Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
gusmorlin

Wscript.exe detectado como malware pelo avast

Recommended Posts

olá, após colocar um pendrive no meu computador para pegar material de aula, toda vez que inicio o computador o avast detecta um malware em C:\Windows\System32\wscript.exe

e quando coloco o pendrive, ele encontra problema no autorun e todas as pastas que tinha viraram somente atalhos

abaixo dds e gmer

obrigado pela atenção

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2

Run by Gustavo at 22:50:36 on 2013-07-11

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.4004.2234 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATnotes\ATnotes.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://br.search.yahoo.com?type=198484&fr=spigot-yhp-ie

mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

uProxyOverride = local

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=BR&userid=1e8c2d3a-5f0a-42f3-957b-a586abb8128f&searchtype=ds&q={searchTerms}&installDate=29/04/2013

uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll

BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - <orphaned>

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: {398C01F1-E584-46AD-A649-4F78B435DCFE} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll

BHO: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [ATnotes.exe] C:\Program Files (x86)\ATnotes\ATnotes.exe

uRun: [Advanced SystemCare 6] "C:\Users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\ASCTray.exe" /AutoStart

uRun: [aa8ca] C:\Users\Gustavo\AppData\Roaming\bc\aa8ca.js

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

StartupFolder: C:\Users\Gustavo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdc.js

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 201.94.160.36 192.168.0.1

TCP: Interfaces\{A6E7FE6F-4EFC-4700-ADC1-2EB81A3FBA56} : DHCPNameServer = 201.94.160.36 192.168.0.1

TCP: Interfaces\{A6E7FE6F-4EFC-4700-ADC1-2EB81A3FBA56}\247444 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{A6E7FE6F-4EFC-4700-ADC1-2EB81A3FBA56}\24744413 : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: livecall - <Clsid value has no data>

Handler: msnim - <Clsid value has no data>

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlmailhtml - <Clsid value has no data>

Handler: wlpg - <Clsid value has no data>

AppInit_DLLs= c:\PROGRA~3\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - <orphaned>

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: Internet Turbo Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} -

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: livecall - <Clsid value has no data>

x64-Handler: msnim - <Clsid value has no data>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlmailhtml - <Clsid value has no data>

x64-Handler: wlpg - <Clsid value has no data>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=9AD3D067E5F69798&affID=122471&tt=250613_gr5&tsp=4926

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Gustavo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Gustavo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Gustavo\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-06-03 16:14; {1e8c2d3a-5f0a-42f3-957b-a586abb8128f}; C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\{1e8c2d3a-5f0a-42f3-957b-a586abb8128f}

FF - ExtSQL: 2013-06-04 15:41; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - ExtSQL: 2013-06-04 15:42; lfind@nijadsoft.net; C:\Program Files (x86)\LyricsFinder\FF

FF - ExtSQL: 2013-06-27 14:21; ffxtlbr@delta.com; C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\ffxtlbr@delta.com

FF - ExtSQL: 2013-07-08 16:49; ascsurfingprotection@iobit.com; C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\ascsurfingprotection@iobit.com

FF - ExtSQL: 2013-07-08 19:47; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - 9ad302c2000000000000d067e5f69798

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15883

FF - user.js: extensions.delta.vrsn - 1.8.21.5

FF - user.js: extensions.delta.vrsni - 1.8.21.5

FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:21:14

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - pt

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.ffxUnstlRst - true

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta_i.babTrack - affID=122471&tt=250613_gr5&tsp=4926

FF - user.js: extensions.delta_i.babExt -

FF - user.js: extensions.delta_i.srcExt - ss

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

============= SERVICES / DRIVERS ===============

.

R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-9-24 22600]

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2012-9-24 12368]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-4-25 270824]

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-18 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-18 189936]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-4 55856]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2013-4-25 131232]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-9-7 1030952]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-9-7 378944]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-25 283200]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-4-4 89600]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-6-7 806776]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-9-7 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-7 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-26 46808]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-5-26 137960]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-11 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-11 701512]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-4-4 176096]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-4 317440]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-11 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\ASCService.exe [2013-7-8 574272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 dealplylive;Serviço do DealPly Live (dealplylive); [x]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]

S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Users\Gustavo\Desktop\Gustavo\Programas\BitComet\tools\BitCometService.exe -service --> C:\Users\Gustavo\Desktop\Gustavo\Programas\BitComet\tools\BitCometService.exe -service [?]

