Ir ao conteúdo
  • Cadastre-se
andre.timao

Limpeza no notebook

Recommended Posts

Olá!

Meu notebook é acessado por muita gente e acabo perdendo o controle do que tem nele. De uns tempos pra cá estou sendo importunado por um aviso de um tal de Baidu PC Faster que NÃO aparece na lista para desinstalar. Tirando esse problema, é mais uma limpeza de rotina mesmo.

Os logs estão anexados ao topico.

Desde já, agradecido pela atenção.

Abraços

attach.txt

dds.txt

gmer.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-19 21:06:02

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LM0 rev.2AR1 465,76GB

Running: gmer.exe; Driver: C:\Users\Filipe\AppData\Local\Temp\uwdiipod.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\windows\system32\drivers\USBPORT.SYS!DllUnload fffff88004dd1d8c 12 bytes {MOV RAX, 0xfffffa8006e402a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text C:\windows\system32\wininit.exe[656] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\system32\services.exe[716] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\system32\winlogon.exe[796] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\system32\svchost.exe[880] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\system32\nvvsvc.exe[968] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\System32\svchost.exe[448] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\System32\svchost.exe[576] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\system32\svchost.exe[668] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\system32\svchost.exe[992] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\system32\AUDIODG.EXE[1088] C:\windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\system32\svchost.exe[1228] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1360] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\system32\svchost.exe[1452] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\System32\spoolsv.exe[1716] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1884] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1920] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1996] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[644] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[1384] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1352] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\windows\system32\svchost.exe[1616] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[1948] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\windows\system32\svchost.exe[2528] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\system32\wbem\wmiprvse.exe[2608] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\windows\system32\taskhost.exe[3168] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3276] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\windows\Explorer.EXE[3300] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\Program Files (x86)\uTorrent\uTorrent.exe[3568] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\uTorrent\uTorrent.exe[3568] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076811465 2 bytes [81, 76]

.text C:\Program Files (x86)\uTorrent\uTorrent.exe[3568] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768114bb 2 bytes [81, 76]

.text ... * 2

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3824] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe[3944] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\windows\system32\SearchIndexer.exe[3952] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[1056] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[2300] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[2652] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe[3140] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3220] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[816] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3700] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3700] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076811465 2 bytes [81, 76]

.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3700] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768114bb 2 bytes [81, 76]

.text ... * 2

.text C:\windows\system32\igfxsrvc.exe[4044] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2384] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[404] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2452] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007799eecd 1 byte [62]

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[4476] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

.text C:\Users\Filipe\Desktop\Seg\gmer\gmer.exe[3740] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007607a2ba 1 byte [62]

---- Kernel IAT/EAT - GMER 2.1 ----

IAT C:\windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff88001104650] \SystemRoot\System32\Drivers\spsf.sys [unknown section]

IAT C:\windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880011045dc] \SystemRoot\System32\Drivers\spsf.sys [unknown section]

IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010cf35c] \SystemRoot\System32\Drivers\spsf.sys [unknown section]

IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010cf224] \SystemRoot\System32\Drivers\spsf.sys [unknown section]

IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010cfa24] \SystemRoot\System32\Drivers\spsf.sys [unknown section]

IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010cfba0] \SystemRoot\System32\Drivers\spsf.sys [unknown section]

---- Devices - GMER 2.1 ----

Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 fffffa8003fb82c0

Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 fffffa8003fb82c0

Device \Driver\iaStor \Device\Ide\iaStor0 fffffa8003fb82c0

Device \Driver\ah49eaah \Device\Scsi\ah49eaah1 fffffa8006e9f2c0

Device \Driver\ah49eaah \Device\Scsi\ah49eaah1Port1Path0Target0Lun0 fffffa8006e9f2c0

Device \FileSystem\Ntfs \Ntfs fffffa8003fc02c0

Device \Driver\NetBT \Device\NetBT_Tcpip_{A67B5B58-6AC9-413F-9A24-BE55D29B57BE} fffffa8006d4d2c0

Device \Driver\NetBT \Device\NetBT_Tcpip_{F1B3C4A0-514B-48E3-AFE5-4DEDE5763375} fffffa8006d4d2c0

Device \Driver\usbehci \Device\USBPDO-1 fffffa8006e422c0

Device \Driver\cdrom \Device\CdRom0 fffffa80051c62c0

Device \Driver\cdrom \Device\CdRom1 fffffa80051c62c0

Device \Driver\NetBT \Device\NetBT_Tcpip_{5F607F51-CC5A-4FB0-AA22-E5F1FE970C6A} fffffa8006d4d2c0

Device \Driver\usbehci \Device\USBFDO-0 fffffa8006e422c0

Device \Driver\NetBT \Device\NetBT_Tcpip_{7E73F1BE-8166-49A9-86EE-8CF6904FC96E} fffffa8006d4d2c0

Device \Driver\usbehci \Device\USBFDO-1 fffffa8006e422c0

Device \Driver\volmgr \Device\HarddiskVolume1 fffffa8003fb42c0

Device \Driver\volmgr \Device\FtControl fffffa8003fb42c0

Device \Driver\volmgr \Device\VolMgrControl fffffa8003fb42c0

Device \Driver\volmgr \Device\HarddiskVolume2 fffffa8003fb42c0

Device \Driver\volmgr \Device\HarddiskVolume3 fffffa8003fb42c0

Device \Driver\volmgr \Device\HarddiskVolume4 fffffa8003fb42c0

Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006d4d2c0

Device \Driver\iaStor \Device\ScsiPort0 fffffa8003fb82c0

Device \Driver\usbehci \Device\USBPDO-0 fffffa8006e422c0

Device \Driver\ah49eaah \Device\ScsiPort1 fffffa8006e9f2c0

---- Trace I/O - GMER 2.1 ----

Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003fb82c0]<< spsf.sys iaStor.sys hal.dll fffffa8003fb82c0

Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005110060] fffffa8005110060

Trace 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004de0050] fffffa8004de0050

Trace \Driver\iaStor[0xfffffa8004d995a0] -> IRP_MJ_CREATE -> 0xfffffa8003fb82c0 fffffa8003fb82c0

---- Modules - GMER 2.1 ----

Module \SystemRoot\System32\Drivers\ah49eaah.SYS fffff880051a2000-fffff880051e7000 (282624 bytes)

---- Services - GMER 2.1 ----

Service C:\windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!

Service C:\windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!

Service C:\windows\system32\drivers\aswRdr2.sys (*** hidden *** ) [sYSTEM] aswRdr <-- ROOTKIT !!!

Service C:\windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [bOOT] aswRvrt <-- ROOTKIT !!!

Service C:\windows\system32\drivers\aswSnx.sys (*** hidden *** ) [sYSTEM] aswSnx <-- ROOTKIT !!!

Service C:\windows\system32\drivers\aswSP.sys (*** hidden *** ) [sYSTEM] aswSP <-- ROOTKIT !!!

Service C:\windows\system32\drivers\aswTdi.sys (*** hidden *** ) [sYSTEM] aswTdi <-- ROOTKIT !!!

Service C:\windows\system32\drivers\aswVmm.sys (*** hidden *** ) [bOOT] aswVmm <-- ROOTKIT !!!

Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 3

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\windows\system32\drivers\aswFsBlk.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\windows\system32\drivers\aswRdr2.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 3

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 82806

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\windows

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\windows\system32\drivers\aswSnx.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\windows\system32\drivers\aswSP.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\windows\system32\drivers\aswTdi.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Gerencia e implementa os servi?os do avast! antiv?rus neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador de tarefas.

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1df46

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f59338f

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710db474

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132ae3286

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e9b7f3

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0x27 0xF9 0xDF ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0xA3 0xD5 0x1A ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7F 0xC8 0x3F 0x3F ...

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 3

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath \??\C:\windows\system32\drivers\aswFsBlk.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description Avast! Mini-filter Driver

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \??\C:\windows\system32\drivers\aswRdr2.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName avast! Revert

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 3

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 82806

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\windows

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath \??\C:\windows\system32\drivers\aswSnx.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath \??\C:\windows\system32\drivers\aswSP.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 0

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath \??\C:\windows\system32\drivers\aswTdi.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName aswTdi

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description aswTdi

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName avast! VM Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 288

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Gerencia e implementa os servi?os do avast! antiv?rus neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador de tarefas.

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1df46 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f59338f (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9710db474 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132ae3286 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e9b7f3 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0x27 0xF9 0xDF ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0xA3 0xD5 0x1A ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7F 0xC8 0x3F 0x3F ...

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 29/05/2012 17:35:38

System Uptime: 19/12/2013 18:49:47 (1 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 300E4A/300E5A/300E7A/3430EA/3530EA

Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU | 775/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 178 GiB total, 73,737 GiB free.

D: is FIXED (NTFS) - 265 GiB total, 265,152 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP175: 13/12/2013 12:16:06 - Instalado Microsoft Visual C++ 2005 Redistributable (x64)

RP176: 13/12/2013 12:17:26 - Instalado Microsoft Visual C++ 2005 Redistributable

RP177: 13/12/2013 12:18:26 - Instalou League of Legends

RP178: 13/12/2013 12:19:01 - DirectX instalado

RP179: 15/12/2013 01:28:37 - Windows Update

RP180: 15/12/2013 10:15:04 - Instalador de Módulos do Windows

RP181: 15/12/2013 11:46:17 - Removido Far Cry 3

RP182: 15/12/2013 14:41:49 - avast! antivirus system restore point

RP183: 15/12/2013 14:57:50 - Removed Norton Online Backup

RP184: 18/12/2013 23:25:34 - Windows Update

.

==== Installed Programs ======================

.

?? ??? ?? Windows Live Mesh ActiveX ???

??? ActiveX ?? Windows Live Mesh ???? ??????? ???????

???? ??? Windows Live

???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????

???? Windows Live

????? Windows Live

?????? ??????? ?? Windows Live

??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????

??????? Windows Live Mesh ActiveX ??(????)

??????? Windows Live Mesh ActiveX ???

