Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
k-roço

Virus de Pen-drive

Recommended Posts

Boa tarde a todos.

Sou meio que novato aqui, apesar de já ser cadastrado há algum tempo, e necessito da ajuda de vocês.

Dois pendrives meus foram infectados por algum virus/malware/worm, não sei ao certo. Sei que ele corrompe o autorun do pendrive (o Avast me diz isso ao menos) e um arquivo do windows chamado WScript.exe

Já procurei algumas soluções aqui no próprio fórum, mas nenhuma me deu resultados definitivos.

Já rodei o Kaspersky Virus Removal Tool umas duas vezes, mas ele sempre encontra algo.

Um dos pendrives agora só me mostra arquivos, as pastas sumiram (apesar de o tamanho de espaço ocupado nele demonstrar que ainda estão lá).

Sei que é necessário enviar relatórios de GMER e DDS em posts daqui, mas como disse, sou meio q novato e não faço ideia de como conseguir estes programas.

Alguém pode ajudar o iniciante aqui?

Grato desde já,

Rodrigo Tomaz

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Acho que limpei meu PC, mas gostaria de ter 100% de certeza.

Aqui estão respectivamente os relatórios do GMER e do DDR. Novamente peço desculpas por não ter seguido logo de cara o protocolo aqui e agradeço qualquer ajuda.

GMER

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-07-18 23:50:34

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 GB1000EA rev.HPG1 931,51GB

Running: gmer.exe; Driver: C:\Users\Rodrigo\AppData\Local\Temp\pxtdapow.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90E46610]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8DED15FA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90E470E6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90E52F18]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90E52F64]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90E530FE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90E52E86]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DED1992]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90E52ECE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90E475E4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90E47800]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90E530B8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90E47E9C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90E46676]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x90E4B596]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8DED16C2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DECFC12]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90E466DC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90E4B98C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90E4892C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90E52F42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90E52F86]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90E53122]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90E52EAC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x90E4AE78]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90E53036]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90E52EF6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x90E4B26E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90E530DC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8DED1822]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90E487F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x90E48506]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90E46742]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90E467A8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90E47D16]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90E462F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90E464CE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90E4645C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90E48066]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90E481C8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90E46556]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8DED18EA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90E47CF6]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8DECFC42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90E4680E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8DED176E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C919F5 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CCB1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CD2410 4 Bytes [10, 66, E4, 90] {ADC [ESI-0x1c], AH; NOP }

.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CD2438 4 Bytes [FA, 15, ED, 8D]

.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CD2498 4 Bytes [E6, 70, E4, 90] {OUT 0x70, AL; IN AL, 0x90}

.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CD24EC 8 Bytes [18, 2F, E5, 90, 64, 2F, E5, ...] {SBB [EDI], CH; IN EAX, 0x90; DAS ; IN EAX, 0x90}

.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82CD24F8 4 Bytes JMP E530FE82

.text ...

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92A1A000, 0x2D5378, 0xE8000020]

? C:\Users\Rodrigo\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\svchost.exe[344] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[412] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\csrss.exe[416] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\wininit.exe[500] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\services.exe[548] kernel32.dll!FreeLibraryAndExitThread 759403B0 5 Bytes JMP 3C4ABF18 C:\Program Files\GbPlugin\gbiehuni.dll (Gbieh Module/Banco Itaú Unibanco)

.text C:\Windows\system32\services.exe[548] kernel32.dll!FreeLibrary 7594EF67 5 Bytes JMP 3C4ABFA0 C:\Program Files\GbPlugin\gbiehuni.dll (Gbieh Module/Banco Itaú Unibanco)

.text C:\Windows\system32\services.exe[548] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\lsass.exe[564] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\lsm.exe[572] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[728] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\PROGRA~1\GbPlugin\GbpSv.exe[804] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text ...

