Ir ao conteúdo
  • Cadastre-se
gusmorlin

Wscript.exe detectado como malware pelo avast

Recommended Posts

olá, após colocar um pendrive no meu computador para pegar material de aula, toda vez que inicio o computador o avast detecta um malware em C:\Windows\System32\wscript.exe

e quando coloco o pendrive, ele encontra problema no autorun e todas as pastas que tinha viraram somente atalhos

abaixo dds e gmer

obrigado pela atenção

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2

Run by Gustavo at 22:50:36 on 2013-07-11

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.4004.2234 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATnotes\ATnotes.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://br.search.yahoo.com?type=198484&fr=spigot-yhp-ie

mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

uProxyOverride = local

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=BR&userid=1e8c2d3a-5f0a-42f3-957b-a586abb8128f&searchtype=ds&q={searchTerms}&installDate=29/04/2013

uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll

BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - <orphaned>

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: {398C01F1-E584-46AD-A649-4F78B435DCFE} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll

BHO: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [ATnotes.exe] C:\Program Files (x86)\ATnotes\ATnotes.exe

uRun: [Advanced SystemCare 6] "C:\Users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\ASCTray.exe" /AutoStart

uRun: [aa8ca] C:\Users\Gustavo\AppData\Roaming\bc\aa8ca.js

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

StartupFolder: C:\Users\Gustavo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdc.js

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 201.94.160.36 192.168.0.1

TCP: Interfaces\{A6E7FE6F-4EFC-4700-ADC1-2EB81A3FBA56} : DHCPNameServer = 201.94.160.36 192.168.0.1

TCP: Interfaces\{A6E7FE6F-4EFC-4700-ADC1-2EB81A3FBA56}\247444 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{A6E7FE6F-4EFC-4700-ADC1-2EB81A3FBA56}\24744413 : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: livecall - <Clsid value has no data>

Handler: msnim - <Clsid value has no data>

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlmailhtml - <Clsid value has no data>

Handler: wlpg - <Clsid value has no data>

AppInit_DLLs= c:\PROGRA~3\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - <orphaned>

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: Internet Turbo Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} -

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: livecall - <Clsid value has no data>

x64-Handler: msnim - <Clsid value has no data>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlmailhtml - <Clsid value has no data>

x64-Handler: wlpg - <Clsid value has no data>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=9AD3D067E5F69798&affID=122471&tt=250613_gr5&tsp=4926

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Gustavo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Gustavo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Gustavo\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-06-03 16:14; {1e8c2d3a-5f0a-42f3-957b-a586abb8128f}; C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\{1e8c2d3a-5f0a-42f3-957b-a586abb8128f}

FF - ExtSQL: 2013-06-04 15:41; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - ExtSQL: 2013-06-04 15:42; lfind@nijadsoft.net; C:\Program Files (x86)\LyricsFinder\FF

FF - ExtSQL: 2013-06-27 14:21; ffxtlbr@delta.com; C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\ffxtlbr@delta.com

FF - ExtSQL: 2013-07-08 16:49; ascsurfingprotection@iobit.com; C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\ascsurfingprotection@iobit.com

FF - ExtSQL: 2013-07-08 19:47; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - 9ad302c2000000000000d067e5f69798

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15883

FF - user.js: extensions.delta.vrsn - 1.8.21.5

FF - user.js: extensions.delta.vrsni - 1.8.21.5

FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:21:14

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - pt

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.ffxUnstlRst - true

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta_i.babTrack - affID=122471&tt=250613_gr5&tsp=4926

FF - user.js: extensions.delta_i.babExt -

FF - user.js: extensions.delta_i.srcExt - ss

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

============= SERVICES / DRIVERS ===============

.

R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-9-24 22600]

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2012-9-24 12368]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-4-25 270824]

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-18 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-18 189936]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-4 55856]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2013-4-25 131232]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-9-7 1030952]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-9-7 378944]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-25 283200]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-4-4 89600]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-6-7 806776]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-9-7 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-7 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-26 46808]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-5-26 137960]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-11 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-11 701512]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-4-4 176096]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-4 317440]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-11 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\ASCService.exe [2013-7-8 574272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 dealplylive;Serviço do DealPly Live (dealplylive); [x]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]

S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Users\Gustavo\Desktop\Gustavo\Programas\BitComet\tools\BitCometService.exe -service --> C:\Users\Gustavo\Desktop\Gustavo\Programas\BitComet\tools\BitCometService.exe -service [?]