???????? ?????????? Windows Live

????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)

?????????? Windows Live

??????????? ?? Windows Live

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh

ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.8)

Arquivo do WinRAR

Atheros Client Installation Program

µTorrent

aTube Catcher

avast! Free Antivirus

„Windows Live Essentials“

„Windows Live Mail“

„Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis

„Windows Live Messenger“

„Windows Live“ fotogalerija

Bluetooth Win7 Suite (64)

BS.Player FREE

CCleaner

Cebolinha Script

Claro

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

Control ActiveX Windows Live Mesh pentru conexiuni la distan?a

Controle ActiveX do Windows Live Mesh para Conexões Remotas

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

CyberLink Media Suite

CyberLink Media+ Player10

CyberLink MediaShow

CyberLink Power2Go

CyberLink PowerDirector

CyberLink YouCam

D3DX10

DAEMON Tools Toolbar

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

E-POP

Easy File Share

Easy Migration

Easy Settings

Easy Software Manager

Easy Support Center 1.0

Facebook Video Calling 1.2.0.287

FileZilla Client 3.5.3

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych

Fotogalerija Windows Live

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Galería fotográfica de Windows Live

Google Chrome

Intel PROSet Wireless

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Junk Mail filter update

Kontrola Windows Live Mesh ActiveX za daljinske veze

Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave

League of Legends

Malwarebytes Anti-Malware versão 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 12.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Multimedia POP

NVIDIA Display Control Panel

NVIDIA Graphics Driver 268.83

NVIDIA Install Application

NVIDIA Optimus 1.0.23

NVIDIA Update Components

Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení

Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia

Plugin Letras.mus.br 1.10

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Pošta Windows Live

Raccolta foto di Windows Live

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

S?????? f?t???af??? t?? Windows Live

Samsung Recovery Solution 5

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Skype Click to Call

Skype™ 5.10

Software Launcher

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??

TeamViewer 8

Tibia

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition

User Guide

Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi

Vivo 3G

VLC media player 2.0.3

Windows Live

Windows Live ??

Windows Live ?? ???

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Foto-galerija

Windows Live fotoattelu galerija

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Galeria de Fotos

Windows Live Galerija fotografija

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger

Windows Live Mesh ActiveX-objekt til fjernforbindelser

Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz

Windows Live Mesh ActiveX control for remote connections

Windows Live Mesh ActiveX kontrola za daljinske veze

Windows Live Mesh ActiveX vadikla attalajiem savienojumiem

Windows Live Meshin etäyhteyksien ActiveX-komponentti

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Pošta

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428

Run by Filipe at 19:26:35 on 2013-12-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4010.2846 [GMT -3:00]

.

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe

C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe

C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe

C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe

C:\windows\system32\hkcmd.exe

C:\windows\system32\igfxtray.exe

C:\windows\system32\igfxpers.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\windows\system32\taskhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://br.hao123.com/?tn=4shared_hp_hao123_br

uDefault_Page_URL = hxxp://samsung.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: NameServer = 192.168.2.254 192.168.1.1

TCP: Interfaces\{7E73F1BE-8166-49A9-86EE-8CF6904FC96E} : DHCPNameServer = 192.168.2.254 192.168.1.1

TCP: Interfaces\{7E73F1BE-8166-49A9-86EE-8CF6904FC96E}\16E6462756 : DHCPNameServer = 192.168.33.1

TCP: Interfaces\{7E73F1BE-8166-49A9-86EE-8CF6904FC96E}\249616E6F6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{7E73F1BE-8166-49A9-86EE-8CF6904FC96E}\3554C4543445 : DHCPNameServer = 178.18.18.254 168.126.63.2

TCP: Interfaces\{7E73F1BE-8166-49A9-86EE-8CF6904FC96E}\3557362796C686F63743138393 : DHCPNameServer = 192.168.33.1

TCP: Interfaces\{7E73F1BE-8166-49A9-86EE-8CF6904FC96E}\6494C4940554D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{7E73F1BE-8166-49A9-86EE-8CF6904FC96E}\746545D264444323 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{7E73F1BE-8166-49A9-86EE-8CF6904FC96E}\E2E2 : DHCPNameServer = 192.168.33.1

TCP: Interfaces\{A67B5B58-6AC9-413F-9A24-BE55D29B57BE} : DHCPNameServer = 192.168.2.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Filipe\AppData\Roaming\Mozilla\Firefox\Profiles\wxlczhzz.default\

FF - prefs.js: browser.startup.homepage - hxxp://br.hao123.com/?tn=4shared_hp_hao123_br

FF - prefs.js: browser.search.selectedEngine - Improved Search

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Filipe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Filipe\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtB0A0EtAtBzzyC0FzytCyCtN0D0Tzu0StByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1999434209

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtB0A0EtAtBzzyC0FzytCyCtN0D0Tzu0StByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1999434209

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtB0A0EtAtBzzyC0FzytCyCtN0D0Tzu0StByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1999434209&q=

FF - user.js: extensions.funmoods.id - E81132AE3286F916

FF - user.js: extensions.funmoods.instlDay - 15587

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2223:3:38

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - ironpub

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - ironpub

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e454f9160000000000008a1132ae3285&q=

FF - user.js: extensions.BabylonToolbar.id - e454f9160000000000008a1132ae3285

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15659

FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8

FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.812:00:08

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-12-15 65776]

R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-12-15 205320]

R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-1-17 25960]

R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-12-15 1032416]

R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-12-15 409832]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-1-17 13824]

R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-12-15 38984]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-12-15 84328]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-7-15 146592]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-7-15 91296]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-15 50344]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-23 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-23 701512]

R2 SGDrv;SGDrv;C:\windows\System32\drivers\SGDrv64.sys [2012-1-17 7680]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-9-24 5071712]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-17 2656536]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-7-15 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-7-15 259744]

R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2011-7-15 109216]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-7-15 29344]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-7-15 166048]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-7-15 59040]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-7-15 283296]

R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-7-15 289440]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-21 317440]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-8-23 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-1-17 471144]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 KMService;KMService;C:\windows\System32\srvany.exe --> C:\windows\System32\srvany.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-15 111616]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\windows\System32\Wat\WatAdminSvc.exe [2012-6-2 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-12-18 01:11:00 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0146A1EC-6ACF-4A57-8F67-47CCA976365D}\mpengine.dll

2013-12-15 17:44:07 -------- d-----w- C:\Users\Filipe\AppData\Roaming\AVAST Software

2013-12-15 17:42:55 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys

2013-12-15 17:42:55 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys

2013-12-15 17:42:55 1032416 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2013-12-15 17:42:52 84328 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2013-12-15 17:42:49 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2013-12-15 17:42:35 43152 ----a-w- C:\windows\avastSS.scr

2013-12-15 17:42:04 -------- d-----w- C:\Program Files\AVAST Software

2013-12-15 17:41:27 -------- d-----w- C:\ProgramData\AVAST Software

2013-12-15 14:26:27 -------- d-----w- C:\Users\Filipe\AppData\Roaming\LolClient

2013-12-15 13:30:24 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-15 13:30:24 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-15 13:30:23 12625920 ----a-w- C:\windows\System32\wmploc.DLL

2013-12-15 13:30:22 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL

2013-12-13 15:19:37 1493528 ----a-w- C:\windows\SysWow64\D3DCompiler_39.dll

2013-12-13 15:18:54 -------- d-sh--w- C:\windows\SysWow64\AI_RecycleBin

2013-12-13 15:18:49 -------- d-----w- C:\Riot Games

2013-12-13 15:14:49 -------- d-----w- C:\Program Files (x86)\Pando Networks

2013-12-13 15:14:14 -------- d-----w- C:\Users\Filipe\AppData\Roaming\Riot Games

2013-12-11 23:23:15 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll

2013-12-11 23:23:14 465920 ----a-w- C:\windows\System32\WMPhoto.dll

2013-12-11 23:22:40 335360 ----a-w- C:\windows\System32\msieftp.dll

2013-12-11 23:22:40 301568 ----a-w- C:\windows\SysWow64\msieftp.dll

2013-12-11 23:22:38 3155968 ----a-w- C:\windows\System32\win32k.sys

2013-12-11 15:52:41 81408 ----a-w- C:\windows\System32\imagehlp.dll

2013-12-11 15:52:41 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2013-12-11 15:51:41 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2013-12-11 15:51:41 2048 ----a-w- C:\windows\System32\tzres.dll

2013-12-11 15:51:35 230400 ----a-w- C:\windows\System32\drivers\portcls.sys

2013-12-11 15:51:35 116736 ----a-w- C:\windows\System32\drivers\drmk.sys

2013-12-11 15:51:17 202752 ----a-w- C:\windows\System32\scrrun.dll

2013-12-11 15:51:17 168960 ----a-w- C:\windows\System32\wscript.exe

2013-12-11 15:51:17 156160 ----a-w- C:\windows\System32\cscript.exe

2013-12-11 15:51:17 150016 ----a-w- C:\windows\System32\wshom.ocx

2013-12-11 15:51:17 141824 ----a-w- C:\windows\SysWow64\wscript.exe

2013-12-11 15:51:17 121856 ----a-w- C:\windows\SysWow64\wshom.ocx

2013-12-11 15:51:16 163840 ----a-w- C:\windows\SysWow64\scrrun.dll

2013-12-11 15:51:16 126976 ----a-w- C:\windows\SysWow64\cscript.exe

.

==================== Find3M ====================

.

2013-11-19 06:33:38 267936 ------w- C:\windows\System32\MpSigStub.exe

2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL

2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:25:17 197120 ----a-w- C:\windows\System32\credui.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\windows\SysWow64\authui.dll

2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll

2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll

2013-09-28 01:09:10 497152 ----a-w- C:\windows\System32\drivers\afd.sys

2013-09-25 02:26:40 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\windows\System32\lsass.exe

.