S3 dealplylivem;Serviço do DealPly Live (dealplylivem); [x]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-4-4 158976]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-22 19456]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-4-4 250984]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-22 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-22 30208]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-07-12 01:45:02 -------- d-sh--w- C:\Users\Gustavo\AppData\Roaming\bc

2013-07-12 00:22:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-07-12 00:22:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-11 19:18:54 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{279AC982-F377-4309-8E1D-45AC5EAC604F}\offreg.dll

2013-07-11 17:13:21 -------- d-sh--w- C:\bd17

2013-07-10 01:52:59 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll

2013-07-10 01:52:59 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll

2013-07-10 01:52:58 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll

2013-07-10 01:52:58 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll

2013-07-10 01:52:58 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll

2013-07-10 01:52:58 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll

2013-07-10 01:52:58 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll

2013-07-10 01:52:56 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-07-10 01:52:56 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-07-10 01:52:55 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-10 01:52:54 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-10 01:48:40 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-07-10 01:48:38 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 01:48:36 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 01:48:12 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-07-10 01:48:11 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-07-10 01:34:24 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{279AC982-F377-4309-8E1D-45AC5EAC604F}\mpengine.dll

2013-07-08 23:13:24 -------- d-----w- C:\ProgramData\Sports Interactive

2013-07-08 22:47:38 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar

2013-07-08 22:47:38 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2013-07-08 22:47:38 -------- d-----w- C:\Program Files (x86)\Application Updater

2013-06-27 17:21:19 -------- d-----w- C:\ProgramData\BrowserDefender

2013-06-27 17:21:13 -------- d-----w- C:\Users\Gustavo\AppData\Roaming\Delta

2013-06-24 23:03:58 -------- d-----w- C:\Windows\pss

2013-06-24 12:12:06 -------- d-----w- C:\Users\Gustavo\AppData\Local\DealPlyLive

2013-06-24 12:12:06 -------- d-----w- C:\ProgramData\DealPlyLive

2013-06-24 03:50:48 -------- d-----w- C:\Users\Gustavo\AppData\Local\{FE6FE1E3-285C-4FA4-9317-1F27E26219BA}

2013-06-23 22:24:12 -------- d-----w- C:\Users\Gustavo\AppData\Local\{745339B6-2F30-4CBC-B901-943FB161340B}

2013-06-22 17:14:40 -------- d-----w- C:\Users\Gustavo\AppData\Local\{CF0672DD-BECE-42E0-912E-413F23B84B29}

2013-06-21 21:39:13 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-21 14:05:49 -------- d-----w- C:\Users\Gustavo\AppData\Local\{C72C9E75-30B7-4106-B53B-F53A3C5D43BB}

2013-06-19 15:31:33 -------- d-----w- C:\Users\Gustavo\AppData\Local\{03DC5F98-21E2-4FD2-A4AE-DD7823D86E83}

2013-06-17 23:08:41 -------- d-----w- C:\Users\Gustavo\AppData\Local\{528452C6-750E-4E87-9FAE-408E7BDC1EFF}

2013-06-17 15:32:42 -------- d-----w- C:\Users\Gustavo\AppData\Local\{1B09F038-F576-4901-A765-A3AC57ED91ED}

2013-06-16 06:56:05 -------- d-----w- C:\Users\Gustavo\AppData\Local\{CA462543-FE5F-40F3-BCFE-761388B4E87E}

2013-06-13 13:55:40 -------- d-----w- C:\Users\Gustavo\AppData\Local\{1BD88D45-9885-4C04-9EC8-95519AB8AC6F}

2013-06-12 15:21:16 -------- d-----w- C:\Users\Gustavo\AppData\Local\{BFF33193-6DCE-47DC-915A-9D0FED051DD3}

2013-06-12 14:45:09 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-12 14:45:08 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-06-12 14:45:07 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

.

==================== Find3M ====================

.

2013-06-28 02:15:53 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-06-28 02:15:53 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-06-13 00:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-13 00:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-12 18:15:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 18:15:24 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-06-04 18:36:50 42297 ----a-w- C:\Windows\System32\uninstall.exe

2013-06-04 18:36:21 715038 ----a-w- C:\Windows\unins000.exe

2013-06-04 18:36:21 1178713 ----a-w- C:\Windows\SysWow64\unins000.exe

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-05-09 08:59:06 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2013-05-09 08:59:06 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys

2013-05-09 08:59:06 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr

2013-05-02 05:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-04-17 23:20:34 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe

2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

.

============= FINISH: 22:51:00,16 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 04/04/2012 13:13:37

System Uptime: 11/07/2013 22:42:42 (0 hours ago)

.