S3 dealplylivem;Serviço do DealPly Live (dealplylivem); [x]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-4-4 158976]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-22 19456]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-4-4 250984]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-22 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-22 30208]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-07-12 01:45:02 -------- d-sh--w- C:\Users\Gustavo\AppData\Roaming\bc

2013-07-12 00:22:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-07-12 00:22:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-11 19:18:54 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{279AC982-F377-4309-8E1D-45AC5EAC604F}\offreg.dll

2013-07-11 17:13:21 -------- d-sh--w- C:\bd17

2013-07-10 01:52:59 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll

2013-07-10 01:52:59 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll

2013-07-10 01:52:58 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll

2013-07-10 01:52:58 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll

2013-07-10 01:52:58 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll

2013-07-10 01:52:58 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll

2013-07-10 01:52:58 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll

2013-07-10 01:52:56 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-07-10 01:52:56 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-07-10 01:52:55 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-10 01:52:54 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-10 01:48:40 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-07-10 01:48:38 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 01:48:36 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 01:48:12 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-07-10 01:48:11 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-07-10 01:34:24 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{279AC982-F377-4309-8E1D-45AC5EAC604F}\mpengine.dll

2013-07-08 23:13:24 -------- d-----w- C:\ProgramData\Sports Interactive

2013-07-08 22:47:38 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar

2013-07-08 22:47:38 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2013-07-08 22:47:38 -------- d-----w- C:\Program Files (x86)\Application Updater

2013-06-27 17:21:19 -------- d-----w- C:\ProgramData\BrowserDefender

2013-06-27 17:21:13 -------- d-----w- C:\Users\Gustavo\AppData\Roaming\Delta

2013-06-24 23:03:58 -------- d-----w- C:\Windows\pss

2013-06-24 12:12:06 -------- d-----w- C:\Users\Gustavo\AppData\Local\DealPlyLive

2013-06-24 12:12:06 -------- d-----w- C:\ProgramData\DealPlyLive

2013-06-24 03:50:48 -------- d-----w- C:\Users\Gustavo\AppData\Local\{FE6FE1E3-285C-4FA4-9317-1F27E26219BA}

2013-06-23 22:24:12 -------- d-----w- C:\Users\Gustavo\AppData\Local\{745339B6-2F30-4CBC-B901-943FB161340B}

2013-06-22 17:14:40 -------- d-----w- C:\Users\Gustavo\AppData\Local\{CF0672DD-BECE-42E0-912E-413F23B84B29}

2013-06-21 21:39:13 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-21 14:05:49 -------- d-----w- C:\Users\Gustavo\AppData\Local\{C72C9E75-30B7-4106-B53B-F53A3C5D43BB}

2013-06-19 15:31:33 -------- d-----w- C:\Users\Gustavo\AppData\Local\{03DC5F98-21E2-4FD2-A4AE-DD7823D86E83}

2013-06-17 23:08:41 -------- d-----w- C:\Users\Gustavo\AppData\Local\{528452C6-750E-4E87-9FAE-408E7BDC1EFF}

2013-06-17 15:32:42 -------- d-----w- C:\Users\Gustavo\AppData\Local\{1B09F038-F576-4901-A765-A3AC57ED91ED}

2013-06-16 06:56:05 -------- d-----w- C:\Users\Gustavo\AppData\Local\{CA462543-FE5F-40F3-BCFE-761388B4E87E}

2013-06-13 13:55:40 -------- d-----w- C:\Users\Gustavo\AppData\Local\{1BD88D45-9885-4C04-9EC8-95519AB8AC6F}

2013-06-12 15:21:16 -------- d-----w- C:\Users\Gustavo\AppData\Local\{BFF33193-6DCE-47DC-915A-9D0FED051DD3}

2013-06-12 14:45:09 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-12 14:45:08 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-06-12 14:45:07 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

.

==================== Find3M ====================

.