============= FINISH: 19:28:03,69 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro andre.timao

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

IMPORTANTE: Não rodei o ComboFix. Desativei o Avast, o Firewall do Windows e o anti-malware e mesmo assim o ComboFix acusava atividade do Avast e do Anti-Spyware do Avast também. Achei prudente te avisar disso antes de executar o procedimento. Pode ser que eu esteja fazendo algo errado :X

Abaixo os demais logs:

# AdwCleaner v3.015 - Relatório criado 20/12/2013 às 18:57:08

# Atualizado 10/12/2013 por Xplode

# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)

# Usuário : Filipe - FILIPE-PC

# Executando de : C:\Users\Filipe\Downloads\AdwCleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Filipe\AppData\Roaming\Mozilla\Firefox\Profiles\wxlczhzz.default\Extensions\DTToolbar@toolbarnet.com

Arquivo Deletada : C:\Users\Filipe\AppData\Roaming\BabMaint.exe

Arquivo Deletada : C:\Users\Teté\AppData\Roaming\Mozilla\Firefox\Profiles\rbugkbv5.default\bprotector_extensions.sqlite

Arquivo Deletada : C:\Users\Teté\AppData\Roaming\Mozilla\Firefox\Profiles\rbugkbv5.default\bprotector_prefs.js

Arquivo Deletada : C:\Users\Filipe\AppData\Roaming\Mozilla\Firefox\Profiles\wxlczhzz.default\searchplugins\daemon-search.xml

Arquivo Deletada : C:\Users\Filipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal

Arquivo Deletada : C:\windows\System32\Tasks\EPUpdater

Arquivo Deletada : C:\windows\System32\Tasks\Funmoods

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]

Chave Deletedo : HKCU\Software\e2dbdde235ed47

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Valor Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [backup.Old.Start Page]

-\\ Mozilla Firefox v12.0 (pt-BR)

[ Arquivo : C:\Users\Filipe\AppData\Roaming\Mozilla\Firefox\Profiles\wxlczhzz.default\prefs.js ]

Linha deletada : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{0F827075-B026-42F3-885D-98981EE7B1AE}:2.6.1125.80,{972ce4c6-7e08-4474-a285-3208198ce6fd}:12.0");

Linha deletada : user_pref("extensions.funmoods.xpestat\\xpereportdata", "14-8-2012");

[ Arquivo : C:\Users\Teté\AppData\Roaming\Mozilla\Firefox\Profiles\rbugkbv5.default\prefs.js ]

Linha deletada : user_pref("browser.search.order.1", "Search the web (Babylon)");

Linha deletada : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

Linha deletada : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110824&tt=4612_7&babsrc=HP_ss&mntrId=e454f9160000000000008a1132ae3285");

-\\ Google Chrome v

[ Arquivo : C:\Users\Filipe\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4204 octets] - [20/12/2013 18:54:18]

AdwCleaner[s0].txt - [3924 octets] - [20/12/2013 18:57:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3984 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Home Premium x64

Ran by Filipe on 20/12/2013 at 18:13:33,76

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2208230807-1906984956-1475362193-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2208230807-1906984956-1475362193-1001\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodslatest_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodslatest_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\claro