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[960] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 000703FC

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[960] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 000701F8

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[960] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[960] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 000D0A08

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[960] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 000D03FC

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[960] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 000D0804

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[960] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 000D01F8

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[960] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 000D0600

.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\Dwm.exe[1292] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 000E03FC

.text C:\Windows\system32\Dwm.exe[1292] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 000E01F8

.text C:\Windows\system32\Dwm.exe[1292] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\Dwm.exe[1292] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 000F0A08

.text C:\Windows\system32\Dwm.exe[1292] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 000F03FC

.text C:\Windows\system32\Dwm.exe[1292] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 000F0804

.text C:\Windows\system32\Dwm.exe[1292] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 000F01F8

.text C:\Windows\system32\Dwm.exe[1292] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 000F0600

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1332] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1528] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\System32\spoolsv.exe[1680] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text ...

.text C:\Program Files\Windows Sidebar\sidebar.exe[1936] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 000E03FC

.text C:\Program Files\Windows Sidebar\sidebar.exe[1936] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 000E01F8

.text C:\Program Files\Windows Sidebar\sidebar.exe[1936] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\Windows Sidebar\sidebar.exe[1936] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 00100A08

.text C:\Program Files\Windows Sidebar\sidebar.exe[1936] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 001003FC

.text C:\Program Files\Windows Sidebar\sidebar.exe[1936] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 00100804

.text C:\Program Files\Windows Sidebar\sidebar.exe[1936] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 001001F8

.text C:\Program Files\Windows Sidebar\sidebar.exe[1936] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 00100600

.text C:\Windows\System32\svchost.exe[1956] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1984] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[2108] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 001E03FC

.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[2108] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 001E01F8

.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[2108] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[2108] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 00210A08

.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[2108] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 002103FC

.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[2108] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 00210804

.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[2108] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 002101F8

.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[2108] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 00210600

.text C:\Users\Rodrigo\AppData\Local\Facebook\Update\FacebookUpdate.exe[2176] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 001803FC

.text C:\Users\Rodrigo\AppData\Local\Facebook\Update\FacebookUpdate.exe[2176] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 001801F8

.text C:\Users\Rodrigo\AppData\Local\Facebook\Update\FacebookUpdate.exe[2176] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Users\Rodrigo\AppData\Local\Facebook\Update\FacebookUpdate.exe[2176] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 001A0A08

.text C:\Users\Rodrigo\AppData\Local\Facebook\Update\FacebookUpdate.exe[2176] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 001A03FC

.text C:\Users\Rodrigo\AppData\Local\Facebook\Update\FacebookUpdate.exe[2176] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 001A0804

.text C:\Users\Rodrigo\AppData\Local\Facebook\Update\FacebookUpdate.exe[2176] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 001A01F8

.text C:\Users\Rodrigo\AppData\Local\Facebook\Update\FacebookUpdate.exe[2176] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 001A0600

.text C:\Windows\System32\svchost.exe[2260] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 000E03FC

.text C:\Windows\System32\svchost.exe[2260] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 000E01F8

.text C:\Windows\System32\svchost.exe[2260] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\System32\svchost.exe[2260] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 00100A08

.text C:\Windows\System32\svchost.exe[2260] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 001003FC

.text C:\Windows\System32\svchost.exe[2260] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 00100804

.text C:\Windows\System32\svchost.exe[2260] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 001001F8

.text C:\Windows\System32\svchost.exe[2260] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 00100600

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2300] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 001E03FC

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2300] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 001E01F8

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2300] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2300] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 002F0A08

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2300] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 002F03FC

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2300] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 002F0804

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2300] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 002F01F8

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2300] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 002F0600

.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2392] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 001E03FC

.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2392] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 001E01F8

.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2392] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2392] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 001F0A08

.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2392] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 001F03FC

.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2392] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 001F0804

.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2392] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 001F01F8

.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2392] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 001F0600

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2488] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 000E03FC

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2488] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 000E01F8

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2488] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2488] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 00100A08

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2488] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 001003FC

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2488] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 00100804

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2488] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 001001F8

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2488] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 00100600

.text C:\Windows\System32\svchost.exe[2776] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 001F03FC

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 001F01F8

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 00210A08

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 002103FC

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 00210804

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 002101F8

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 00210600

.text C:\Windows\system32\winlogon.exe[2924] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 000403FC

.text C:\Windows\system32\winlogon.exe[2924] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 000401F8

.text C:\Windows\system32\winlogon.exe[2924] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\winlogon.exe[2924] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 00050A08