Motherboard: Dell Inc. | | 0X0DC1

Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 918 GiB total, 802,49 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Generic Bluetooth Adapter

Device ID: USB\VID_0CF3&PID_3002\6&32966175&0&4

Manufacturer: GenericAdapter

Name: Generic Bluetooth Adapter

PNP Device ID: USB\VID_0CF3&PID_3002\6&32966175&0&4

Service: BTHUSB

.

==== System Restore Points ===================

.

RP220: 11/07/2013 22:48:29 - ComboFix created restore point

.

==== Installed Programs ======================

.

AcqKnowledge 3.9.1

AcqKnowledge 4.1

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3) MUI

Adobe Reader X (10.1.7)

Advanced Audio FX Engine

Advanced SystemCare 6

Age of Empires III

Age of Empires III - The Asian Dynasties

ATnotes Version 9.5

avast! Premier

BitComet 1.32

Bluetooth Win7 Suite (64)

BrowserDefender

Call of Duty

Call of Duty - United Offensive

Championship Manager 01-02

CM4

Codec Pack Packages

Company of Heroes

Controle ActiveX do Windows Live Mesh para Conexões Remotas

CyberLink PowerDVD 9.5

D3DX10

DAEMON Tools Lite

DC-Bass Source 1.3.0

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Bluetooth Installation

Dell Edoc Viewer

Dell Getting Started Guide

Dell PhotoStage

Dell Stage

Dell Support Center

Dell Touchpad

Dell VideoStage

Dell Webcam Central

Delta Chrome Toolbar

Delta toolbar

DirectVobSub 2.40.4209

DirectX 9 Runtime

Dropbox

Facebook Video Calling 1.2.0.287

ffdshow v1.1.4399 [2012-03-22]

Football Manager 2012

Google Chrome

Google Earth

Google Update Helper

GTA San Andreas

Haali Media Splitter

Instalação do DivX

Intel® Processor Graphics

Internet Turbo

IObit Apps Toolbar v7.2

Java 7 Update 25

Java Auto Updater

Java 7 Update 1 (64-bit)

Junk Mail filter update

K-Lite Codec Pack 7.1.0 (Standard)

K Media Center v9.1

Karaoke for DirectX (remove only)

Lagarith Lossless Codec (1.3.27)

LAME v3.99.3 (for Windows)

League of Legends

Lyrics Finder

Malwarebytes Anti-Malware versão 1.75.0.1300

MATLAB R2011a

MATLAB R2012a

Medal of Honor Pacific Assault

Media Player Codec Pack 4.2.0

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MiKTeX 2.9

Mozilla Firefox 14.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NBA 2K13

Need for Speed Underground 2

Octoshape Streaming Services

OpenSource Flash Video Splitter 1.0.0.5

Palco de Música da Dell

Pando Media Booster

PDF Creator

PhotoShowExpress

PowerISO

Quickset64

Race Driver 3

RBVirtualFolder64Inst

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Rugby Challenge

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype™ 6.5

Sonic CinePlayer Decoder Pack

STDU Viewer version 1.6.186.0

TeXnicCenter Version 1.0 Stable RC1

Unity Web Player

Update for Codec Pack

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinEdt 6

WinRAR 4.11 (32-bit)

WinRAR 5.00 beta 2 (64-bit)

Xvid Video Codec

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em Choose File coloque: C:\Users\Gustavo\AppData\Roaming\bc\aa8ca.js

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Antivírus Resultado Atualização