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{02091713-D9FB-4391-8EDD-BDDA1CB778B8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{255A9787-D244-9FFE-63F5-05BFB61D2723}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}

~~~ Files

Successfully deleted: [File] "C:\Users\Filipe\appdata\local\funmoods-speeddial.crx"

Successfully deleted: [File] C:\windows\syswow64\sho3439.tmp

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\Users\Filipe\AppData\Roaming\b1toolbar"

Successfully deleted: [Folder] "C:\Users\Filipe\AppData\Roaming\baidu"

Successfully deleted: [Folder] "C:\Users\Filipe\AppData\Roaming\claro"

Successfully deleted: [Folder] "C:\Users\Filipe\appdata\local\b1e"

Successfully deleted: [Folder] "C:\Program Files (x86)\claro"

Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\claro"

Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0053711D-1A8C-43A5-83E0-01657CA99B8E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{00EA9D6B-3CC5-40B3-A1B2-D0D9B82AF9D9}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{013E1B27-CBC0-4943-8E56-1DCE3E729A63}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0276EAB3-FBE8-4900-9B7F-D6D504D304AC}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0279483E-82C5-4CCE-9778-3D776C671601}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{036D58CB-1313-40D6-B5C4-C2E3B5AE0125}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{04541987-FA48-4C30-A483-5FFA040070F1}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{04ADF26A-97E6-443E-9974-D3B48914F376}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{05ABADAF-6E55-42B1-8023-42A2CD71E2DC}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{068270AE-7B22-42D7-A6A5-2F238C24B6A7}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0734B58B-43CA-443A-9637-F3C676B3CCE5}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{07BA75B4-8E08-44CD-BC4C-E6B6126A55FA}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0809A47C-8C19-4AD2-8C0D-534E164EB2D1}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{09EC5441-FC0D-4D41-B413-9A990EBB99FA}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0AADE44C-B5A3-49AC-83F4-8777DBB75420}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0ADF2B08-E539-4E9C-8F30-16C2D616C57E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0B2D77E3-055D-4788-95F0-346A198CAA8F}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0BB4C80E-A49C-4FBB-B3D0-57D3A0F6EABD}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0C93BF8F-F154-481B-B2AC-4C32B43DBDBC}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0D8BD514-0182-40B1-A2CC-00DBBE417470}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0F499BD2-56BF-4CC2-93E0-B2141618DD13}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{0F547BA5-EBFB-46FF-8CE0-BBCFAF511836}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{113A09DB-4836-40FD-98AB-6FB08826E4A4}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{1183F938-AF9F-4B9A-BA5E-7D35B46021BE}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{11867AC6-91D4-413B-804A-6C1F9E1BDE57}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{130E5D96-8792-4188-800D-F441D0936C65}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{15522D82-1572-435F-A3F9-DDD0DBAA6733}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{15E38940-0253-4830-B124-D2AAE330902D}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{19958806-AEB9-4B96-9D39-CB0CAF605021}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{199D0473-F6D8-409B-9EF5-2EC320F6A571}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{1A1F1DE1-3429-4137-932C-41EAB5AB14BB}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{1BA19381-A43C-4F46-B391-D0C2EBBEE8A7}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{1BBEAF7A-91FB-49FD-B94D-15E092F73A39}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{1BF532C0-2281-4368-8127-3E5D23C83423}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{1D3AB500-50AE-43C6-9026-DE1D94651BD3}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{1D5793D1-E372-47CF-9A8B-D83C4538E6F0}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{206D460D-7B85-44D1-8D73-08293FB1AB83}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{20791244-F444-4D89-89BB-B40B6437DBC0}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{22A563BD-5339-4CFC-9791-A1EEDFF03989}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{22C74024-9379-4067-A7DB-0B2EA165BF43}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{247ACD47-A7B8-4ACE-8021-B839F783B221}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{24D9A5CB-1D03-4450-A9BF-CC70688EBCF9}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{25D9B20B-A145-45E8-AFFF-1B7BCE718DAB}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{260F69FA-258C-46E8-88F9-CB4464223049}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{267DBBC4-E14B-40B1-A2AD-BBCAC0383E44}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{2736E9BA-60BA-4241-89BB-80BB4F067F0E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{29771FC1-FDD4-4A12-84E1-3D26D6ACEBB2}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{2AA8A613-572E-4023-9F2F-71B04DE2010A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{2BE02E3D-9CF1-407B-95CA-46129C6004D8}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{2CB69DFC-5D44-4622-8BEB-DB6B07BABC8E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{2CD7B3F7-49FE-43C4-AD19-0A9513E5E060}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{2E0065DB-EEA1-4EC7-A61C-C94417BE7D30}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{2FA6F7E3-522D-4401-A60D-A849C613596E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{32D8EA2C-B3EB-4104-8592-3C4D1145110C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{34BEB1C2-4D31-4BC6-95A4-514311387C3B}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{3567A4A8-9B7D-48A1-8E35-5EA275F009B1}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{360699BC-6E41-4EB6-9456-DD9119FB7B22}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{371E6113-8EBE-407B-91E2-72C7448E0F58}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{37FE7DE7-1CD8-4876-AAC7-E7A1543432B4}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{3817D1F7-A2C2-4314-A36D-D74A0CF1FB53}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{39F5B37A-1500-44EB-842C-A0804716777A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{3ADB603C-3B4B-4D06-9C62-D301FB71E0EB}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{3BD3A8A8-8510-4F84-8750-2A51CB27A041}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{3C6DD25A-3682-46F0-885A-0DED080702E2}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{3DA803F1-7C14-4E87-80F3-5D1C82A4FDD6}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{3DBF412A-DB2A-4025-93AF-BE78FEC7345F}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{3E4898C9-DF5E-4136-BDCC-323137BF59DE}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{3E78DD06-E3A4-4209-891A-2B87AA28D51C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{3EB84554-891C-4578-AD48-4469A6458C35}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{41DD162F-28E4-442B-B124-BA5043E72952}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{42D47C99-7661-46FA-A391-97F3E4F115C0}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{42E24560-76B4-4CC5-B130-02A7704BD783}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4323CEE0-08C3-4E6A-8616-415E754FDEDD}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4373D589-7C6F-47F2-A66B-6DA9BF44E9AE}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{439D63EF-44D0-43D7-8A1A-0E952A7F016E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{43AD6D73-AA91-45F4-8598-6C7750192372}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{43E9204E-5412-4FD6-9E1B-D450EE7F98B0}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4477045D-0E10-4CAB-833E-4B2D51A4514F}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{44A02A66-CCA3-4AC5-809C-C52861A15294}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4615C1CD-A148-46D7-91F5-59A9CC635444}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4651B51D-37D5-4749-BBA2-B1311E46CFFA}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{46539DCD-55C7-4C9C-BE62-FDFC8A224108}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4758D8BA-3D1A-4075-A46B-CADA65149BD6}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{49ABEB69-4DCB-4D4C-95D8-FDC32F94CBA4}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4A99D9F1-959E-40F8-B617-CBFFF965E958}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4AB1BC53-3DAD-44C5-BF9A-75540FCF8774}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4AD277DA-E1C6-4A9B-B32C-EFC8F47C5447}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4C3B18C1-3621-40E0-BCD7-B98EE42A6A96}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4D402879-7EF4-4BEF-8CA2-EF04554DB733}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{4FE8E6D5-1C4D-4BA6-A5ED-E1724BA5A492}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{51503697-4776-4C07-9650-45E5551DE17A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{51584372-F956-4FC7-9AD2-D69E7BA78241}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{51840615-1B78-420C-9ACC-E3F2A1CEB4E6}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{518A77F5-838C-4719-B86D-E4527E725D06}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{528076F7-E94C-4E8F-83C6-13EFB472A02B}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{53E57FCD-0D8B-4BF9-A3D7-2E6B62AB8891}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{5436EC20-5F19-4EDA-B07C-E3C8AD3631C9}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{54712DA9-D5C8-49A4-9D74-70B90D50D711}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{55344B93-323F-4DD7-85AE-FD4A8980FD4F}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{5AD79DC2-2BCD-44EC-991D-70BB8D5D1C9C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{5AF65638-8143-43F6-AD0B-40D2FE6F48B3}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{5C3869EF-E52A-4B58-B056-332C27E0A62D}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{5E02109E-02D4-4F16-B531-1E2AA7E6D978}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{5ED887C1-9E83-4119-BF5F-15C859390E26}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{5F87AE8D-2A9D-4FE5-AC75-1496B4B4E5B3}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{610ABE91-DC7A-4D9D-8B12-073BF8473A35}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{630F6345-7AAD-4700-880E-CBBAD2A60E73}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{63C15241-16F4-4D23-A977-D7566CB771EB}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{681E5381-9011-446B-A4D7-F95EBDCB661D}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{68ABB111-58C1-4E39-A313-1BB58BF89DB2}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{6902AC40-6B0B-4FD1-AA55-6CBD618F8289}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{6BBD1A6F-217A-4D7A-942C-2ACA6B821972}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{6D680C38-7100-40EF-BEA1-A196CF996CFA}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{6E0EA92D-EB27-4E1E-8259-FEDFF5AF0964}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{6E3B2F02-0C34-45C2-810A-3508E7C41675}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{6E90810E-E876-42D6-BD60-E461559D091E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{6F019916-9BBD-4251-AEB2-05A7DC11DB88}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{6F64B286-2F87-4424-BCF7-C4083C4B37E4}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{6FA26C07-5CD6-4B99-8DAF-5DA1D7F5273C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{744B5BB5-7EA6-40A5-992C-C475A5F363CB}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{75270071-55D5-410D-AEB0-86A6E393E259}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{75D681C4-8930-46F0-9D2E-8FF6DC3F4809}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{76E6A0F7-768A-45E8-8186-18CBB42BD0D1}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{771974D6-5D42-480B-98C5-A8E05FE4605C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{7875345D-C62F-4BE1-A3B8-B2CBABB13077}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{79932320-10CD-4AE7-A994-E87212682002}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{7B848AEE-DE06-4908-A40D-223B6FE0FC73}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{7D70A613-1BF7-474A-A2CA-17CB23255AE6}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{7EE4DC84-C95E-4CE3-B17E-0A2E9B5BF919}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{7F89B406-3E88-40A9-BD3F-375A008F6750}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{7FB03AAD-51BD-49CE-9170-4C4BC3E4CB14}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{804F27D1-A09C-4D27-B4D6-3DCD3ACF4709}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8060ACC7-9D72-4CAD-8E96-518F22A7F20A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{80A2A0ED-E06E-4279-B47A-D45A9AA2987E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8167A3C2-B2A7-48D8-AF2A-4B273282DF43}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{82114A28-1CF7-40C8-AECA-082429BF6133}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{83DBD915-790C-489D-A0AD-B913B0175EA8}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8540F7E9-8E19-4FBC-8355-35927B86B8A1}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{87941F8C-2DBE-470E-92A5-5996B9A338E1}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{88E602EC-314D-41E5-86D9-462A94697F8C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8AB62CE4-1D90-495B-898C-9C70EC08BCE8}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8B336644-A618-4E25-8A17-71B0319445D2}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8B431BA9-4A11-4B7A-9A32-456A8ECA2647}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8BE50C05-D051-45B8-87B8-AF706A29E2B8}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8C0B15B0-341D-453D-8402-8155FDC632A3}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8C4BD107-18E5-4DFE-9A86-C81B0BC923AF}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8C850BE6-8972-4525-91ED-7FF91714E72F}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8C9A7706-1F47-461B-AFEB-D4F5F6A5849F}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8CDCD682-9827-479C-A34C-73D6557E5EA7}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8D4D9EDB-01BF-4BEB-A12D-90A65DAD13EE}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8F1AF34A-FB8F-4C81-977B-3FC6BC48E2F1}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{8FD39556-5390-4212-AAFC-95F520D36D6C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{9023A806-69A1-4270-B258-BE2D2EBFB89B}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{9094297E-75D1-4F21-9E0B-CFE2BF11CA92}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{909DAD17-8896-428E-951E-FDBEB52A3714}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{91256BED-7A78-402D-90EF-79264814A7DC}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{9174946C-BCDD-4906-873C-BA9B64BF40BE}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{91C88AF2-1AAB-4F3E-BE7D-03CC8713877D}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{923B8B05-E231-4332-A49A-3B085D50EE61}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{943585DB-0906-4F4F-8932-E73E090317A1}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{9494BA66-9B70-4F57-B75D-280A219E2638}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{9505B33C-F3FD-47B2-8839-93B3C188267B}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{970EDD05-7D92-4C43-B093-2AB740C05A95}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{972B98F7-37AA-4402-9A70-95C1AB3BE477}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{978FD4FC-F3C2-4D54-B9E9-B70079A47F4A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{9C861E4C-8752-47B0-8CD1-7CFCB61478A6}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{9CC386B0-60EE-448E-ACAF-C39BF5759AFA}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{9DF0B568-EEC6-4DF8-BED4-8F6D3D7DEA18}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{9E6EC4D0-C59F-4FB0-A73F-E354AD87709C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{9F0B0712-B86C-4BD8-9B62-0C83254C733A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{9F525C61-0233-4B8D-A538-E86028BE38B4}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{A01B43B5-A2CC-4F38-8582-F2458346EE71}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{A077431B-1198-41C7-AE78-A1F99B3F1719}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{A0BD1C3D-735F-443B-ADC6-AB19834F1325}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{A2755449-8B22-48EA-877B-AFE44C61659A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{A530C6C8-6A64-4E74-A012-9AB19080002E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{A5D36ADE-C5A8-4A9E-B871-FEECD6735E08}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{A73A7F17-53CF-4F75-A486-13D6ED0A1C78}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{A7B3118F-4453-45AF-88B8-BA03976B533B}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{A7FA2DDF-5A90-48A6-B88C-C198D4F85F72}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{A93F2720-4E91-4667-BBE1-20CD945ABE5F}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{AA75721E-37E8-4598-8E71-57A935E3AF3C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{AB31B29A-2397-43F1-88C2-FD7AA96B2A27}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{ABA81FFE-E33A-4325-8E82-1DCF842D65F7}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{ABADDBA0-B19B-4EE9-B00A-068A37736AC7}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{ABD0F5C7-BAE5-4FBA-B5DE-C9C473412CEC}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{AD081E7C-69F4-4A6F-9FB0-6A96A93064D7}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{ADC0B029-DAA5-4EC8-A848-929B68BC7C77}