2013-06-28 02:15:53 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-06-28 02:15:53 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-06-13 00:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-13 00:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-12 18:15:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 18:15:24 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-06-04 18:36:50 42297 ----a-w- C:\Windows\System32\uninstall.exe

2013-06-04 18:36:21 715038 ----a-w- C:\Windows\unins000.exe

2013-06-04 18:36:21 1178713 ----a-w- C:\Windows\SysWow64\unins000.exe

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-05-09 08:59:06 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2013-05-09 08:59:06 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys

2013-05-09 08:59:06 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr

2013-05-02 05:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-04-17 23:20:34 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe

2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

.

============= FINISH: 22:51:00,16 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 04/04/2012 13:13:37

System Uptime: 11/07/2013 22:42:42 (0 hours ago)

.

Motherboard: Dell Inc. | | 0X0DC1

Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 918 GiB total, 802,49 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Generic Bluetooth Adapter

Device ID: USB\VID_0CF3&PID_3002\6&32966175&0&4

Manufacturer: GenericAdapter

Name: Generic Bluetooth Adapter

PNP Device ID: USB\VID_0CF3&PID_3002\6&32966175&0&4

Service: BTHUSB

.

==== System Restore Points ===================

.

RP220: 11/07/2013 22:48:29 - ComboFix created restore point

.

==== Installed Programs ======================

.

AcqKnowledge 3.9.1

AcqKnowledge 4.1

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3) MUI

Adobe Reader X (10.1.7)

Advanced Audio FX Engine

Advanced SystemCare 6

Age of Empires III

Age of Empires III - The Asian Dynasties

ATnotes Version 9.5

avast! Premier

BitComet 1.32

Bluetooth Win7 Suite (64)

BrowserDefender

Call of Duty

Call of Duty - United Offensive

Championship Manager 01-02

CM4

Codec Pack Packages

Company of Heroes

Controle ActiveX do Windows Live Mesh para Conexões Remotas

CyberLink PowerDVD 9.5

D3DX10

DAEMON Tools Lite

DC-Bass Source 1.3.0

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Bluetooth Installation

Dell Edoc Viewer

Dell Getting Started Guide

Dell PhotoStage

Dell Stage

Dell Support Center

Dell Touchpad

Dell VideoStage

Dell Webcam Central

Delta Chrome Toolbar

Delta toolbar

DirectVobSub 2.40.4209

DirectX 9 Runtime

Dropbox

Facebook Video Calling 1.2.0.287

ffdshow v1.1.4399 [2012-03-22]

Football Manager 2012

Google Chrome

Google Earth

Google Update Helper

GTA San Andreas

Haali Media Splitter

Instalação do DivX

Intel® Processor Graphics

Internet Turbo

IObit Apps Toolbar v7.2

Java 7 Update 25

Java Auto Updater

Java 7 Update 1 (64-bit)

Junk Mail filter update

K-Lite Codec Pack 7.1.0 (Standard)

K Media Center v9.1

Karaoke for DirectX (remove only)

Lagarith Lossless Codec (1.3.27)

LAME v3.99.3 (for Windows)

League of Legends

Lyrics Finder

Malwarebytes Anti-Malware versão 1.75.0.1300

MATLAB R2011a

MATLAB R2012a

Medal of Honor Pacific Assault

Media Player Codec Pack 4.2.0

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MiKTeX 2.9

Mozilla Firefox 14.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NBA 2K13

Need for Speed Underground 2

Octoshape Streaming Services

OpenSource Flash Video Splitter 1.0.0.5

Palco de Música da Dell

Pando Media Booster

PDF Creator

PhotoShowExpress

PowerISO

Quickset64

Race Driver 3

RBVirtualFolder64Inst

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Rugby Challenge

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype™ 6.5

Sonic CinePlayer Decoder Pack

STDU Viewer version 1.6.186.0

TeXnicCenter Version 1.0 Stable RC1

Unity Web Player

Update for Codec Pack

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinEdt 6

WinRAR 4.11 (32-bit)

WinRAR 5.00 beta 2 (64-bit)

Xvid Video Codec

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em Choose File coloque: C:\Users\Gustavo\AppData\Roaming\bc\aa8ca.js

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Antivírus Resultado Atualização