    Agnitum 20130716

    AhnLab-V3 20130716

    AntiVir 20130716

    Antiy-AVL 20130716

    Avast 20130716

    AVG JS/Agent 20130716

    BitDefender 20130716

    ByteHero 20130613

    CAT-QuickHeal 20130716

    ClamAV 20130716

    Commtouch 20130716

    Comodo 20130716

    DrWeb JS.Proslikefan.1 20130716

    Emsisoft 20130716

    eSafe 20130714

    ESET-NOD32 20130716

    F-Prot 20130716

    F-Secure Worm:JS/Proslikefan.B 20130716

    Fortinet 20130716

    GData 20130716

    Ikarus 20130716

    Jiangmin 20130716

    K7AntiVirus Trojan 20130716

    K7GW Trojan 20130716

    Kaspersky HEUR:Worm.Script.Generic 20130716

    Kingsoft 20130708

    Malwarebytes 20130716

    McAfee 20130716

    McAfee-GW-Edition 20130716

    Microsoft Worm:JS/Proslikefan.gen!H 20130716

    MicroWorld-eScan 20130716

    NANO-Antivirus Trojan.Script.Heuristic-js.iacgm 20130716

    Norman 20130716

    nProtect 20130716

    Panda JS/Proslikefan.gen 20130716

    PCTools 20130716

    Rising 20130712

    Sophos Troj/ObfJS-EF 20130716

    SUPERAntiSpyware 20130716

    Symantec 20130716

    TheHacker 20130715

    TotalDefense 20130716

    TrendMicro JS_MORPHE.SM5 20130716

    TrendMicro-HouseCall JS_MORPHE.SM5 20130716

    VBA32 20130715

    VIPRE 20130716

    ViRobot 20130716

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 13-07-24.03 - Gustavo 25/07/2013 12:08:32.4.4 - x64

    Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.4004.2847 [GMT -3:00]

    Executando de: c:\users\Gustavo\Desktop\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Criado um novo ponto de restauração

    .

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\programdata\boost_interprocess\20130725023521.602646

    c:\programdata\boost_interprocess\20130725023521.602646\sf.cnv-db

    c:\users\Gustavo\AppData\Roaming\unins000.exe

    .

    A cópia de c:\windows\SysWow64\userinit.exe foi encontrada e desinfectada

    Cópia restaurada de - c:\windows\erdnt\cache86\userinit.exe

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2013-06-25 to 2013-07-25 ))))))))))))))))))))))))))))

    .

    .

    2013-07-25 15:17 . 2013-07-25 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp

    2013-07-24 16:18 . 2013-07-25 15:16 -------- d-----w- c:\programdata\boost_interprocess

    2013-07-24 16:13 . 2013-07-25 15:18 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

    2013-07-24 16:13 . 2013-05-08 12:52 49536 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys

    2013-07-24 16:13 . 2013-07-24 16:13 -------- d-----w- c:\program files (x86)\GbPlugin

    2013-07-24 16:13 . 2013-07-24 16:13 -------- d-----w- c:\programdata\GbPlugin

    2013-07-24 16:12 . 2013-07-25 01:03 -------- d-----w- c:\programdata\GAS Tecnologia

    2013-07-24 16:12 . 2013-07-24 16:12 -------- d-----w- c:\users\Gustavo\AppData\Local\GAS Tecnologia

    2013-07-23 19:19 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED97C89D-2F00-4C93-86DE-9E11E92A22F5}\mpengine.dll

    2013-07-18 02:16 . 2013-07-18 03:23 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z..ZZZ.ZZZZ.Z.ZZ

    2013-07-18 00:53 . 2013-07-18 02:16 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZZ.ZZZZZ....Z

    2013-07-18 00:29 . 2013-05-09 08:59 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

    2013-07-18 00:29 . 2013-05-09 08:59 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys

    2013-07-18 00:29 . 2013-05-09 08:59 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys

    2013-07-18 00:29 . 2013-03-13 18:01 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys

    2013-07-17 23:25 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2013-07-17 23:25 . 2013-07-17 23:25 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2013-07-17 23:25 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

    2013-07-17 23:25 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2013-07-17 23:25 . 2013-07-17 23:25 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2013-07-17 23:25 . 2013-07-17 23:25 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

    2013-07-17 23:25 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

    2013-07-17 23:25 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2013-07-17 23:25 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr

    2013-07-17 20:20 . 2013-07-17 22:40 -------- d-----w- c:\windows\ELAMBKUP

    2013-07-17 20:20 . 2013-07-17 22:40 -------- d-----w- c:\programdata\Kaspersky Lab

    2013-07-17 18:39 . 2013-07-17 18:39 -------- d-s---w- c:\windows\SysWow64\Microsoft

    2013-07-17 17:29 . 2013-07-17 17:43 -------- d-----w- c:\programdata\F-Secure

    2013-07-17 17:28 . 2013-07-17 17:29 -------- d-----w- c:\programdata\MFAData

    2013-07-17 17:28 . 2013-07-17 17:28 -------- d-----w- c:\users\Gustavo\AppData\Local\MFAData

    2013-07-17 17:28 . 2013-07-17 17:28 -------- d-----w- c:\users\Gustavo\AppData\Local\Avg2013

    2013-07-16 11:49 . 2013-07-16 11:49 -------- d-----w- c:\users\Gustavo\AppData\Roaming\PSafe

    2013-07-16 11:49 . 2013-07-16 20:01 -------- d-----w- c:\users\Gustavo\AppData\Local\PSafe