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{AE7D419D-CDE6-4B1C-881E-3DDC3C1F4F79}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{AFB79A17-FCD1-49BA-A0AC-14D458BB47FB}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{B132F6DE-0E91-4727-869D-07A009DC864D}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{B17D6B8E-310A-4F62-B2E3-637683573EE1}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{B184B2B3-4F5B-45F7-9CC9-1DDD3823FE7E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{B1FA8CAF-4271-4AA5-BC8C-0010440DAC13}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{B54EC3B7-BEB8-4087-B6AA-6EF8E1625A72}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{B5E42E2C-EDF5-49BD-815D-7CFF14E055BE}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{B6CE10CB-16FC-4ED7-8653-4D5485A577BF}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{B8A724BC-A18E-4ED6-BD25-8AF4650D5CB8}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{B8BCAAC3-1843-4455-99E5-2FA6B860549A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{B9BAE43D-8FC6-47B8-B439-8D89D5CA46BD}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{B9DBA299-AF1B-4F97-877B-F5CA4C65A581}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{BA0C368A-2FB2-4186-B99F-EB37F0F7E1E8}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{BAA833AE-D780-404B-B2B1-039A551412D0}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{BC6E48DE-87C4-4B44-B202-3AD0AFF38FCF}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{BC9861A4-58C7-4EF5-A98D-5DA3950A065E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{BCE5FAF8-0D19-4AC6-B1AA-CA17754BB9E2}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C00D4260-C3DC-4904-BEC7-839C166DE252}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C14EF4D0-58E3-4694-9984-493286446229}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C172F9BC-6CCF-465A-A428-9B356817B462}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C19FDB06-8799-4B77-853B-EFC42A7B7BBE}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C1B679D8-44A9-4F48-A0DA-AD35D3E9B737}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C2463195-4604-4E88-BF05-FB2A4A612C12}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C30DCBB9-7310-4432-A0FE-C1DA22098855}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C3C4D022-B1EF-419F-8485-B79A366C406A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C3F7FB45-6E69-437D-975A-CDC936837A0D}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C422D2B5-9F3D-46A6-B581-B14187310DB0}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C5056323-4770-4722-AF45-6A8B72855D8C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C60B19A7-F978-4222-B58D-2C492BB9A4F1}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C6E05F29-19A8-431C-8A56-EBE2498B75AC}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C7B6D6A7-141F-45D3-8013-F393BC365287}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C7F29355-489E-41D6-AF8C-F11E638A3CD4}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C8508B63-F939-406F-89FB-C2D802C18936}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C85F847A-BDAB-4211-8181-2B5270DFF186}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{C8A1939C-9B7E-483E-BA18-A5DE984D1672}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{CA69C211-B0C3-4333-8A7D-F52E7716CA9C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{CB0FC6C7-D3BB-4FEB-BE62-B41CF62B2916}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{CD7D7FBE-142A-48B8-9444-DBE1D29CDB3D}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{CDCE8607-381C-4E34-8221-34EE8334C85C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{CE20223A-6294-4FFD-B8A9-670023E56FD9}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{CEB42EE9-FA78-4EA1-8365-73AA1D07584B}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{CFCA8D8E-43AD-411E-A751-603459D96FAE}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{D063BC0A-BB73-45C1-A88B-A8561BF10EC7}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{D064B791-59BB-42C7-8186-5EB16EB3C144}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{D3A58882-8786-4B9B-BE3B-C76DF3E5F18A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{D600A78B-71C0-4682-ABD8-0C93A6F031CF}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{D739B308-1F4D-4D20-B2CE-978C94B63FC9}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{D984FA38-CAA7-4B1C-8803-DF5E7E8C36B2}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{D9864CB8-7F97-42EC-A871-AAE8F500C109}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{DDC840AC-0A13-4E88-BE7A-2AD2082A9A4B}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{DDF96B97-DCE7-46C9-A197-310F32970BA6}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{DF7669CA-8609-4343-AA31-B9D789FEB994}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{E036726E-41CB-4766-AE11-41D26B818F75}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{E0970301-5105-49E7-A724-427D6B25014C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{E1AE9E5B-2B72-4DAD-8F8B-12067C6C5F9B}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{E1CEE75B-D30C-4F34-AAB9-09B8F119E7A7}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{E3018D30-0C03-4F9A-9080-020CF7EF06DF}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{E3A43712-B199-4693-9753-B109933BF97B}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{E481105D-33E6-49A8-A6AA-0525ACF16486}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{E8215DF7-19E5-48B1-A5D7-F1A3F270E721}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{E90BB0C0-F747-49EE-B833-0C61CF3F594A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{E9D8D7AF-BE17-42FC-9D67-E8C02728D097}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{EA3C7436-C55B-4D66-94CE-DD9B98DDD2CD}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{EAFAA5F5-52CF-474B-A8E2-274BA8BD32AC}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{EB7E86DC-D8AF-497D-84A5-357E81AFA2D5}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{EBDF2423-39A8-4FD0-83A3-E655003EA143}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{EC6922EA-F0EF-47C8-BB3C-248011739F92}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{ECC7B785-77F2-414D-94C3-7AC5B5EABA6D}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{ED0056D4-CC00-4AA8-B3F8-90BB92BBEDBA}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{ED56E204-8320-4AF3-9A5A-D837518F3A58}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{EE727465-5D50-4421-9B4C-86861CAFD9B3}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{EEAB67B5-479C-40AA-A529-76FD38B00728}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{EFCA27F6-4125-4546-A659-48284835193C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F060F88B-A1A9-4334-9ECC-AAE39B289ED0}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F11B474F-C206-4A43-94C8-8BFBFDB089A2}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F121E3E6-267A-41D7-80CA-58FB856224EA}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F1BD6798-E4FD-4A88-9F06-E20896D25622}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F2D787B7-892E-47E3-BB8F-133D8062308A}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F34DC6B5-8BE5-49DF-8BAD-0AA0B281DCCB}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F5B74C48-058B-45AC-8AD5-2AC502D87FF4}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F5C37F85-3ED8-4E88-B43A-09B4E1F78DB3}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F6E58BD1-2180-41F2-B58B-DF5BE6E7AAD8}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F6F8F8A3-548F-4F90-A21B-549F4461B28E}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F7E2EF26-1A67-4490-8523-A674933EE948}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F92F665C-5A06-440D-8880-8F88555D0ACA}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{F9930D9A-5C2E-4274-9B25-C537EC5805FB}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{FAC65ED2-F30E-47EB-901E-F0FB3D5B60F9}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{FB0AFE15-5DD8-4AF5-951F-FC1EA1499D9C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{FCE550D2-2624-4B63-ADFA-6CEAB35ED6F6}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{FDEC983F-689E-499C-A224-022E2EDB3DF5}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{FE9E7461-6B15-426C-AEE4-3F228E3CF54C}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{FECD46EB-A29C-4A7F-8DC0-47B4378BC75F}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{FF41FA9B-6ED7-4F36-B501-15B22EFB933D}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{FF98C95D-A28E-4858-AE62-2B6933E2A983}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{FFDB182E-A179-4B78-AA15-6AEF84B63877}

Successfully deleted: [Empty Folder] C:\Users\Filipe\appdata\local\{FFF6A8DF-01F1-4BA7-BE35-0EA415DDFC01}

Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] C:\Users\Filipe\AppData\Roaming\mozilla\firefox\profiles\wxlczhzz.default\user.js

Successfully deleted: [File] C:\Users\Filipe\AppData\Roaming\mozilla\firefox\profiles\wxlczhzz.default\searchplugins\askcom.xml

Successfully deleted: [File] C:\Users\Filipe\AppData\Roaming\mozilla\firefox\profiles\wxlczhzz.default\searchplugins\babylon.xml

Successfully deleted: [File] C:\Users\Filipe\AppData\Roaming\mozilla\firefox\profiles\wxlczhzz.default\searchplugins\browsemngr.xml

Successfully deleted: [File] C:\Users\Filipe\AppData\Roaming\mozilla\firefox\profiles\wxlczhzz.default\searchplugins\search.xml

Successfully deleted: [Folder] C:\Users\Filipe\AppData\Roaming\mozilla\firefox\profiles\wxlczhzz.default\extensions\ffxtlbr@funmoods.com

Successfully deleted the following from C:\Users\Filipe\AppData\Roaming\mozilla\firefox\profiles\wxlczhzz.default\prefs.js

user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110824&tt=4612_7&babsrc=HP_ss&mntrId=e454f9160000000000008a1132ae3285");

user_pref("avg.install.userSPSettings", "Search the web (Babylon)");

user_pref("browser.startup.homepage", "hxxp://br.hao123.com/?tn=4shared_hp_hao123_br");

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.id", "e454f9160000000000008a1132ae3285");

user_pref("extensions.BabylonToolbar.instlDay", "15659");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e454f9160000000000008a1132ae3285&q=");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=4612_7&babsrc=NT_ss&mntrId=e454f9160000000000008a1132ae3285");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.812:00:08");

user_pref("extensions.funmoods.aflt", "ironpub");

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.brwsrsrc", "ietlbr");

user_pref("extensions.funmoods.cntry", "BR");

user_pref("extensions.funmoods.cv", "cv5");

user_pref("extensions.funmoods.dfltlng", "en");

user_pref("extensions.funmoods.dfltsrch", "false");

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.fmupdtFirst", false);

user_pref("extensions.funmoods.hdrMd5", "633BA22E54665035254726C60AEF94C3");

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtB0A0EtAtBzzyC0FzytCyCtN0D0Tzu0StByEyBtN1L2XzutBtF

user_pref("extensions.funmoods.hrdid", "E81132AE3286F916");

user_pref("extensions.funmoods.id", "E81132AE3286F916");

user_pref("extensions.funmoods.instlday", "15587");

user_pref("extensions.funmoods.instlref", "ironpub");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.keywordurl", "");

user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2223:3:38");

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

user_pref("extensions.funmoods.newtab", true);

user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtB0A0EtAtBzzyC0FzytCyCtN0D0Tzu0StByEyBtN1L2XzutB

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.prtnrid", "funmoods");

user_pref("extensions.funmoods.savedVrsnTs", "1");

user_pref("extensions.funmoods.sg", "{smplGrp}");

user_pref("extensions.funmoods.smplgrp", "none");

user_pref("extensions.funmoods.srch", "");

user_pref("extensions.funmoods.srchprvdr", "Search");

user_pref("extensions.funmoods.tlbrid", "base");

user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtB0A0EtAtBzzyC0FzytCyCtN0D0Tzu0StByEyBtN1L2Xzu

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods.vrsnts", "1.5.23.2223:3:38");

user_pref("extensions.funmoods.xpestat\\xpereportdata", "14-8-2012");

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:3:38");

Emptied folder: C:\Users\Filipe\AppData\Roaming\mozilla\firefox\profiles\wxlczhzz.default\minidumps [5 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Filipe\appdata\local\Google\Chrome\User Data\Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 20/12/2013 at 18:31:54,34

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-12-20.01 - Filipe 21/12/2013 11:58:31.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4010.3057 [GMT -3:00]

Executando de: c:\users\Filipe\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-21 to 2013-12-21 ))))))))))))))))))))))))))))

.

.

2013-12-21 14:56 . 2013-12-21 14:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9ABC069-A8E5-4F5C-BE20-864F6A610984}\offreg.dll

2013-12-20 21:54 . 2013-12-20 21:57 -------- d-----w- C:\AdwCleaner

2013-12-20 21:13 . 2013-12-20 21:13 -------- d-----w- c:\windows\ERUNT

2013-12-20 20:06 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9ABC069-A8E5-4F5C-BE20-864F6A610984}\mpengine.dll

2013-12-15 17:44 . 2013-12-15 17:44 -------- d-----w- c:\users\Filipe\AppData\Roaming\AVAST Software

2013-12-15 17:42 . 2013-12-15 17:42 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-12-15 17:42 . 2013-12-15 17:42 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-12-15 17:42 . 2013-12-15 17:42 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-15 17:42 . 2013-12-15 17:42 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-12-15 17:42 . 2013-12-15 17:42 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-12-15 17:42 . 2013-12-15 17:42 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-12-15 17:42 . 2013-12-15 17:42 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-12-15 17:42 . 2013-12-15 17:42 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-12-15 17:42 . 2013-12-15 17:42 334648 ----a-w- c:\windows\system32\aswBoot.exe

2013-12-15 17:42 . 2013-12-15 17:42 43152 ----a-w- c:\windows\avastSS.scr

2013-12-15 17:42 . 2013-12-15 17:42 -------- d-----w- c:\program files\AVAST Software

2013-12-15 17:41 . 2013-12-15 17:41 -------- d-----w- c:\programdata\AVAST Software

2013-12-15 14:26 . 2013-12-15 14:26 -------- d-----w- c:\users\Filipe\AppData\Roaming\LolClient

2013-12-15 13:30 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-15 13:30 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-15 13:30 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-15 13:30 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-15 13:30 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-15 13:29 . 2013-10-14 21:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-12-13 15:19 . 2008-07-12 10:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-12-13 15:18 . 2013-12-13 15:18 -------- d-----w- C:\Riot Games

2013-12-13 15:14 . 2013-12-13 15:14 -------- d-----w- c:\program files (x86)\Pando Networks

2013-12-13 15:14 . 2013-12-13 15:14 -------- d-----w- c:\users\Filipe\AppData\Roaming\Riot Games

2013-12-11 23:23 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-12-11 23:23 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-11 23:22 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-11 23:22 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-12-11 23:22 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-12-11 15:52 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-12-11 15:52 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-12-11 15:51 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-12-11 15:51 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-12-11 15:51 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-11 15:51 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-11 15:51 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx

2013-12-11 15:51 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll

2013-12-11 15:51 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx

2013-12-11 15:51 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe

2013-12-11 15:51 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe

2013-12-11 15:51 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe

2013-12-11 15:51 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll

2013-12-11 15:51 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 06:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-12 02:30 . 2013-11-16 01:29 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-16 01:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-16 01:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-16 01:29 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-16 01:29 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2013-10-05 20:25 . 2013-11-16 18:38 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 19:57 . 2013-11-16 18:38 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-10-04 02:28 . 2013-11-16 18:38 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-10-04 02:25 . 2013-11-16 18:38 197120 ----a-w- c:\windows\system32\credui.dll

2013-10-04 02:24 . 2013-11-16 18:38 1930752 ----a-w- c:\windows\system32\authui.dll

2013-10-04 01:58 . 2013-11-16 18:38 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56 . 2013-11-16 18:38 168960 ----a-w- c:\windows\SysWow64\credui.dll

2013-10-04 01:56 . 2013-11-16 18:38 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-10-03 02:23 . 2013-11-16 01:29 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-10-03 02:00 . 2013-11-16 01:29 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-09-28 01:09 . 2013-11-16 18:38 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-25 02:26 . 2013-11-16 18:38 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-09-25 02:26 . 2013-11-16 18:38 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-09-25 02:23 . 2013-11-16 18:38 28672 ----a-w- c:\windows\system32\sspisrv.dll