Agnitum 20130716

AhnLab-V3 20130716

AntiVir 20130716

Antiy-AVL 20130716

Avast 20130716

AVG JS/Agent 20130716

BitDefender 20130716

ByteHero 20130613

CAT-QuickHeal 20130716

ClamAV 20130716

Commtouch 20130716

Comodo 20130716

DrWeb JS.Proslikefan.1 20130716

Emsisoft 20130716

eSafe 20130714

ESET-NOD32 20130716

F-Prot 20130716

F-Secure Worm:JS/Proslikefan.B 20130716

Fortinet 20130716

GData 20130716

Ikarus 20130716

Jiangmin 20130716

K7AntiVirus Trojan 20130716

K7GW Trojan 20130716

Kaspersky HEUR:Worm.Script.Generic 20130716

Kingsoft 20130708

Malwarebytes 20130716

McAfee 20130716

McAfee-GW-Edition 20130716

Microsoft Worm:JS/Proslikefan.gen!H 20130716

MicroWorld-eScan 20130716

NANO-Antivirus Trojan.Script.Heuristic-js.iacgm 20130716

Norman 20130716

nProtect 20130716

Panda JS/Proslikefan.gen 20130716

PCTools 20130716

Rising 20130712

Sophos Troj/ObfJS-EF 20130716

SUPERAntiSpyware 20130716

Symantec 20130716

TheHacker 20130715

TotalDefense 20130716

TrendMicro JS_MORPHE.SM5 20130716

TrendMicro-HouseCall JS_MORPHE.SM5 20130716

VBA32 20130715

VIPRE 20130716

ViRobot 20130716

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-07-24.03 - Gustavo 25/07/2013 12:08:32.4.4 - x64

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.4004.2847 [GMT -3:00]

Executando de: c:\users\Gustavo\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\boost_interprocess\20130725023521.602646

c:\programdata\boost_interprocess\20130725023521.602646\sf.cnv-db

c:\users\Gustavo\AppData\Roaming\unins000.exe

.

A cópia de c:\windows\SysWow64\userinit.exe foi encontrada e desinfectada

Cópia restaurada de - c:\windows\erdnt\cache86\userinit.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-06-25 to 2013-07-25 ))))))))))))))))))))))))))))

.

.

2013-07-25 15:17 . 2013-07-25 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-24 16:18 . 2013-07-25 15:16 -------- d-----w- c:\programdata\boost_interprocess

2013-07-24 16:13 . 2013-07-25 15:18 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

2013-07-24 16:13 . 2013-05-08 12:52 49536 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys

2013-07-24 16:13 . 2013-07-24 16:13 -------- d-----w- c:\program files (x86)\GbPlugin

2013-07-24 16:13 . 2013-07-24 16:13 -------- d-----w- c:\programdata\GbPlugin

2013-07-24 16:12 . 2013-07-25 01:03 -------- d-----w- c:\programdata\GAS Tecnologia

2013-07-24 16:12 . 2013-07-24 16:12 -------- d-----w- c:\users\Gustavo\AppData\Local\GAS Tecnologia

2013-07-23 19:19 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED97C89D-2F00-4C93-86DE-9E11E92A22F5}\mpengine.dll

2013-07-18 02:16 . 2013-07-18 03:23 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z..ZZZ.ZZZZ.Z.ZZ

2013-07-18 00:53 . 2013-07-18 02:16 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZZ.ZZZZZ....Z

2013-07-18 00:29 . 2013-05-09 08:59 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-07-18 00:29 . 2013-05-09 08:59 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-07-18 00:29 . 2013-05-09 08:59 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-07-18 00:29 . 2013-03-13 18:01 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2013-07-17 23:25 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-07-17 23:25 . 2013-07-17 23:25 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-07-17 23:25 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-07-17 23:25 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-07-17 23:25 . 2013-07-17 23:25 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-07-17 23:25 . 2013-07-17 23:25 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-07-17 23:25 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-07-17 23:25 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-07-17 23:25 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr

2013-07-17 20:20 . 2013-07-17 22:40 -------- d-----w- c:\windows\ELAMBKUP

2013-07-17 20:20 . 2013-07-17 22:40 -------- d-----w- c:\programdata\Kaspersky Lab

2013-07-17 18:39 . 2013-07-17 18:39 -------- d-s---w- c:\windows\SysWow64\Microsoft

2013-07-17 17:29 . 2013-07-17 17:43 -------- d-----w- c:\programdata\F-Secure

2013-07-17 17:28 . 2013-07-17 17:29 -------- d-----w- c:\programdata\MFAData

2013-07-17 17:28 . 2013-07-17 17:28 -------- d-----w- c:\users\Gustavo\AppData\Local\MFAData