    2013-07-16 11:47 . 2013-07-04 01:12 384000 ----a-r- c:\windows\system32\PsClikS64.dll

    2013-07-16 11:47 . 2013-07-04 01:12 323584 ----a-r- c:\windows\SysWow64\PsClikS.dll

    2013-07-16 11:47 . 2013-07-16 11:57 -------- d-----w- c:\windows\system32\MRT

    2013-07-16 11:46 . 2013-07-10 12:19 288688 ----a-r- c:\windows\system32\drivers\360FltOEM.sys

    2013-07-16 11:45 . 2013-07-16 17:49 -------- d-----w- c:\programdata\PSafe

    2013-07-12 18:12 . 2013-07-12 18:12 -------- d-----w- c:\users\Gustavo\AppData\Roaming\WebCake

    2013-07-12 18:12 . 2013-07-12 18:12 -------- d-----w- c:\users\Gustavo\AppData\Roaming\ExpressFiles

    2013-07-12 12:27 . 2013-07-12 12:27 -------- d-----w- c:\programdata\Baidu Security

    2013-07-12 12:27 . 2013-07-12 12:27 -------- d-----w- c:\programdata\Baidu

    2013-07-12 12:04 . 2013-07-12 12:04 -------- d-----w- c:\program files\CCleaner

    2013-07-11 17:13 . 2013-07-11 17:13 -------- d-----w- C:\bd17

    2013-07-10 11:14 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll

    2013-07-10 01:52 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll

    2013-07-10 01:52 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll

    2013-07-10 01:52 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll

    2013-07-10 01:52 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll

    2013-07-10 01:52 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll

    2013-07-10 01:52 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll

    2013-07-10 01:52 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll

    2013-07-10 01:52 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll

    2013-07-10 01:52 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll

    2013-07-10 01:52 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL

    2013-07-10 01:52 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

    2013-07-10 01:48 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys

    2013-07-10 01:48 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

    2013-07-10 01:48 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

    2013-07-10 01:48 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

    2013-07-10 01:48 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

    2013-07-08 23:13 . 2013-07-08 23:13 -------- d-----w- c:\programdata\Sports Interactive

    2013-07-08 22:47 . 2013-07-08 22:47 -------- d-----w- c:\program files (x86)\Common Files\Spigot

    2013-06-27 17:21 . 2013-06-27 17:21 -------- d-----w- c:\programdata\BrowserDefender

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-07-12 17:10 . 2012-04-04 15:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-07-12 17:10 . 2012-04-04 15:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2013-06-24 03:57 . 2013-02-19 14:37 78277128 ----a-w- c:\windows\system32\MRT.exe

    2013-06-21 15:03 . 2013-06-21 15:03 97280 ----a-w- c:\windows\system32\mshtmled.dll

    2013-06-21 15:03 . 2013-06-21 15:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

    2013-06-21 15:03 . 2013-06-21 15:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

    2013-06-21 15:03 . 2013-06-21 15:03 81408 ----a-w- c:\windows\system32\icardie.dll

    2013-06-21 15:03 . 2013-06-21 15:03 77312 ----a-w- c:\windows\system32\tdc.ocx

    2013-06-21 15:03 . 2013-06-21 15:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll

    2013-06-21 15:03 . 2013-06-21 15:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

    2013-06-21 15:03 . 2013-06-21 15:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

    2013-06-21 15:03 . 2013-06-21 15:03 62976 ----a-w- c:\windows\system32\pngfilt.dll

    2013-06-21 15:03 . 2013-06-21 15:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

    2013-06-21 15:03 . 2013-06-21 15:03 599552 ----a-w- c:\windows\system32\vbscript.dll

    2013-06-21 15:03 . 2013-06-21 15:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

    2013-06-21 15:03 . 2013-06-21 15:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

    2013-06-21 15:03 . 2013-06-21 15:03 51200 ----a-w- c:\windows\system32\imgutil.dll

    2013-06-21 15:03 . 2013-06-21 15:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

    2013-06-21 15:03 . 2013-06-21 15:03 48640 ----a-w- c:\windows\system32\mshtmler.dll

    2013-06-21 15:03 . 2013-06-21 15:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll

    2013-06-21 15:03 . 2013-06-21 15:03 441856 ----a-w- c:\windows\system32\html.iec

    2013-06-21 15:03 . 2013-06-21 15:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