2013-09-25 02:23 . 2013-11-16 18:38 135680 ----a-w- c:\windows\system32\sspicli.dll

2013-09-25 02:23 . 2013-11-16 18:38 28160 ----a-w- c:\windows\system32\secur32.dll

2013-09-25 02:22 . 2013-11-16 18:38 340992 ----a-w- c:\windows\system32\schannel.dll

2013-09-25 02:21 . 2013-11-16 18:38 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-09-25 02:21 . 2013-11-16 18:38 1447936 ----a-w- c:\windows\system32\lsasrv.dll

2013-09-25 01:58 . 2013-11-16 18:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-09-25 01:57 . 2013-11-16 18:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-09-25 01:57 . 2013-11-16 18:38 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-09-25 01:56 . 2013-11-16 18:38 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-09-25 01:03 . 2013-11-16 18:38 30720 ----a-w- c:\windows\system32\lsass.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-10 896912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-15 3568312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001Core.job

- c:\users\Filipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 01:23]

.

2013-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001UA.job

- c:\users\Filipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 01:23]

.

2013-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001Core.job

- c:\users\Filipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 02:25]

.

2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001UA.job

- c:\users\Filipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 02:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-12-15 17:42 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254 192.168.1.1

FF - ProfilePath - c:\users\Filipe\AppData\Roaming\Mozilla\Firefox\Profiles\wxlczhzz.default\

FF - prefs.js: browser.search.selectedEngine - Improved Search

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-21 12:11:33

ComboFix-quarantined-files.txt 2013-12-21 15:11

.

Pré-execução: 77.141.303.296 bytes disponíveis

Pós execução: 76.530.278.400 bytes disponíveis

.

- - End Of File - - A7409A6CC7B16C883E7DD74C7BA0E53B

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-12-20.01 - Filipe 21/12/2013 11:58:31.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4010.3057 [GMT -3:00]

Executando de: c:\users\Filipe\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-21 to 2013-12-21 ))))))))))))))))))))))))))))

.

.

2013-12-21 14:56 . 2013-12-21 14:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9ABC069-A8E5-4F5C-BE20-864F6A610984}\offreg.dll

2013-12-20 21:54 . 2013-12-20 21:57 -------- d-----w- C:\AdwCleaner

2013-12-20 21:13 . 2013-12-20 21:13 -------- d-----w- c:\windows\ERUNT

2013-12-20 20:06 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9ABC069-A8E5-4F5C-BE20-864F6A610984}\mpengine.dll

2013-12-15 17:44 . 2013-12-15 17:44 -------- d-----w- c:\users\Filipe\AppData\Roaming\AVAST Software

2013-12-15 17:42 . 2013-12-15 17:42 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-12-15 17:42 . 2013-12-15 17:42 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-12-15 17:42 . 2013-12-15 17:42 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-15 17:42 . 2013-12-15 17:42 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-12-15 17:42 . 2013-12-15 17:42 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-12-15 17:42 . 2013-12-15 17:42 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-12-15 17:42 . 2013-12-15 17:42 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-12-15 17:42 . 2013-12-15 17:42 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-12-15 17:42 . 2013-12-15 17:42 334648 ----a-w- c:\windows\system32\aswBoot.exe

2013-12-15 17:42 . 2013-12-15 17:42 43152 ----a-w- c:\windows\avastSS.scr

2013-12-15 17:42 . 2013-12-15 17:42 -------- d-----w- c:\program files\AVAST Software

2013-12-15 17:41 . 2013-12-15 17:41 -------- d-----w- c:\programdata\AVAST Software

2013-12-15 14:26 . 2013-12-15 14:26 -------- d-----w- c:\users\Filipe\AppData\Roaming\LolClient

2013-12-15 13:30 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-15 13:30 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-15 13:30 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-15 13:30 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-15 13:30 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-15 13:29 . 2013-10-14 21:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-12-13 15:19 . 2008-07-12 10:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-12-13 15:18 . 2013-12-13 15:18 -------- d-----w- C:\Riot Games

2013-12-13 15:14 . 2013-12-13 15:14 -------- d-----w- c:\program files (x86)\Pando Networks

2013-12-13 15:14 . 2013-12-13 15:14 -------- d-----w- c:\users\Filipe\AppData\Roaming\Riot Games

2013-12-11 23:23 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-12-11 23:23 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-11 23:22 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-11 23:22 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-12-11 23:22 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-12-11 15:52 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-12-11 15:52 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-12-11 15:51 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-12-11 15:51 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-12-11 15:51 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-11 15:51 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-11 15:51 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx

2013-12-11 15:51 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll

2013-12-11 15:51 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx

2013-12-11 15:51 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe

2013-12-11 15:51 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe

2013-12-11 15:51 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe

2013-12-11 15:51 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll

2013-12-11 15:51 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 06:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-12 02:30 . 2013-11-16 01:29 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-16 01:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-16 01:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-16 01:29 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-16 01:29 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2013-10-05 20:25 . 2013-11-16 18:38 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 19:57 . 2013-11-16 18:38 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-10-04 02:28 . 2013-11-16 18:38 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-10-04 02:25 . 2013-11-16 18:38 197120 ----a-w- c:\windows\system32\credui.dll

2013-10-04 02:24 . 2013-11-16 18:38 1930752 ----a-w- c:\windows\system32\authui.dll

2013-10-04 01:58 . 2013-11-16 18:38 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56 . 2013-11-16 18:38 168960 ----a-w- c:\windows\SysWow64\credui.dll

2013-10-04 01:56 . 2013-11-16 18:38 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-10-03 02:23 . 2013-11-16 01:29 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-10-03 02:00 . 2013-11-16 01:29 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-09-28 01:09 . 2013-11-16 18:38 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-25 02:26 . 2013-11-16 18:38 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-09-25 02:26 . 2013-11-16 18:38 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-09-25 02:23 . 2013-11-16 18:38 28672 ----a-w- c:\windows\system32\sspisrv.dll

2013-09-25 02:23 . 2013-11-16 18:38 135680 ----a-w- c:\windows\system32\sspicli.dll

2013-09-25 02:23 . 2013-11-16 18:38 28160 ----a-w- c:\windows\system32\secur32.dll

2013-09-25 02:22 . 2013-11-16 18:38 340992 ----a-w- c:\windows\system32\schannel.dll

2013-09-25 02:21 . 2013-11-16 18:38 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-09-25 02:21 . 2013-11-16 18:38 1447936 ----a-w- c:\windows\system32\lsasrv.dll

2013-09-25 01:58 . 2013-11-16 18:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-09-25 01:57 . 2013-11-16 18:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-09-25 01:57 . 2013-11-16 18:38 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-09-25 01:56 . 2013-11-16 18:38 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-09-25 01:03 . 2013-11-16 18:38 30720 ----a-w- c:\windows\system32\lsass.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-10 896912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-15 3568312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001Core.job

- c:\users\Filipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 01:23]

.

2013-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001UA.job

- c:\users\Filipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 01:23]

.

2013-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001Core.job

- c:\users\Filipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 02:25]

.

2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001UA.job

- c:\users\Filipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 02:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-12-15 17:42 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254 192.168.1.1

FF - ProfilePath - c:\users\Filipe\AppData\Roaming\Mozilla\Firefox\Profiles\wxlczhzz.default\

FF - prefs.js: browser.search.selectedEngine - Improved Search

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-21 12:11:33

ComboFix-quarantined-files.txt 2013-12-21 15:11

.

Pré-execução: 77.141.303.296 bytes disponíveis

Pós execução: 76.530.278.400 bytes disponíveis

.

- - End Of File - - A7409A6CC7B16C883E7DD74C7BA0E53B

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-12-20.01 - Filipe 21/12/2013 11:58:31.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4010.3057 [GMT -3:00]

Executando de: c:\users\Filipe\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-21 to 2013-12-21 ))))))))))))))))))))))))))))

.

.

2013-12-21 14:56 . 2013-12-21 14:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9ABC069-A8E5-4F5C-BE20-864F6A610984}\offreg.dll

2013-12-20 21:54 . 2013-12-20 21:57 -------- d-----w- C:\AdwCleaner

2013-12-20 21:13 . 2013-12-20 21:13 -------- d-----w- c:\windows\ERUNT

2013-12-20 20:06 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9ABC069-A8E5-4F5C-BE20-864F6A610984}\mpengine.dll

2013-12-15 17:44 . 2013-12-15 17:44 -------- d-----w- c:\users\Filipe\AppData\Roaming\AVAST Software

2013-12-15 17:42 . 2013-12-15 17:42 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-12-15 17:42 . 2013-12-15 17:42 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-12-15 17:42 . 2013-12-15 17:42 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-15 17:42 . 2013-12-15 17:42 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-12-15 17:42 . 2013-12-15 17:42 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-12-15 17:42 . 2013-12-15 17:42 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-12-15 17:42 . 2013-12-15 17:42 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-12-15 17:42 . 2013-12-15 17:42 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-12-15 17:42 . 2013-12-15 17:42 334648 ----a-w- c:\windows\system32\aswBoot.exe

2013-12-15 17:42 . 2013-12-15 17:42 43152 ----a-w- c:\windows\avastSS.scr

2013-12-15 17:42 . 2013-12-15 17:42 -------- d-----w- c:\program files\AVAST Software

2013-12-15 17:41 . 2013-12-15 17:41 -------- d-----w- c:\programdata\AVAST Software

2013-12-15 14:26 . 2013-12-15 14:26 -------- d-----w- c:\users\Filipe\AppData\Roaming\LolClient

2013-12-15 13:30 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-15 13:30 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-15 13:30 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-15 13:30 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-15 13:30 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-15 13:29 . 2013-10-14 21:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-12-13 15:19 . 2008-07-12 10:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-12-13 15:18 . 2013-12-13 15:18 -------- d-----w- C:\Riot Games

2013-12-13 15:14 . 2013-12-13 15:14 -------- d-----w- c:\program files (x86)\Pando Networks

2013-12-13 15:14 . 2013-12-13 15:14 -------- d-----w- c:\users\Filipe\AppData\Roaming\Riot Games

2013-12-11 23:23 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-12-11 23:23 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-11 23:22 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-11 23:22 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-12-11 23:22 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-12-11 15:52 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-12-11 15:52 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-12-11 15:51 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-12-11 15:51 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-12-11 15:51 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-11 15:51 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-11 15:51 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx

2013-12-11 15:51 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll

2013-12-11 15:51 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx

2013-12-11 15:51 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe

2013-12-11 15:51 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe

2013-12-11 15:51 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe

2013-12-11 15:51 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll

2013-12-11 15:51 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 06:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-12 02:30 . 2013-11-16 01:29 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-16 01:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-16 01:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-16 01:29 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-16 01:29 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2013-10-05 20:25 . 2013-11-16 18:38 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 19:57 . 2013-11-16 18:38 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-10-04 02:28 . 2013-11-16 18:38 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-10-04 02:25 . 2013-11-16 18:38 197120 ----a-w- c:\windows\system32\credui.dll

2013-10-04 02:24 . 2013-11-16 18:38 1930752 ----a-w- c:\windows\system32\authui.dll

2013-10-04 01:58 . 2013-11-16 18:38 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56 . 2013-11-16 18:38 168960 ----a-w- c:\windows\SysWow64\credui.dll

2013-10-04 01:56 . 2013-11-16 18:38 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-10-03 02:23 . 2013-11-16 01:29 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-10-03 02:00 . 2013-11-16 01:29 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-09-28 01:09 . 2013-11-16 18:38 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-25 02:26 . 2013-11-16 18:38 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-09-25 02:26 . 2013-11-16 18:38 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-09-25 02:23 . 2013-11-16 18:38 28672 ----a-w- c:\windows\system32\sspisrv.dll

2013-09-25 02:23 . 2013-11-16 18:38 135680 ----a-w- c:\windows\system32\sspicli.dll

2013-09-25 02:23 . 2013-11-16 18:38 28160 ----a-w- c:\windows\system32\secur32.dll

2013-09-25 02:22 . 2013-11-16 18:38 340992 ----a-w- c:\windows\system32\schannel.dll

2013-09-25 02:21 . 2013-11-16 18:38 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-09-25 02:21 . 2013-11-16 18:38 1447936 ----a-w- c:\windows\system32\lsasrv.dll

2013-09-25 01:58 . 2013-11-16 18:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-09-25 01:57 . 2013-11-16 18:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-09-25 01:57 . 2013-11-16 18:38 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-09-25 01:56 . 2013-11-16 18:38 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-09-25 01:03 . 2013-11-16 18:38 30720 ----a-w- c:\windows\system32\lsass.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-10 896912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-15 3568312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001Core.job

- c:\users\Filipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 01:23]

.

2013-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001UA.job

- c:\users\Filipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 01:23]

.

2013-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001Core.job

- c:\users\Filipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 02:25]

.

2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001UA.job

- c:\users\Filipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 02:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-12-15 17:42 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254 192.168.1.1

FF - ProfilePath - c:\users\Filipe\AppData\Roaming\Mozilla\Firefox\Profiles\wxlczhzz.default\

FF - prefs.js: browser.search.selectedEngine - Improved Search

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-21 12:11:33

ComboFix-quarantined-files.txt 2013-12-21 15:11

.

Pré-execução: 77.141.303.296 bytes disponíveis

Pós execução: 76.530.278.400 bytes disponíveis

.

- - End Of File - - A7409A6CC7B16C883E7DD74C7BA0E53B

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro andre.timao

# Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

Reglock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

# Etapa nº 2 #

Atualize o Malwarebytes, faça um scan e poste o log.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro andre.timao

# Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

Reglock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

# Etapa nº 2 #

Atualize o Malwarebytes, faça um scan e poste o log.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-12-20.01 - Filipe 21/12/2013 22:09:38.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4010.2970 [GMT -3:00]

Executando de: c:\users\Filipe\Desktop\ComboFix\ComboFix.exe

Comandos utilizados :: c:\users\Filipe\Desktop\ComboFix\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-22 to 2013-12-22 ))))))))))))))))))))))))))))

.

.

2013-12-22 01:19 . 2013-12-22 01:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-12-22 01:19 . 2013-12-22 01:19 -------- d-----w- c:\users\Teté\AppData\Local\temp

2013-12-22 01:19 . 2013-12-22 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-21 14:56 . 2013-12-21 14:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9ABC069-A8E5-4F5C-BE20-864F6A610984}\offreg.dll

2013-12-20 21:54 . 2013-12-20 21:57 -------- d-----w- C:\AdwCleaner

2013-12-20 21:13 . 2013-12-20 21:13 -------- d-----w- c:\windows\ERUNT

2013-12-20 20:06 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9ABC069-A8E5-4F5C-BE20-864F6A610984}\mpengine.dll

2013-12-15 17:44 . 2013-12-15 17:44 -------- d-----w- c:\users\Filipe\AppData\Roaming\AVAST Software

2013-12-15 17:42 . 2013-12-15 17:42 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-12-15 17:42 . 2013-12-15 17:42 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-12-15 17:42 . 2013-12-15 17:42 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-15 17:42 . 2013-12-15 17:42 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-12-15 17:42 . 2013-12-15 17:42 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-12-15 17:42 . 2013-12-15 17:42 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-12-15 17:42 . 2013-12-15 17:42 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-12-15 17:42 . 2013-12-15 17:42 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-12-15 17:42 . 2013-12-15 17:42 334648 ----a-w- c:\windows\system32\aswBoot.exe

2013-12-15 17:42 . 2013-12-15 17:42 43152 ----a-w- c:\windows\avastSS.scr

2013-12-15 17:42 . 2013-12-15 17:42 -------- d-----w- c:\program files\AVAST Software

2013-12-15 17:41 . 2013-12-15 17:41 -------- d-----w- c:\programdata\AVAST Software

2013-12-15 14:26 . 2013-12-15 14:26 -------- d-----w- c:\users\Filipe\AppData\Roaming\LolClient

2013-12-15 13:30 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-15 13:30 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-15 13:30 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-15 13:30 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-15 13:30 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-15 13:29 . 2013-10-14 21:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-12-13 15:19 . 2008-07-12 10:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-12-13 15:18 . 2013-12-13 15:18 -------- d-----w- C:\Riot Games

2013-12-13 15:14 . 2013-12-13 15:14 -------- d-----w- c:\program files (x86)\Pando Networks

2013-12-13 15:14 . 2013-12-13 15:14 -------- d-----w- c:\users\Filipe\AppData\Roaming\Riot Games

2013-12-11 23:23 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-12-11 23:23 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-11 23:22 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-11 23:22 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-12-11 23:22 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-12-11 15:52 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-12-11 15:52 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-12-11 15:51 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-12-11 15:51 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-12-11 15:51 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-11 15:51 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-11 15:51 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx

2013-12-11 15:51 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll

2013-12-11 15:51 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx

2013-12-11 15:51 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe

2013-12-11 15:51 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe

2013-12-11 15:51 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe

2013-12-11 15:51 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll

2013-12-11 15:51 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 06:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-12 02:30 . 2013-11-16 01:29 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-16 01:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-16 01:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-16 01:29 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-16 01:29 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2013-10-05 20:25 . 2013-11-16 18:38 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 19:57 . 2013-11-16 18:38 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-10-04 02:28 . 2013-11-16 18:38 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-10-04 02:25 . 2013-11-16 18:38 197120 ----a-w- c:\windows\system32\credui.dll

2013-10-04 02:24 . 2013-11-16 18:38 1930752 ----a-w- c:\windows\system32\authui.dll

2013-10-04 01:58 . 2013-11-16 18:38 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56 . 2013-11-16 18:38 168960 ----a-w- c:\windows\SysWow64\credui.dll

2013-10-04 01:56 . 2013-11-16 18:38 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-10-03 02:23 . 2013-11-16 01:29 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-10-03 02:00 . 2013-11-16 01:29 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-09-28 01:09 . 2013-11-16 18:38 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-25 02:26 . 2013-11-16 18:38 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-09-25 02:26 . 2013-11-16 18:38 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-09-25 02:23 . 2013-11-16 18:38 28672 ----a-w- c:\windows\system32\sspisrv.dll

2013-09-25 02:23 . 2013-11-16 18:38 135680 ----a-w- c:\windows\system32\sspicli.dll

2013-09-25 02:23 . 2013-11-16 18:38 28160 ----a-w- c:\windows\system32\secur32.dll

2013-09-25 02:22 . 2013-11-16 18:38 340992 ----a-w- c:\windows\system32\schannel.dll

2013-09-25 02:21 . 2013-11-16 18:38 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-09-25 02:21 . 2013-11-16 18:38 1447936 ----a-w- c:\windows\system32\lsasrv.dll

2013-09-25 01:58 . 2013-11-16 18:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-09-25 01:57 . 2013-11-16 18:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-09-25 01:57 . 2013-11-16 18:38 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-09-25 01:56 . 2013-11-16 18:38 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-09-25 01:03 . 2013-11-16 18:38 30720 ----a-w- c:\windows\system32\lsass.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-10 896912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-15 3568312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001Core.job

- c:\users\Filipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 01:23]

.

2013-12-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001UA.job

- c:\users\Filipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 01:23]

.

2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001Core.job

- c:\users\Filipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 02:25]

.

2013-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001UA.job

- c:\users\Filipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 02:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-12-15 17:42 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254 192.168.1.1

FF - ProfilePath - c:\users\Filipe\AppData\Roaming\Mozilla\Firefox\Profiles\wxlczhzz.default\

FF - prefs.js: browser.search.selectedEngine - Improved Search

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-21 22:22:34

ComboFix-quarantined-files.txt 2013-12-22 01:22

ComboFix2.txt 2013-12-21 15:11

.

Pré-execução: 76.523.900.928 bytes disponíveis

Pós execução: 76.215.091.200 bytes disponíveis

.

- - End Of File - - A26840F9C28E1AF912F02B1E9177C3F2

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-12-20.01 - Filipe 21/12/2013 22:09:38.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4010.2970 [GMT -3:00]

Executando de: c:\users\Filipe\Desktop\ComboFix\ComboFix.exe

Comandos utilizados :: c:\users\Filipe\Desktop\ComboFix\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-22 to 2013-12-22 ))))))))))))))))))))))))))))

.

.

2013-12-22 01:19 . 2013-12-22 01:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-12-22 01:19 . 2013-12-22 01:19 -------- d-----w- c:\users\Teté\AppData\Local\temp

2013-12-22 01:19 . 2013-12-22 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-21 14:56 . 2013-12-21 14:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9ABC069-A8E5-4F5C-BE20-864F6A610984}\offreg.dll

2013-12-20 21:54 . 2013-12-20 21:57 -------- d-----w- C:\AdwCleaner

2013-12-20 21:13 . 2013-12-20 21:13 -------- d-----w- c:\windows\ERUNT

2013-12-20 20:06 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9ABC069-A8E5-4F5C-BE20-864F6A610984}\mpengine.dll

2013-12-15 17:44 . 2013-12-15 17:44 -------- d-----w- c:\users\Filipe\AppData\Roaming\AVAST Software

2013-12-15 17:42 . 2013-12-15 17:42 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-12-15 17:42 . 2013-12-15 17:42 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-12-15 17:42 . 2013-12-15 17:42 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-15 17:42 . 2013-12-15 17:42 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-12-15 17:42 . 2013-12-15 17:42 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-12-15 17:42 . 2013-12-15 17:42 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-12-15 17:42 . 2013-12-15 17:42 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-12-15 17:42 . 2013-12-15 17:42 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-12-15 17:42 . 2013-12-15 17:42 334648 ----a-w- c:\windows\system32\aswBoot.exe

2013-12-15 17:42 . 2013-12-15 17:42 43152 ----a-w- c:\windows\avastSS.scr

2013-12-15 17:42 . 2013-12-15 17:42 -------- d-----w- c:\program files\AVAST Software

2013-12-15 17:41 . 2013-12-15 17:41 -------- d-----w- c:\programdata\AVAST Software

2013-12-15 14:26 . 2013-12-15 14:26 -------- d-----w- c:\users\Filipe\AppData\Roaming\LolClient

2013-12-15 13:30 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-15 13:30 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-15 13:30 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-15 13:30 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-15 13:30 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-15 13:29 . 2013-10-14 21:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-12-13 15:19 . 2008-07-12 10:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2013-12-13 15:18 . 2013-12-13 15:18 -------- d-----w- C:\Riot Games

2013-12-13 15:14 . 2013-12-13 15:14 -------- d-----w- c:\program files (x86)\Pando Networks

2013-12-13 15:14 . 2013-12-13 15:14 -------- d-----w- c:\users\Filipe\AppData\Roaming\Riot Games

2013-12-11 23:23 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-12-11 23:23 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-11 23:22 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-11 23:22 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-12-11 23:22 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-12-11 15:52 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-12-11 15:52 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-12-11 15:51 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-12-11 15:51 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-12-11 15:51 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-11 15:51 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-11 15:51 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx

2013-12-11 15:51 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll

2013-12-11 15:51 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx

2013-12-11 15:51 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe

2013-12-11 15:51 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe

2013-12-11 15:51 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe

2013-12-11 15:51 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll

2013-12-11 15:51 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 06:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-12 02:30 . 2013-11-16 01:29 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-16 01:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-16 01:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-16 01:29 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-16 01:29 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2013-10-05 20:25 . 2013-11-16 18:38 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 19:57 . 2013-11-16 18:38 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-10-04 02:28 . 2013-11-16 18:38 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-10-04 02:25 . 2013-11-16 18:38 197120 ----a-w- c:\windows\system32\credui.dll

2013-10-04 02:24 . 2013-11-16 18:38 1930752 ----a-w- c:\windows\system32\authui.dll

2013-10-04 01:58 . 2013-11-16 18:38 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56 . 2013-11-16 18:38 168960 ----a-w- c:\windows\SysWow64\credui.dll

2013-10-04 01:56 . 2013-11-16 18:38 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-10-03 02:23 . 2013-11-16 01:29 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-10-03 02:00 . 2013-11-16 01:29 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-09-28 01:09 . 2013-11-16 18:38 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-25 02:26 . 2013-11-16 18:38 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-09-25 02:26 . 2013-11-16 18:38 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2013-09-25 02:23 . 2013-11-16 18:38 28672 ----a-w- c:\windows\system32\sspisrv.dll

2013-09-25 02:23 . 2013-11-16 18:38 135680 ----a-w- c:\windows\system32\sspicli.dll

2013-09-25 02:23 . 2013-11-16 18:38 28160 ----a-w- c:\windows\system32\secur32.dll

2013-09-25 02:22 . 2013-11-16 18:38 340992 ----a-w- c:\windows\system32\schannel.dll

2013-09-25 02:21 . 2013-11-16 18:38 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-09-25 02:21 . 2013-11-16 18:38 1447936 ----a-w- c:\windows\system32\lsasrv.dll

2013-09-25 01:58 . 2013-11-16 18:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-09-25 01:57 . 2013-11-16 18:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-09-25 01:57 . 2013-11-16 18:38 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-09-25 01:56 . 2013-11-16 18:38 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-09-25 01:03 . 2013-11-16 18:38 30720 ----a-w- c:\windows\system32\lsass.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-10 896912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-15 3568312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001Core.job

- c:\users\Filipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 01:23]

.

2013-12-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001UA.job

- c:\users\Filipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 01:23]

.

2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001Core.job

- c:\users\Filipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 02:25]

.

2013-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208230807-1906984956-1475362193-1001UA.job

- c:\users\Filipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 02:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-12-15 17:42 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254 192.168.1.1

FF - ProfilePath - c:\users\Filipe\AppData\Roaming\Mozilla\Firefox\Profiles\wxlczhzz.default\

FF - prefs.js: browser.search.selectedEngine - Improved Search

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-21 22:22:34

ComboFix-quarantined-files.txt 2013-12-22 01:22

ComboFix2.txt 2013-12-21 15:11

.

Pré-execução: 76.523.900.928 bytes disponíveis

Pós execução: 76.215.091.200 bytes disponíveis

.

- - End Of File - - A26840F9C28E1AF912F02B1E9177C3F2

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego, perdão. Acabei me esquecendo de postar o último log.

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.12.22.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16428

Filipe :: FILIPE-PC [administrador]

22/12/2013 10:33:08

mbam-log-2013-12-22 (10-33-08).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 265222

Tempo decorrido: 11 minuto(s), 40 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 3

C:\Users\Filipe\Downloads\Avast! Free Antivirus.exe (PUP.Optional.Firseria) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Filipe\Downloads\Pericles part luan santana cuidado cupido mp3 (1).exe (PUP.Optional.PCMega.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Filipe\Downloads\Pericles part luan santana cuidado cupido mp3.exe (PUP.Optional.PCMega.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro andre.timao

# Etapa nº 1 #

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

# Etapa nº 2 #

Faça o download do SecurityCheck e salve em seu Desktop

  • Clique duas vezes no SecurityCheck.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Pressione qualquer tecla para continuar... será aberto um relatório
  • Copie todo seu conteúdo e cole em sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde, diego.

O scan do Kaspersky não encontrou nenhuma ameaça.

Log do Security Check:

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Adobe Flash Player 11.7.700.224

Adobe Reader 10.1.8 Adobe Reader out of Date!

Mozilla Firefox 12.0 Firefox out of Date!

Google Chrome 30.0.1599.101

Google Chrome 31.0.1650.63

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: =