.text C:\Windows\system32\winlogon.exe[2924] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 000503FC

.text C:\Windows\system32\winlogon.exe[2924] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 00050804

.text C:\Windows\system32\winlogon.exe[2924] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 000501F8

.text C:\Windows\system32\winlogon.exe[2924] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 00050600

.text C:\Windows\system32\ctfmon.exe[3068] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 000703FC

.text C:\Windows\system32\ctfmon.exe[3068] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 000701F8

.text C:\Windows\system32\ctfmon.exe[3068] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\ctfmon.exe[3068] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 00230A08

.text C:\Windows\system32\ctfmon.exe[3068] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 002303FC

.text C:\Windows\system32\ctfmon.exe[3068] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 00230804

.text C:\Windows\system32\ctfmon.exe[3068] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 002301F8

.text C:\Windows\system32\ctfmon.exe[3068] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 00230600

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3228] ntdll.dll!LdrUnloadDll 7726C86E 3 Bytes JMP 001703FC

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3228] ntdll.dll!LdrUnloadDll + 4 7726C872 1 Byte [88]

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3228] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 001701F8

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3228] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3228] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 00190A08

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3228] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 001903FC

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3228] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 00190804

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3228] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 001901F8

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3228] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 00190600

.text C:\Windows\Explorer.EXE[3328] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 003703FC

.text C:\Windows\Explorer.EXE[3328] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 003701F8

.text C:\Windows\Explorer.EXE[3328] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\Explorer.EXE[3328] RPCRT4.dll!IUnknown_QueryInterface_Proxy 75B44FC2 6 Bytes JMP 7191000A

.text C:\Windows\Explorer.EXE[3328] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 004D0A08

.text C:\Windows\Explorer.EXE[3328] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 004D03FC

.text C:\Windows\Explorer.EXE[3328] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 004D0804

.text C:\Windows\Explorer.EXE[3328] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 004D01F8

.text C:\Windows\Explorer.EXE[3328] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 004D0600

.text C:\Windows\Explorer.EXE[3328] ole32.dll!CoUnmarshalInterface 7648F150 6 Bytes JMP 7198000A

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3448] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\SearchIndexer.exe[4056] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 000E03FC

.text C:\Windows\system32\SearchIndexer.exe[4056] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 000E01F8

.text C:\Windows\system32\SearchIndexer.exe[4056] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\SearchIndexer.exe[4056] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 00100A08

.text C:\Windows\system32\SearchIndexer.exe[4056] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 001003FC

.text C:\Windows\system32\SearchIndexer.exe[4056] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 00100804

.text C:\Windows\system32\SearchIndexer.exe[4056] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 001001F8

.text C:\Windows\system32\SearchIndexer.exe[4056] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 00100600

.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4480] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 001E03FC

.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4480] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 001E01F8

.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4480] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4480] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 001F0A08

.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4480] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 001F03FC

.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4480] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 001F0804

.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4480] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 001F01F8

.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4480] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 001F0600

.text C:\Windows\system32\csrss.exe[4688] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\taskhost.exe[4872] ntdll.dll!LdrUnloadDll 7726C86E 5 Bytes JMP 000D03FC

.text C:\Windows\system32\taskhost.exe[4872] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 000D01F8

.text C:\Windows\system32\taskhost.exe[4872] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Windows\system32\taskhost.exe[4872] USER32.dll!UnhookWindowsHookEx 7615ADF9 5 Bytes JMP 000E0A08

.text C:\Windows\system32\taskhost.exe[4872] USER32.dll!UnhookWinEvent 7615B750 5 Bytes JMP 000E03FC

.text C:\Windows\system32\taskhost.exe[4872] USER32.dll!SetWindowsHookExW 7615E30C 5 Bytes JMP 000E0804

.text C:\Windows\system32\taskhost.exe[4872] USER32.dll!SetWinEventHook 761624DC 5 Bytes JMP 000E01F8

.text C:\Windows\system32\taskhost.exe[4872] USER32.dll!SetWindowsHookExA 76186D0C 5 Bytes JMP 000E0600

