Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
nagao

Suspeita malware - Banco

Recommended Posts

Ultimamente tenho tido alguns problemas com o acesso da minha conta bancaria pela internet, após o bloqueio fui até a agencia e desbloqueei porém ainda assim não consegui acessá-la bloqueando novamente.

LOG DO HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:34:58, on 14/08/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alexandre\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8425 bytes

DDS.txt.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Alexandre at 17:49:39 on 2012-08-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.6055.4598 [GMT -3:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\rundll32.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe

C:\Windows\system32\hkcmd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\igfxpers.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\Alexandre\Desktop\gmer\gmer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F34C9CEE-6FE7-4330-940A-70AA3F2D4E05} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F34C9CEE-6FE7-4330-940A-70AA3F2D4E05}\E4147414F4 : DhcpNameServer = 10.1.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{C41A1C0E-EA6C-11D4-B1B8-444553540000}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

SEH-X64: {E37CB5F0-51F5-4395-A808-5FA49E399F83}: GbPlugin ShlObj

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]

R1 SamsungMonitorFirmware;SamsungMonitorFirmware;C:\Windows\system32\drivers\MFWCtwl.sys --> C:\Windows\system32\drivers\MFWCtwl.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 avgwd;Watchdog do AVG;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2012-8-12 214088]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-28 13336]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-28 1262400]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 BTWAMPFL;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-13 22:27:26 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\AVG2012

2012-08-13 22:25:52 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2012-08-13 22:25:36 -------- d--h--w- C:\$AVG

2012-08-13 22:25:36 -------- d-----w- C:\Windows\System32\drivers\AVG

2012-08-13 22:25:36 -------- d-----w- C:\ProgramData\AVG2012

2012-08-13 22:25:07 -------- d-----w- C:\Program Files (x86)\AVG

2012-08-13 22:19:14 -------- d--h--w- C:\ProgramData\Common Files

2012-08-13 22:19:14 -------- d-----w- C:\ProgramData\MFAData

2012-08-13 21:11:11 -------- d-----w- C:\Users\Alexandre\AppData\Local\Opera

2012-08-12 04:35:21 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-12 03:32:22 46408 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys

2012-08-12 03:32:06 -------- d-----w- C:\ProgramData\GbPlugin

2012-08-12 03:32:06 -------- d-----w- C:\Program Files (x86)\GbPlugin

2012-08-12 03:16:28 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\Malwarebytes

2012-08-12 03:16:21 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-12 03:16:20 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-12 03:16:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-12 03:09:48 -------- d-----w- C:\Program Files\Bitdefender

2012-08-12 03:08:06 -------- d-----w- C:\Program Files\Common Files\Bitdefender

2012-08-12 03:07:48 -------- d-----w- C:\Program Files\CCleaner

2012-08-10 23:49:19 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A46958BC-086A-4300-AA4F-512249E34224}\mpengine.dll

2012-08-10 00:32:35 -------- d-----w- C:\Program Files (x86)\Oracle

2012-08-10 00:32:16 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-08-10 00:32:16 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-07 01:06:09 -------- d-----w- C:\Program Files (x86)\Free DVD ISO Burner

2012-08-01 02:14:42 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-08-01 02:13:53 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\uTorrent

2012-07-29 15:29:48 -------- d-----w- C:\Windows\SysWow64\Wat

2012-07-29 15:29:48 -------- d-----w- C:\Windows\System32\Wat

2012-07-29 15:25:51 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-29 14:56:28 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-07-29 14:56:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-07-29 14:56:28 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-07-29 14:56:28 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-07-29 14:56:28 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-07-29 14:56:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-07-29 14:56:28 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-07-28 18:47:17 21360 ----a-w- C:\Windows\System32\drivers\MFWCtwl.sys

2012-07-28 18:47:16 -------- d-----w- C:\Program Files\SamsungFirmwareUpdater

2012-07-28 18:28:26 -------- d-----w- C:\ProgramData\SAMSUNG

2012-07-28 18:26:46 13824 ----a-w- C:\Windows\System32\drivers\SABI.sys

2012-07-28 18:26:40 -------- d-----w- C:\Program Files (x86)\SAMSUNG

2012-07-28 18:26:25 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-07-28 18:26:25 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-07-28 18:26:25 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-07-28 18:26:25 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-07-28 18:26:25 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-07-28 18:26:25 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-07-28 18:26:25 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-07-28 17:05:19 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\Foxit Software