    2013-06-21 15:03 . 2013-06-21 15:03 361984 ----a-w- c:\windows\SysWow64\html.iec

    2013-06-21 15:03 . 2013-06-21 15:03 281600 ----a-w- c:\windows\system32\dxtrans.dll

    2013-06-21 15:03 . 2013-06-21 15:03 27648 ----a-w- c:\windows\system32\licmgr10.dll

    2013-06-21 15:03 . 2013-06-21 15:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll

    2013-06-21 15:03 . 2013-06-21 15:03 247296 ----a-w- c:\windows\system32\webcheck.dll

    2013-06-21 15:03 . 2013-06-21 15:03 235008 ----a-w- c:\windows\system32\url.dll

    2013-06-21 15:03 . 2013-06-21 15:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

    2013-06-21 15:03 . 2013-06-21 15:03 226304 ----a-w- c:\windows\system32\elshyph.dll

    2013-06-21 15:03 . 2013-06-21 15:03 216064 ----a-w- c:\windows\system32\msls31.dll

    2013-06-21 15:03 . 2013-06-21 15:03 197120 ----a-w- c:\windows\system32\msrating.dll

    2013-06-21 15:03 . 2013-06-21 15:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

    2013-06-21 15:03 . 2013-06-21 15:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe

    2013-06-21 15:03 . 2013-06-21 15:03 167424 ----a-w- c:\windows\system32\iexpress.exe

    2013-06-21 15:03 . 2013-06-21 15:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll

    2013-06-21 15:03 . 2013-06-21 15:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

    2013-06-21 15:03 . 2013-06-21 15:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

    2013-06-21 15:03 . 2013-06-21 15:03 149504 ----a-w- c:\windows\system32\occache.dll

    2013-06-21 15:03 . 2013-06-21 15:03 144896 ----a-w- c:\windows\system32\wextract.exe

    2013-06-21 15:03 . 2013-06-21 15:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

    2013-06-21 15:03 . 2013-06-21 15:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

    2013-06-21 15:03 . 2013-06-21 15:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe

    2013-06-21 15:03 . 2013-06-21 15:03 13824 ----a-w- c:\windows\system32\mshta.exe

    2013-06-21 15:03 . 2013-06-21 15:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

    2013-06-21 15:03 . 2013-06-21 15:03 136192 ----a-w- c:\windows\system32\iepeers.dll

    2013-06-21 15:03 . 2013-06-21 15:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

    2013-06-21 15:03 . 2013-06-21 15:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe

    2013-06-21 15:03 . 2013-06-21 15:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe

    2013-06-21 15:03 . 2013-06-21 15:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

    2013-06-21 15:03 . 2013-06-21 15:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

    2013-06-21 15:03 . 2013-06-21 15:03 102912 ----a-w- c:\windows\system32\inseng.dll

    2013-06-13 00:48 . 2012-11-25 03:15 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2013-06-13 00:48 . 2012-04-04 15:39 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2013-06-13 00:47 . 2013-06-21 21:39 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2013-06-04 18:36 . 2013-06-04 18:36 42297 ----a-w- c:\windows\system32\uninstall.exe

    2013-06-04 18:36 . 2013-06-04 18:36 1178713 ----a-w- c:\windows\SysWow64\unins000.exe

    2013-06-04 18:36 . 2013-06-04 18:36 715038 ----a-w- c:\windows\unins000.exe

    2013-05-13 05:51 . 2013-06-12 14:44 184320 ----a-w- c:\windows\system32\cryptsvc.dll

    2013-05-13 05:51 . 2013-06-12 14:44 1464320 ----a-w- c:\windows\system32\crypt32.dll

    2013-05-13 05:51 . 2013-06-12 14:44 139776 ----a-w- c:\windows\system32\cryptnet.dll

    2013-05-13 05:50 . 2013-06-12 14:44 52224 ----a-w- c:\windows\system32\certenc.dll

    2013-05-13 04:45 . 2013-06-12 14:44 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

    2013-05-13 04:45 . 2013-06-12 14:44 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll

    2013-05-13 04:45 . 2013-06-12 14:44 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

    2013-05-13 03:43 . 2013-06-12 14:44 1192448 ----a-w- c:\windows\system32\certutil.exe

    2013-05-13 03:08 . 2013-06-12 14:44 903168 ----a-w- c:\windows\SysWow64\certutil.exe

    2013-05-13 03:08 . 2013-06-12 14:44 43008 ----a-w- c:\windows\SysWow64\certenc.dll

    2013-05-11 00:50 . 2010-06-24 14:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