.text C:\Windows\system32\AUDIODG.EXE[5128] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

.text C:\Users\Rodrigo\Downloads\gmer\gmer.exe[6000] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1528] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [726C0790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [736424CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7362562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [736256EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73642546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [736385AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73634D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73635105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [736351DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73636707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73638301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73638850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [736390B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7363E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73634C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [726C0790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gerenciador de Filtro do Filesystem Microsoft/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{69596B77-F2BF-11E1-AF35-806E6F6E6963} 6737243032

---- Files - GMER 2.1 ----

File C:\avast! sandbox 0 bytes

File C:\avast! sandbox\S-1-5-21-3578102041-2944691058-3804830817-1000 0 bytes

File C:\avast! sandbox\S-1-5-21-3578102041-2944691058-3804830817-1000\r326 0 bytes

File C:\avast! sandbox\S-1-5-21-3578102041-2944691058-3804830817-1000\r326\urDrive.exe_{f3ec56a2-efe5-11e2-808f-001cc034e77b} 0 bytes

File C:\avast! sandbox\snx_rhive 262144 bytes

File C:\avast! sandbox\snx_rhive.LOG1 5120 bytes

File C:\avast! sandbox\snx_rhive.LOG2 0 bytes

File C:\avast! sandbox\snx_rhive{f3ec56a4-efe5-11e2-808f-001cc034e77b}.TM.blf 65536 bytes

File C:\avast! sandbox\snx_rhive{f3ec56a4-efe5-11e2-808f-001cc034e77b}.TMContainer00000000000000000001.regtrans-ms 524288 bytes

File C:\avast! sandbox\snx_rhive{f3ec56a4-efe5-11e2-808f-001cc034e77b}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 2.1 ----

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2

Run by Rodrigo at 22:30:22 on 2013-07-18

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.2029.497 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Rodrigo\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Rodrigo\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=BR&userid=d74e8158-2739-47f7-8625-5f87884f271a&searchtype=hp&installDate=12/06/2013

uSearch Bar = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=BR&userid=d74e8158-2739-47f7-8625-5f87884f271a&searchtype=ds&q={searchTerms}&installDate=12/06/2013

uSearch Page = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=BR&userid=d74e8158-2739-47f7-8625-5f87884f271a&searchtype=ds&q={searchTerms}&installDate=12/06/2013

mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=BR&userid=d74e8158-2739-47f7-8625-5f87884f271a&searchtype=ds&q={searchTerms}&installDate=12/06/2013

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.10.0\bh\delta.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - c:\program files\gbplugin\gbiehuni.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.10.0\deltaTlbr.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Facebook Update] "c:\users\rodrigo\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [browser Infrastructure Helper] c:\users\rodrigo\appdata\local\smartbar\application\QuickShare.exe startup

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\rodrigo\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\rodrigo\appdata\local\facebook\messenger\2.1.4814.0\FacebookMessenger.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{662A53B5-C17D-44DF-BC7D-DD3F0FFB2606} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{68DC681C-268E-4D0C-A211-BC0079B1ED65} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginUni - c:\program files\gbplugin\gbiehUni.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - c:\program files\gbplugin\gbiehuni.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\rodrigo\appdata\roaming\mozilla\firefox\profiles\0iv3vtu8.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=BR&userid=d74e8158-2739-47f7-8625-5f87884f271a&searchtype=hp&installDate=12/06/2013

FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=BR&userid=d74e8158-2739-47f7-8625-5f87884f271a&searchtype=ds&installDate=12/06/2013&q=

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.149\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll

FF - plugin: c:\users\rodrigo\appdata\local\facebook\messenger\2.1.4814.0\npFbDesktopPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2013-06-14 19:18; {d74e8158-2739-47f7-8625-5f87884f271a}; c:\users\rodrigo\appdata\roaming\mozilla\firefox\profiles\0iv3vtu8.default\extensions\{d74e8158-2739-47f7-8625-5f87884f271a}

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-13 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-13 175176]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-9-4 46392]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-16 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-16 369584]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-8-30 242240]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-16 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-16 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-22 46808]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2013-6-28 409144]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-8-9 38608]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2013-4-19 31088]

R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2011-10-5 564800]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-14 418376]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-14 701512]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-14 22856]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2013-4-19 31088]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-4-12 14848]

S3 StorSvc;Serviço de Armazenamento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-4-12 49664]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-30 1343400]

.