2013-07-17 17:28 . 2013-07-17 17:28 -------- d-----w- c:\users\Gustavo\AppData\Local\Avg2013

2013-07-16 11:49 . 2013-07-16 11:49 -------- d-----w- c:\users\Gustavo\AppData\Roaming\PSafe

2013-07-16 11:49 . 2013-07-16 20:01 -------- d-----w- c:\users\Gustavo\AppData\Local\PSafe

2013-07-16 11:47 . 2013-07-04 01:12 384000 ----a-r- c:\windows\system32\PsClikS64.dll

2013-07-16 11:47 . 2013-07-04 01:12 323584 ----a-r- c:\windows\SysWow64\PsClikS.dll

2013-07-16 11:47 . 2013-07-16 11:57 -------- d-----w- c:\windows\system32\MRT

2013-07-16 11:46 . 2013-07-10 12:19 288688 ----a-r- c:\windows\system32\drivers\360FltOEM.sys

2013-07-16 11:45 . 2013-07-16 17:49 -------- d-----w- c:\programdata\PSafe

2013-07-12 18:12 . 2013-07-12 18:12 -------- d-----w- c:\users\Gustavo\AppData\Roaming\WebCake

2013-07-12 18:12 . 2013-07-12 18:12 -------- d-----w- c:\users\Gustavo\AppData\Roaming\ExpressFiles

2013-07-12 12:27 . 2013-07-12 12:27 -------- d-----w- c:\programdata\Baidu Security

2013-07-12 12:27 . 2013-07-12 12:27 -------- d-----w- c:\programdata\Baidu

2013-07-12 12:04 . 2013-07-12 12:04 -------- d-----w- c:\program files\CCleaner

2013-07-11 17:13 . 2013-07-11 17:13 -------- d-----w- C:\bd17

2013-07-10 11:14 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll

2013-07-10 01:52 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-10 01:52 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-10 01:52 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-10 01:52 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll

2013-07-10 01:52 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll

2013-07-10 01:52 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll

2013-07-10 01:52 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll

2013-07-10 01:52 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll

2013-07-10 01:52 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-07-10 01:52 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-10 01:52 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-07-10 01:48 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-07-10 01:48 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 01:48 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 01:48 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-07-10 01:48 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-07-08 23:13 . 2013-07-08 23:13 -------- d-----w- c:\programdata\Sports Interactive

2013-07-08 22:47 . 2013-07-08 22:47 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2013-06-27 17:21 . 2013-06-27 17:21 -------- d-----w- c:\programdata\BrowserDefender

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-12 17:10 . 2012-04-04 15:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-12 17:10 . 2012-04-04 15:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-24 03:57 . 2013-02-19 14:37 78277128 ----a-w- c:\windows\system32\MRT.exe

2013-06-21 15:03 . 2013-06-21 15:03 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-06-21 15:03 . 2013-06-21 15:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-06-21 15:03 . 2013-06-21 15:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-06-21 15:03 . 2013-06-21 15:03 81408 ----a-w- c:\windows\system32\icardie.dll

2013-06-21 15:03 . 2013-06-21 15:03 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-06-21 15:03 . 2013-06-21 15:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-06-21 15:03 . 2013-06-21 15:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-06-21 15:03 . 2013-06-21 15:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-06-21 15:03 . 2013-06-21 15:03 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-06-21 15:03 . 2013-06-21 15:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-06-21 15:03 . 2013-06-21 15:03 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-06-21 15:03 . 2013-06-21 15:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-06-21 15:03 . 2013-06-21 15:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-06-21 15:03 . 2013-06-21 15:03 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-06-21 15:03 . 2013-06-21 15:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-06-21 15:03 . 2013-06-21 15:03 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-06-21 15:03 . 2013-06-21 15:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-06-21 15:03 . 2013-06-21 15:03 441856 ----a-w- c:\windows\system32\html.iec

2013-06-21 15:03 . 2013-06-21 15:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-06-21 15:03 . 2013-06-21 15:03 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-06-21 15:03 . 2013-06-21 15:03 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-06-21 15:03 . 2013-06-21 15:03 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-06-21 15:03 . 2013-06-21 15:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-06-21 15:03 . 2013-06-21 15:03 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-06-21 15:03 . 2013-06-21 15:03 235008 ----a-w- c:\windows\system32\url.dll