2012-07-28 15:03:39 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\LolClient

2012-07-28 14:57:49 -------- d-----w- C:\Program Files (x86)\OriginLab

2012-07-28 14:54:16 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack

2012-07-28 14:48:59 517960 ----a-w- C:\Windows\System32\XAudio2_5.dll

2012-07-28 14:41:25 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-07-28 14:41:19 -------- d-----w- C:\Windows\PCHEALTH

2012-07-28 14:41:19 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-07-28 14:40:24 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2012-07-28 14:39:56 -------- d-----w- C:\Users\Alexandre\AppData\Local\Microsoft Help

2012-07-28 14:18:08 -------- d-----w- C:\Windows\SysWow64\directx

2012-07-28 14:08:02 -------- d-----w- C:\Users\Alexandre\AppData\Local\Google

2012-07-28 14:07:29 -------- d-----w- C:\Users\Alexandre\AppData\Local\Apps

2012-07-28 14:07:28 -------- d-----w- C:\Users\Alexandre\AppData\Local\Deployment

2012-07-28 14:03:20 -------- d-----w- C:\Windows\SysWow64\NV

2012-07-28 14:03:20 -------- d-----w- C:\Windows\System32\NV

2012-07-28 14:02:10 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-07-28 14:02:10 858944 ----a-w- C:\Windows\System32\nv3dappshext.dll

2012-07-28 14:02:10 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-07-28 14:02:10 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-07-28 14:02:10 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll

2012-07-28 14:02:10 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-07-28 14:02:10 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-07-28 14:02:10 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-07-28 14:02:10 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-07-28 14:02:01 68928 ----a-w- C:\Windows\System32\OpenCL.dll

2012-07-28 14:02:01 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-07-28 13:58:10 -------- d-----w- C:\Program Files\Common Files\Intel

2012-07-28 13:58:10 -------- d-----w- C:\Program Files (x86)\Common Files\Intel

2012-07-28 13:55:58 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\Zbshareware Lab

2012-07-28 13:55:58 -------- d-----w- C:\ProgramData\Zbshareware Lab

2012-07-28 13:55:56 -------- d-----w- C:\Program Files (x86)\USB Disk Security

2012-07-28 13:53:36 -------- d-----r- C:\Program Files (x86)\Skype

2012-07-28 13:45:24 -------- d-----w- C:\Program Files (x86)\Lavalys

2012-07-28 13:44:35 -------- d-----w- C:\Program Files (x86)\Foxit Software

2012-07-28 13:37:05 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\Intel Corporation

2012-07-28 13:34:37 439320 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2012-07-28 13:33:26 -------- d-----w- C:\Users\Alexandre\AppData\Local\Broadcom

2012-07-28 13:33:00 349736 ----a-w- C:\Windows\System32\drivers\btwampfl.sys

2012-07-28 13:31:48 22056 ----a-w- C:\Windows\System32\btwcoins.dll

2012-07-28 13:31:46 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys

2012-07-28 13:31:46 21416 ----a-w- C:\Windows\System32\drivers\btwrchid.sys

2012-07-28 13:31:46 138280 ----a-w- C:\Windows\System32\drivers\btwavdt.sys

2012-07-28 13:31:46 107560 ----a-w- C:\Windows\System32\drivers\btwaudio.sys

2012-07-28 13:30:27 -------- d-----w- C:\Program Files\WIDCOMM

2012-07-28 13:29:16 -------- d-----w- C:\Program Files (x86)\Renesas Electronics

2012-07-28 13:24:43 -------- d-----w- C:\Program Files\Elantech

2012-07-28 13:23:10 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2012-07-28 13:19:27 -------- d-----w- C:\Intel