=============== Created Last 30 ================

.

2013-07-18 20:13:47 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{098187d5-5a84-4270-85c9-0cb68dcc281a}\offreg.dll

2013-07-16 13:27:05 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{098187d5-5a84-4270-85c9-0cb68dcc281a}\mpengine.dll

2013-07-14 17:33:27 -------- d-----w- c:\users\rodrigo\appdata\roaming\Malwarebytes

2013-07-14 17:30:24 -------- d-----w- c:\programdata\Malwarebytes

2013-07-14 17:30:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-14 17:30:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-07-14 17:05:31 -------- d-----w- c:\program files\CCleaner

2013-07-14 15:30:03 -------- d-----w- C:\PenClean

2013-07-13 02:34:47 -------- d-----w- c:\programdata\Kaspersky Lab

2013-07-12 18:14:31 -------- d-sh--w- c:\users\rodrigo\appdata\roaming\9a1

2013-07-12 18:14:31 -------- d-sh--w- C:\9bec

2013-07-10 14:48:17 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-07-10 14:48:14 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-10 14:48:13 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-07-10 14:48:11 509440 ----a-w- c:\windows\system32\qedit.dll

2013-07-10 14:48:08 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2013-07-10 14:47:52 680960 ----a-w- c:\program files\windows defender\MpSvc.dll

2013-07-10 14:47:52 392704 ----a-w- c:\program files\windows defender\MpClient.dll

2013-07-10 14:47:52 224768 ----a-w- c:\program files\windows defender\MpCommu.dll

2013-06-25 00:48:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2013-07-18 20:10:04 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-06-27 21:06:00 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-06-27 21:06:00 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-06-25 00:48:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-06-25 00:48:16 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-12 19:10:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-12 19:10:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-06-10 17:42:22 46392 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll

2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-09 08:59:10 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr

2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-02 05:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll

2013-04-25 23:30:32 1505280 ----a-w- c:\windows\system32\d3d11.dll

.

============= FINISH: 22:31:50,04 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 30/08/2012 13:39:43

System Uptime: 18/07/2013 17:09:26 (5 hours ago)

.

Motherboard: Intel Corporation | | DP35DP

Processor: Intel® Core2 Duo CPU E8200 @ 2.66GHz | J1PR | 2664/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 98 GiB total, 22,193 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 834 GiB total, 116,679 GiB free.

F: is CDROM ()

G: is Removable

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18

Manufacturer:

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7) - Português

Ares 2.2.4

µTorrent

aTube Catcher

avast! Free Antivirus

BufferChm

Bundled software uninstaller

C4600

CCleaner

ConvertXtoDVD 4.1.10.348

D3DX10

DAEMON Tools Lite

DealPly (remove only)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Delta toolbar

Destinations

DeviceDiscovery

DVD Shrink 3.2

Facebook Messenger 2.1.4814.0

Facebook Video Calling 1.2.0.287

Galeria de Fotos

Google Chrome

Google Update Helper

GPBaseService2

HP Imaging Device Functions 14.0

HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5

HP Solution Center 14.0

HPProductAssistant

Java 7 Update 25

Java Auto Updater

K-Lite Mega Codec Pack 9.3.0

Malwarebytes Anti-Malware version 1.75.0.1300

Medieval II Total War

Medieval II Total War : Kingdoms : Americas

Medieval II Total War : Kingdoms : Britannia

Medieval II Total War : Kingdoms : Crusades

Medieval II Total War : Kingdoms : Teutonic

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual J# .NET Redistributable Package 1.1

Movie Maker

Mozilla Firefox 21.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSVCRT110

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

Photo Common

Photo Gallery

PS_AIO_05_C4600_Software_Min

QuickShare

QuickTransfer

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shop for HP Supplies

SolutionCenter

Status

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VLC media player 2.0.6

VSO ConvertXtoDVD v5.0.0.45 FINAL

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.20 (32-bit)

.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×