2013-06-21 15:03 . 2013-06-21 15:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-06-21 15:03 . 2013-06-21 15:03 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-06-21 15:03 . 2013-06-21 15:03 216064 ----a-w- c:\windows\system32\msls31.dll

2013-06-21 15:03 . 2013-06-21 15:03 197120 ----a-w- c:\windows\system32\msrating.dll

2013-06-21 15:03 . 2013-06-21 15:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-06-21 15:03 . 2013-06-21 15:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-06-21 15:03 . 2013-06-21 15:03 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-06-21 15:03 . 2013-06-21 15:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-06-21 15:03 . 2013-06-21 15:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-06-21 15:03 . 2013-06-21 15:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-06-21 15:03 . 2013-06-21 15:03 149504 ----a-w- c:\windows\system32\occache.dll

2013-06-21 15:03 . 2013-06-21 15:03 144896 ----a-w- c:\windows\system32\wextract.exe

2013-06-21 15:03 . 2013-06-21 15:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-06-21 15:03 . 2013-06-21 15:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-06-21 15:03 . 2013-06-21 15:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-06-21 15:03 . 2013-06-21 15:03 13824 ----a-w- c:\windows\system32\mshta.exe

2013-06-21 15:03 . 2013-06-21 15:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-06-21 15:03 . 2013-06-21 15:03 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-06-21 15:03 . 2013-06-21 15:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-06-21 15:03 . 2013-06-21 15:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-06-21 15:03 . 2013-06-21 15:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-06-21 15:03 . 2013-06-21 15:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-06-21 15:03 . 2013-06-21 15:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-06-21 15:03 . 2013-06-21 15:03 102912 ----a-w- c:\windows\system32\inseng.dll

2013-06-13 00:48 . 2012-11-25 03:15 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-13 00:48 . 2012-04-04 15:39 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-13 00:47 . 2013-06-21 21:39 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-04 18:36 . 2013-06-04 18:36 42297 ----a-w- c:\windows\system32\uninstall.exe

2013-06-04 18:36 . 2013-06-04 18:36 1178713 ----a-w- c:\windows\SysWow64\unins000.exe

2013-06-04 18:36 . 2013-06-04 18:36 715038 ----a-w- c:\windows\unins000.exe

2013-05-13 05:51 . 2013-06-12 14:44 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 05:51 . 2013-06-12 14:44 1464320 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 05:51 . 2013-06-12 14:44 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 05:50 . 2013-06-12 14:44 52224 ----a-w- c:\windows\system32\certenc.dll

2013-05-13 04:45 . 2013-06-12 14:44 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-05-13 04:45 . 2013-06-12 14:44 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-05-13 04:45 . 2013-06-12 14:44 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-05-13 03:43 . 2013-06-12 14:44 1192448 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-12 14:44 903168 ----a-w- c:\windows\SysWow64\certutil.exe

2013-05-13 03:08 . 2013-06-12 14:44 43008 ----a-w- c:\windows\SysWow64\certenc.dll

2013-05-11 00:50 . 2010-06-24 14:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-10 05:49 . 2013-06-12 14:44 30720 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-10 03:20 . 2013-06-12 14:44 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

2013-05-09 08:58 . 2012-09-07 17:23 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-05-08 06:39 . 2013-06-12 14:45 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-02 05:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-02 3093624]

"ATnotes.exe"="c:\program files (x86)\ATnotes\ATnotes.exe" [2005-01-05 1015808]

"Advanced SystemCare 6"="c:\users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

.

c:\users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Gustavo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-07-15 14:23 1410088 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 dealplylive;Serviço do DealPly Live (dealplylive); [x]

R2 PSafeSVC;PSafeSVC; [x]

R2 PSafeWD;PSafeWD; [x]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

R3 dealplylivem;Serviço do DealPly Live (dealplylivem); [x]

R3 esgiguard;esgiguard; [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

R4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\users\Gustavo\Desktop\Gustavo\Programas\BitComet\tools\BitCometService.exe;c:\users\Gustavo\Desktop\Gustavo\Programas\BitComet\tools\BitCometService.exe [x]

R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]

S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys;c:\windows\SYSNATIVE\drivers\aswNdis2.sys [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 360FltOEM;360FltOEM mini-filter driver;c:\windows\system32\DRIVERS\360FltOEM.sys;c:\windows\SYSNATIVE\DRIVERS\360FltOEM.sys [x]

S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys;c:\windows\SYSNATIVE\drivers\aswFW.sys [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\ASCService.exe;c:\users\Gustavo\Desktop\Gustavo\Programas\Advanced SystemCare 6\ASCService.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-13 00:02 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:10]

.

