32\licmgr10.dll

    2013-04-22 13:30 . 2013-04-22 13:30 270848 ----a-w- c:\windows\system32\iedkcs32.dll

    2013-04-22 13:30 . 2013-04-22 13:30 247296 ----a-w- c:\windows\system32\webcheck.dll

    2013-04-22 13:30 . 2013-04-22 13:30 235008 ----a-w- c:\windows\system32\url.dll

    2013-04-22 13:30 . 2013-04-22 13:30 216064 ----a-w- c:\windows\system32\msls31.dll

    2013-04-22 13:30 . 2013-04-22 13:30 197120 ----a-w- c:\windows\system32\msrating.dll

    2013-04-22 13:30 . 2013-04-22 13:30 173568 ----a-w- c:\windows\system32\ieUnatt.exe

    2013-04-22 13:30 . 2013-04-22 13:30 167424 ----a-w- c:\windows\system32\iexpress.exe

    2013-04-22 13:30 . 2013-04-22 13:30 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

    2013-04-22 13:30 . 2013-04-22 13:30 149504 ----a-w- c:\windows\system32\occache.dll

    2013-04-22 13:30 . 2013-04-22 13:30 144896 ----a-w- c:\windows\system32\wextract.exe

    2013-04-22 13:30 . 2013-04-22 13:30 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

    2013-04-22 13:30 . 2013-04-22 13:30 13824 ----a-w- c:\windows\system32\mshta.exe

    2013-04-22 13:30 . 2013-04-22 13:30 136192 ----a-w- c:\windows\system32\iepeers.dll

    2013-04-22 13:30 . 2013-04-22 13:30 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

    2013-04-22 13:30 . 2013-04-22 13:30 12800 ----a-w- c:\windows\system32\msfeedssync.exe

    2013-04-22 13:30 . 2013-04-22 13:30 102912 ----a-w- c:\windows\system32\inseng.dll

    2013-04-17 07:02 . 2013-06-12 15:05 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

    2013-04-17 06:24 . 2013-06-12 15:05 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

    2010-01-26 12:11 . 2013-01-10 07:29 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "662d"="c:\users\usuario\AppData\Roaming\70\662d.js" [X]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]

    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

    .

    c:\users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    346.js [2013-7-12 47542]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

    "LoadAppInit_DLLs"=1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "mixer2"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

    @=""

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AutoUpdateDisableNotify"=dword:00000001

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

    R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

    S0 aswRvrt;aswRvrt; [x]

    S0 aswVmm;aswVmm; [x]

    S1 aswSnx;aswSnx; [x]

    S1 aswSP;aswSP; [x]

    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]

    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe [x]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]

    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]

    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

    S2 WMCoreService;Mobile Broadband Core Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]

    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

    S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

    S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

    S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2013-07-11 15:34 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2013-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-07 16:19]

    .

    2013-07-12 c:\windows\Tasks\GlaryInitialize.job

    - c:\program files (x86)\Glary Utilities\initialize.exe [2012-12-25 23:59]

    .

    2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10 19:26]

    .

    2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10 19:26]

    .

    2013-07-12 c:\windows\Tasks\RegClean Pro_DEFAULT.job

    - c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2013-03-24 19:27]

    .

    2013-07-10 c:\windows\Tasks\RegClean Pro_UPDATES.job

    - c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2013-03-24 19:27]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-09 166424]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-09 390680]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-09 410136]

    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-12-07 5107712]

    .

    ------- Scan Suplementar -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://www.google.com.br/

    mLocal Page = c:\windows\SysWOW64\blank.htm

    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 10.1.1.1 192.168.0.1

    FF - ProfilePath - c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\oudn2zc6.default\

    FF - ExtSQL: 2013-06-06 09:45; findlyrics@findlyrics.co; c:\program files (x86)\FindLyrics\FF

    FF - ExtSQL: 2013-07-05 15:46; {c50ca3c4-5656-43c2-a061-13e717f73fc8}; c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\oudn2zc6.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi

    FF - ExtSQL: 2013-07-06 12:07; translator@zoli.bod; c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\oudn2zc6.default\extensions\translator@zoli.bod.xpi

    FF - ExtSQL: 2013-07-08 23:21; superlrcs@svenyor.net; c:\program files (x86)\SuperLyrics\FF

    FF - ExtSQL: 2013-07-10 08:29; connect@LyricsTab.co; c:\program files (x86)\LyricsTab\120.xpi

    FF - user.js: extensions.delta.tlbrSrchUrl -

    FF - user.js: extensions.delta.id - ee22da620000000000005cac4c96e71b

    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

    FF - user.js: extensions.delta.instlDay - 15895

    FF - user.js: extensions.delta.vrsn - 1.8.21.5

    FF - user.js: extensions.delta.vrsni - 1.8.21.5

    FF - user.js: extensions.delta.vrsnTs - 1.8.21.523:22

    FF - user.js: extensions.delta.prtnrId - delta

    FF - user.js: extensions.delta.prdct - delta

    FF - user.js: extensions.delta.aflt - babsst

    FF - user.js: extensions.delta.smplGrp - none

    FF - user.js: extensions.delta.tlbrId - base

    FF - user.js: extensions.delta.instlRef - sst

    FF - user.js: extensions.delta.dfltLng - pt

    FF - user.js: extensions.delta.excTlbr - false

    FF - user.js: extensions.delta.ffxUnstlRst - true

    FF - user.js: extensions.delta.admin - false

    FF - user.js: extensions.delta_i.babTrack - affID=119352&tt=040713_ifrmful&tsp=4938

    FF - user.js: extensions.delta_i.babExt -

    FF - user.js: extensions.delta_i.srcExt - ss

    FF - user.js: extensions.delta.autoRvrt - false

    FF - user.js: extensions.delta.rvrt - false

    FF - user.js: extensions.delta.newTab - false

    FF - user.js: extensions.autoDisableScopes - 0

    FF - user.js: extensions.shownSelectionUI - true

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    BHO-{3FBEAF13-3559-41DC-B964-C695708A0751} - c:\program files (x86)\LyricsTab\120.dll

    Toolbar-{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - (no file)

    HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

    .

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\program files\AVAST Software\Avast\AvastSvc.exe

    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

    c:\windows\SysWOW64\IoctlSvc.exe

    c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe

    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    c:\program files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2013-07-12 17:43:56 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2013-07-12 20:43

    .

    Pré-execução: 35.293.876.224 bytes disponíveis

    Pós execução: 35.021.697.024 bytes disponíveis

    .

    - - End Of File - - 62DAFC3DFE9EC39EFA51D2BE2671BCD0

    D41D8CD98F00B204E9800998ECF8427E

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Tópico reaberto. Diego, por favor, dê continuidade.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Acho que inverti seu caso, mas sem problemas, preciso de novo log do dds.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×