    2013-05-10 05:49 . 2013-06-12 14:44 30720 ----a-w- c:\windows\system32\cryptdlg.dll

    2013-05-10 03:20 . 2013-06-12 14:44 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

    2013-05-09 08:58 . 2012-09-07 17:23 287840 ----a-w- c:\windows\system32\aswBoot.exe

    2013-05-08 06:39 . 2013-06-12 14:45 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2013-05-02 05:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2013-04-04 22:12 130736 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2013-04-04 22:12 130736 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2013-04-04 22:12 130736 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-02 3093624]

    "ATnotes.exe"="c:\program files (x86)\ATnotes\ATnotes.exe" [2005-01-05 1015808]

    "Advanced SystemCare 6"="c:\users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

    .

    c:\users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Dropbox.lnk - c:\users\Gustavo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2013-07-15 14:23 1410088 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

    "LoadAppInit_DLLs"=1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "midi2"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AutoUpdateDisableNotify"=dword:00000001

    .

    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R2 dealplylive;Serviço do DealPly Live (dealplylive); [x]

    R2 PSafeSVC;PSafeSVC; [x]

    R2 PSafeWD;PSafeWD; [x]

    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

    R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

    R3 dealplylivem;Serviço do DealPly Live (dealplylivem); [x]

    R3 esgiguard;esgiguard; [x]

    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

    R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

    R4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\users\Gustavo\Desktop\Gustavo\Programas\BitComet\tools\BitCometService.exe;c:\users\Gustavo\Desktop\Gustavo\Programas\BitComet\tools\BitCometService.exe [x]

    R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

    R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

    S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]

    S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys;c:\windows\SYSNATIVE\drivers\aswNdis2.sys [x]

    S0 aswRvrt;aswRvrt; [x]

    S0 aswVmm;aswVmm; [x]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

    S1 360FltOEM;360FltOEM mini-filter driver;c:\windows\system32\DRIVERS\360FltOEM.sys;c:\windows\SYSNATIVE\DRIVERS\360FltOEM.sys [x]

    S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys;c:\windows\SYSNATIVE\drivers\aswFW.sys [x]

    S1 aswKbd;aswKbd; [x]

    S1 aswSnx;aswSnx; [x]

    S1 aswSP;aswSP; [x]

    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

    S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\ASCService.exe;c:\users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\ASCService.exe [x]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]

    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

    S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2013-07-13 00:02 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:10]

    .

    2013-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1323780977-678604208-531105928-1000Core.job

    - c:\users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-16 22:47]

    .

    2013-07-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1323780977-678604208-531105928-1000UA.job

    - c:\users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-16 22:47]

    .

    2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03 17:18]

    .

    2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03 17:18]

    .

    2013-07-25 c:\windows\Tasks\Lyrics Finder Update.job

    - c:\program files (x86)\LyricsFinder\LyricsFinderUpdater.exe [2013-02-27 19:59]

    .

    2013-07-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]

    .

    2013-07-24 c:\windows\Tasks\SystemToolsDailyTest.job

    - c:\program files\Dell Support Center\pcdrcui.exe [2011-12-14 04:09]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2013-04-04 22:12 164016 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2013-04-04 22:12 164016 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2013-04-04 22:12 164016 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2013-04-04 22:12 164016 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]

    .

    ------- Scan Suplementar -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

    mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = local

    uSearchAssistant = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=BR&userid=1e8c2d3a-5f0a-42f3-957b-a586abb8128f&searchtype=ds&q={searchTerms}&installDate=29/04/2013

    IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

    IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html

    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

    Trusted Zone: bancobrasil.com.br\www

    Trusted Zone: bancobrasil.com.br\www14

    Trusted Zone: bancobrasil.com.br\www2

    Trusted Zone: bb.com.br\www

    TCP: DhcpNameServer = 189.7.176.16 189.7.176.15 201.6.4.116

    FF - ProfilePath - c:\users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\

    FF - prefs.js: browser.search.selectedEngine - Yahoo

    FF - prefs.js: browser.startup.homepage - hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

    FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=

    FF - ExtSQL: 2013-06-04 15:42; lfind@nijadsoft.net; c:\program files (x86)\LyricsFinder\FF

    FF - ExtSQL: 2013-06-11 07:08; ascsurfingprotection@iobit.com; c:\users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\ascsurfingprotection@iobit.com

    FF - ExtSQL: 2013-06-27 14:21; ffxtlbr@delta.com; c:\users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\ffxtlbr@delta.com