````````````````````End of Log``````````````````````

Acredito que o procedimento esteja chegando ao fim. Se possível, gostaria que você me dissesse quais ameaças foram encontradas no meu computador e o que foi feito para removê-las. Sou um curioso e tenho muita vontade de aprender essa "arte" kkkkk (inclusive me alistei para ser aprendiz de analista).

Bom, gostaria também de agradecer muito pela ajuda e pela atenção.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro andre.timao

Log limpo :)

>>>> Como está o computador?

Vamos fazer as correções/atualizações recomendadas ;)

# Etapa nº 1 #

Ative a UAC (User Account Control - Controle da Conta de Usuário)

Acesse o [ame=http://www.youtube.com/watch?feature=player_embedded&v=zbH4lM-OSzQ]vídeo[/ame] tutorial.

# Etapa nº 2 #

  • Atualize o Adobe Reader
  • Atualize o Firefox

# Etapa nº 3 #

Vamos desinstalar o ComboFix:

Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido.

Ou se preferir vá em,

iniciar > executar e digite Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.

# Etapa nº 4 #

Faça download do OTC by OldTimer e salve em seu desktop.

  • Clique duas vezes no ícone 4142006426_4719050954_o.gif
  • Clique em executar;
  • Clique em seu único botão (imagem abaixo):
    4141259853_5a542d5908_o.jpg
  • Permita que seu computador seja reiniciado.

# Etapa nº 5 #

  • Novamente: clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Desinstalar
  • Clique em Sim, aguarde.

# Etapa nº 6 #
<<@>> Instale o CCleaner
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner

  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×