o que fazer com isso?

[ccapellari]

ComboFix 13-11-27.01 - User 11/12/2013 16:22:49.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2814.1378 [GMT -2:00]

Executando de: c:\users\User\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

/wow section - STAGE 43

O arquivo já está sendo usado por outro processo.

O arquivo já está sendo usado por outro processo.

O arquivo já está sendo usado por outro processo.

O arquivo já está sendo usado por outro processo.

O arquivo já está sendo usado por outro processo.

O sistema não pode encontrar o arquivo LockedB.

O sistema não pode encontrar o arquivo lockedB.

O sistema não pode encontrar o arquivo LockedB.

grep: temp2401: No such file or directory

O sistema não pode encontrar o arquivo LockedB.

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\chrome.manifest

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\funmoods.css

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\funmoods.xul

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\images\pref.jpg

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\arwDwn.gif

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\ae.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\bg.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\ch.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\cn.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\cz.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\de.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\eg.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\en.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\es.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\fr.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\gr.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\he.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\il.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\it.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\ja.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\jp.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\nl.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\no.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\pl.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\pt.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\ro.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\ru.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\sa.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\se.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\sv.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\tr.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\ua.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\flgs\us.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\help_16.gif

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\home.gif

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\logo.png

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\privecy_16_hot.gif

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\imgs\tellafriend.gif

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\loader.xul

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\mtstart.js

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\preferences.xul

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\content\tmplt.js

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\install.rdf

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf

c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\extensions\[email protected]\META-INF\manifest.mf

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-11 to 2013-12-11 ))))))))))))))))))))))))))))

.

.

2013-12-11 18:35 . 2013-12-11 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-10 00:23 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46D1206E-D554-4CCE-A93D-4B574E99603B}\mpengine.dll

2013-12-09 11:29 . 2013-12-09 11:29 -------- d-----w- c:\programdata\Hewlett-Packard

2013-12-09 11:29 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

2013-12-08 18:01 . 2007-05-16 18:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2013-12-03 20:12 . 2013-12-03 20:12 0 ----a-w- c:\users\User\AppData\Roaming\w.vbs.bin

2013-12-03 20:12 . 2013-12-02 10:04 209007 --sha-w- c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w.vbs

2013-11-27 16:09 . 2013-11-27 16:09 -------- d-----w- c:\users\User\AppData\Roaming\FocusChina

2013-11-27 16:09 . 2013-11-27 16:09 -------- d-----w- c:\programdata\FocusChina

2013-11-27 16:08 . 2013-11-30 21:33 -------- d-----w- c:\program files (x86)\TradeMessenger-en

2013-11-24 12:52 . 2013-12-08 16:21 -------- d-----w- c:\users\User\AppData\Roaming\.minecraft

2013-11-20 18:22 . 2013-11-20 18:22 -------- d-----w- c:\users\User\AppData\Roaming\Alibaba

2013-11-18 02:01 . 2013-11-18 02:01 -------- d-----w- c:\windows\SysWow64\aliedit

2013-11-18 02:00 . 2013-11-27 16:32 -------- d-----w- c:\program files (x86)\Trademanager

2013-11-18 01:50 . 2013-11-18 01:50 -------- d-----w- c:\users\User\AppData\Local\Alibaba

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-25 23:43 . 2010-01-10 03:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-25 23:43 . 2010-01-10 03:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-11-19 05:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-11-12 18:30 . 2010-01-10 17:43 409832 ----a-w- c:\windows\system32\drivers\aswsp.sys

2013-11-04 20:46 . 2013-11-04 00:59 57096 ----a-w- c:\windows\system32\certsentry.dll

2013-11-04 20:46 . 2013-11-04 00:59 48392 ----a-w- c:\windows\SysWow64\certsentry.dll

2013-11-04 00:59 . 2013-11-04 00:59 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2013-11-02 17:39 . 2013-11-02 17:39 35352 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys

2013-10-22 18:51 . 2013-03-06 22:19 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-10-22 18:51 . 2013-03-06 22:19 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-10-22 18:51 . 2010-01-10 17:43 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-10-22 18:51 . 2010-01-10 17:43 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-10-22 18:51 . 2010-01-10 17:43 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-10-22 18:51 . 2010-01-10 17:43 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-10-22 18:51 . 2010-01-10 17:43 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-10-22 18:51 . 2010-01-10 17:43 334648 ----a-w- c:\windows\system32\aswBoot.exe

2013-10-22 18:51 . 2010-01-10 17:42 43152 ----a-w- c:\windows\avastSS.scr

2013-10-08 09:50 . 2013-10-29 23:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-08-25 00:07 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-08-25 00:07 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-08-25 00:07 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 130736 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 130736 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 130736 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20551328]

"aliim"="c:\program files (x86)\Trademanager\AliIM.exe" [2013-08-22 293272]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-04 1300560]

"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-11-07 1707472]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-28 3567800]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\b1975c99-e6c0-4190-9f33-7f388242d60b.exe" [2013-11-24 180184]

.

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

w.vbs [2013-12-2 209007]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:845d46608 /wow /dir:C:\Program

.

R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 k57nd;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57amd64.sys;c:\windows\SYSNATIVE\DRIVERS\k57amd64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S2 APNMCP;Serviço de atualização Ask;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-04 23:48 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2010-01-10 23:43]

.

2013-12-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3314876239-30945534-4234132323-1000Core.job

- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-24 23:26]

.

2013-12-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3314876239-30945534-4234132323-1000UA.job

- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-24 23:26]

.

2013-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 18:47]

.

2013-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 18:47]

.

2013-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3314876239-30945534-4234132323-1000Core.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-16 00:27]

.

2013-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3314876239-30945534-4234132323-1000UA.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-16 00:27]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-08-25 00:07 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-08-25 00:07 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-08-25 00:07 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-10-22 18:51 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-09-25 20:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-09-25 20:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-09-25 20:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-09-25 20:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-09-25 20:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.br/

mStart Page = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDyD0F0DtAyD0EtCtDyC0BtN0D0Tzu0StBtAzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=2084513617

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

TCP: DhcpNameServer = 182.20.65.1 187.0.12.5 8.8.8.8

TCP: Interfaces\{11D50CFD-8B92-4644-AF30-F6D43F229138}: NameServer = 192.168.107.1

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6vue23o6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br

FF - ExtSQL: !HIDDEN! 2012-08-17 15:48; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDyD0F0DtAyD0EtCtDyC0BtN0D0Tzu0StBtAzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=2084513617

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDyD0F0DtAyD0EtCtDyC0BtN0D0Tzu0StBtAzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=2084513617

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDyD0F0DtAyD0EtCtDyC0BtN0D0Tzu0StBtAzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=2084513617&q=

FF - user.js: extensions.funmoods.id - 78E4005FD35E106B

FF - user.js: extensions.funmoods.instlDay - 15579

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2221:1:5

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - ironpub

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - ironpub

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

user_pref('extensions.dealply.partner', 'vn');

user_pref('extensions.dealply.channel', 'pcdealply');

user_pref('extensions.dealply.installId', 'v24300269410603909097372012103115551029');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)

Toolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Wow6432Node-HKCU-Run-w - c:\users\User\AppData\Roaming\w.vbs

Wow6432Node-HKLM-Run-LearnWords Launcher - c:\program files (x86)\LearnWords\LearnWords.exe

Toolbar-10 - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-11 16:40:59

ComboFix-quarantined-files.txt 2013-12-11 18:40

.

Pré-execução: 151.554.850.816 bytes disponíveis

Pós execução: 151.487.315.968 bytes disponíveis

.

- - End Of File - - D98C2FC4E71D5D4B974D03F9910D115E

A36C5E4F47E84449FF07ED3517B43A31

[MaGiCo PuGâ]

Bem confusa sua pergunta. exemplifique melhor (resuma)...

[ccapellari]

Favor ignorar essa postagem.

Na verdade queria excluir o wscript, mas já fiz isso.

Eu confundi umas coisas.

Favor excluir postagem.