    FF - ExtSQL: 2013-07-12 15:12; plugin@getwebcake.com; c:\users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\plugin@getwebcake.com

    FF - ExtSQL: 2013-07-24 13:12; {87F8774F-B485-47E2-A755-A40A8A5E886C}; c:\users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

    FF - user.js: extensions.shownSelectionUI - true

    FF - user.js: extensions.delta.tlbrSrchUrl -

    FF - user.js: extensions.delta.id - 9ad302c2000000000000d067e5f69798

    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

    FF - user.js: extensions.delta.instlDay - 15883

    FF - user.js: extensions.delta.vrsn - 1.8.21.5

    FF - user.js: extensions.delta.vrsni - 1.8.21.5

    FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:21

    FF - user.js: extensions.delta.prtnrId - delta

    FF - user.js: extensions.delta.prdct - delta

    FF - user.js: extensions.delta.aflt - babsst

    FF - user.js: extensions.delta.smplGrp - none

    FF - user.js: extensions.delta.tlbrId - base

    FF - user.js: extensions.delta.instlRef - sst

    FF - user.js: extensions.delta.dfltLng - pt

    FF - user.js: extensions.delta.excTlbr - false

    FF - user.js: extensions.delta.ffxUnstlRst - true

    FF - user.js: extensions.delta.admin - false

    FF - user.js: extensions.delta_i.babTrack - affID=122471&tt=250613_gr5&tsp=4926

    FF - user.js: extensions.delta_i.babExt -

    FF - user.js: extensions.delta_i.srcExt - ss

    FF - user.js: extensions.delta.autoRvrt - false

    FF - user.js: extensions.delta.rvrt - false

    FF - user.js: extensions.delta.newTab - false

    FF - user.js: extentions.webcake.installId - 0ef56f3e-7c5f-4f26-9cb8-11f4dcb6d375

    FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc

    .

    .

    ------- Associação de arquivos/ficheiros -------

    .

    .txt=STDUViewerFile.TXT

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    BHO-{398C01F1-E584-46AD-A649-4F78B435DCFE} - (no file)

    BHO-{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - (no file)

    Toolbar-Locked - (no file)

    Toolbar-{82E1477C-B154-48D3-9891-33D83C26BCD3} - (no file)

    BHO-{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - (no file)

    AddRemove-Championship Manager 01-02 - c:\windows\IsUn0816.exe

    AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Gustavo\AppData\Roaming\unins000.exe

    .

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    "Key"="ActionsPane3"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\program files\AVAST Software\Avast\AvastSvc.exe

    c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2013-07-25 12:24:32 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2013-07-25 15:24

    ComboFix2.txt 2013-07-19 20:35

    .

    Pré-execução: 859.425.849.344 bytes disponíveis

    Pós execução: 859.398.529.024 bytes disponíveis

    .

    - - End Of File - - D06A590187AAD3EA8208DE6D37882872

    D41D8CD98F00B204E9800998ECF8427E

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixe o Kaspersky AVP Tool de um desses 2 links:

    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

    http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

    Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

    Informe seu email depois clique no botão Submit Form.

    A página será recarregada. Clique no botão Download

    Salve-o em sua área de trabalho.

    Execute o arquivo e aguarde a instalação.

    ** Usuários do Windows Vista e Windows 7:

    Clique com o direito sobre o arquivo, depois clique em Executar como administrador

    Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

    KRT_settings.png

    Nesta tela, marque a caixa ao lado de:

    • Meu Computador
    • Disco local (C:)

    Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

    KRT_install2_.png

    De volta à tela inicial do programa, clique no botão Start scanning

    Tenha paciência, é um pouco demorado.

    Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

    Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

    KRT_detection_.png

    Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

    Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

    De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

    Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

    Escolha um local de fácil acesso e salve como log.txt

    Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

    Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

    Para sair do programa, basta clicar no X no canto superior direito.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Status: Detected (events: 2)

    30/07/2013 21:17:26 Detected virus HEUR:Worm.Script.Generic C:\Qoobox\Quarantine\C\Users\Gustavo\AppData\Roaming\bc\aa8ca.js.vir High

    30/07/2013 21:53:18 Detected virus HEUR:Worm.Script.Generic C:\Windows\pss\f8c.js.Startup High

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Vá em Meu Computador, no menu ferramentas > opções de pasta > modos de exibição, role a barra vertical e marque a opção Mostrar pastas e arquivos ocultos.

    Procure e exclua o seguinte arquivo:

    C:\Windows\pss\f8c.js <- este arquivo

    Feito isso, poste novo log do DDS.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×