2013-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1323780977-678604208-531105928-1000Core.job

- c:\users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-16 22:47]

.

2013-07-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1323780977-678604208-531105928-1000UA.job

- c:\users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-16 22:47]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03 17:18]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03 17:18]

.

2013-07-25 c:\windows\Tasks\Lyrics Finder Update.job

- c:\program files (x86)\LyricsFinder\LyricsFinderUpdater.exe [2013-02-27 19:59]

.

2013-07-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]

.

2013-07-24 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2011-12-14 04:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=BR&userid=1e8c2d3a-5f0a-42f3-957b-a586abb8128f&searchtype=ds&q={searchTerms}&installDate=29/04/2013

IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 189.7.176.16 189.7.176.15 201.6.4.116

FF - ProfilePath - c:\users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=

FF - ExtSQL: 2013-06-04 15:42; lfind@nijadsoft.net; c:\program files (x86)\LyricsFinder\FF

FF - ExtSQL: 2013-06-11 07:08; ascsurfingprotection@iobit.com; c:\users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\ascsurfingprotection@iobit.com

FF - ExtSQL: 2013-06-27 14:21; ffxtlbr@delta.com; c:\users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\ffxtlbr@delta.com

FF - ExtSQL: 2013-07-12 15:12; plugin@getwebcake.com; c:\users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\tpp5xmmo.default\extensions\plugin@getwebcake.com

FF - ExtSQL: 2013-07-24 13:12; {87F8774F-B485-47E2-A755-A40A8A5E886C}; c:\users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - 9ad302c2000000000000d067e5f69798

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15883

FF - user.js: extensions.delta.vrsn - 1.8.21.5

FF - user.js: extensions.delta.vrsni - 1.8.21.5

FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:21

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - pt

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.ffxUnstlRst - true

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta_i.babTrack - affID=122471&tt=250613_gr5&tsp=4926

FF - user.js: extensions.delta_i.babExt -

FF - user.js: extensions.delta_i.srcExt - ss

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

FF - user.js: extentions.webcake.installId - 0ef56f3e-7c5f-4f26-9cb8-11f4dcb6d375

FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc

.

.

------- Associação de arquivos/ficheiros -------

.

.txt=STDUViewerFile.TXT

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{398C01F1-E584-46AD-A649-4F78B435DCFE} - (no file)

BHO-{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - (no file)

Toolbar-Locked - (no file)

Toolbar-{82E1477C-B154-48D3-9891-33D83C26BCD3} - (no file)

BHO-{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - (no file)

AddRemove-Championship Manager 01-02 - c:\windows\IsUn0816.exe

AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Gustavo\AppData\Roaming\unins000.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

"Key"="ActionsPane3"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-07-25 12:24:32 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-07-25 15:24

ComboFix2.txt 2013-07-19 20:35

.

Pré-execução: 859.425.849.344 bytes disponíveis

Pós execução: 859.398.529.024 bytes disponíveis

.

- - End Of File - - D06A590187AAD3EA8208DE6D37882872

D41D8CD98F00B204E9800998ECF8427E

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Status: Detected (events: 2)

30/07/2013 21:17:26 Detected virus HEUR:Worm.Script.Generic C:\Qoobox\Quarantine\C\Users\Gustavo\AppData\Roaming\bc\aa8ca.js.vir High

30/07/2013 21:53:18 Detected virus HEUR:Worm.Script.Generic C:\Windows\pss\f8c.js.Startup High

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vá em Meu Computador, no menu ferramentas > opções de pasta > modos de exibição, role a barra vertical e marque a opção Mostrar pastas e arquivos ocultos.

Procure e exclua o seguinte arquivo:

C:\Windows\pss\f8c.js <- este arquivo

Feito isso, poste novo log do DDS.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×