2012-07-28 13:18:52 207656 ----a-w- C:\Windows\System32\drivers\ETD.sys

2012-07-28 09:09:53 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-07-28 08:47:51 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-07-28 08:46:58 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2012-07-28 08:46:55 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-07-28 08:46:55 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-07-28 08:46:52 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2012-07-28 08:46:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2012-07-28 08:46:11 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2012-07-28 08:46:11 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-07-28 08:45:58 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2012-07-28 08:45:58 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2012-07-28 08:45:58 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2012-07-28 08:45:58 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2012-07-28 08:43:43 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-07-28 08:43:43 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-07-28 08:43:43 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-07-28 08:41:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-07-28 08:41:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-07-28 08:41:57 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-07-28 08:36:47 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-07-28 08:36:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-07-28 08:36:44 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2012-07-28 08:36:44 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2012-07-28 08:36:44 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2012-07-28 08:36:19 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2012-07-28 08:36:19 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2012-07-28 08:36:19 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2012-07-28 08:36:19 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2012-07-28 08:31:12 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-07-28 08:31:05 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-07-28 08:31:00 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-07-28 08:29:26 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2012-07-28 08:29:26 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2012-07-28 08:29:26 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2012-07-28 08:29:26 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2012-07-28 08:29:26 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2012-07-28 08:28:58 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2012-07-28 08:28:58 31232 ----a-w- C:\Windows\System32\prevhost.exe

2012-07-28 08:24:30 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2012-07-28 08:24:06 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2012-07-28 08:24:06 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2012-07-28 08:24:01 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-07-28 08:24:01 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-07-28 08:23:51 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2012-07-28 08:23:48 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2012-07-28 08:23:48 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2012-07-28 08:23:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2012-07-28 08:23:48 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2012-07-28 08:23:41 723456 ----a-w- C:\Windows\System32\EncDec.dll

2012-07-28 08:23:41 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2012-07-28 08:23:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-07-28 08:23:28 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-07-28 08:23:05 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-07-28 08:07:46 77312 ----a-w- C:\Windows\System32\packager.dll

2012-07-28 08:07:46 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-07-28 07:58:18 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-07-28 07:58:18 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-07-28 07:58:18 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-07-28 07:53:57 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-28 07:53:52 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-07-28 07:53:43 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-28 07:53:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-28 07:21:39 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-07-28 04:57:35 -------- d-----w- C:\Windows\Panther

2012-07-28 04:57:05 -------- d-----w- C:\Windows\System32\OEM

2012-07-28 02:55:15 -------- d-----w- C:\Program Files (x86)\Cisco

2012-07-28 02:54:32 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll

2012-07-28 02:54:32 60928 ----a-w- C:\Windows\System32\bcmwlrmt.dll

2012-07-28 02:54:32 4961800 ----a-w- C:\Windows\SysWow64\vcredist_x64.exe

2012-07-28 02:54:32 459 ----a-w- C:\Windows\SysWow64\vcredist_x64.bat

2012-07-28 02:54:32 4428288 ----a-w- C:\Windows\System32\bcmttls.dll

2012-07-28 02:54:32 22592 ----a-w- C:\Windows\System32\drivers\bcm42rly.sys

2012-07-28 02:54:31 7761408 ----a-w- C:\Windows\System32\BCMWLCPL.CPL

2012-07-28 02:54:31 73728 ----a-w- C:\Windows\System32\wltrynt.dll

2012-07-28 02:54:30 4745280 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS

2012-07-28 02:54:30 3952128 ----a-w- C:\Windows\System32\bcmihvsrv64.dll

2012-07-28 02:54:30 3617280 ----a-w- C:\Windows\System32\bcmihvui64.dll

2012-07-28 02:54:30 -------- d-----w- C:\Program Files\Broadcom

2012-07-28 02:44:27 1014784 ----a-w- C:\Windows\System32\BCMLogon.dll

2012-07-28 02:44:18 47632 ----a-w- C:\Windows\System32\drivers\npf.sys

2012-07-28 02:44:16 457 ----a-w- C:\Windows\System32\vcredist_x64.bat

2012-07-28 02:44:16 3161088 ----a-w- C:\Windows\System32\vcredist_x64.exe

2012-07-28 02:44:15 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll

2012-07-28 02:31:00 -------- d-sh--w- C:\Windows\Installer

2012-07-28 02:28:56 2797056 ----a-w- C:\Windows\System32\athrx.sys

2012-07-28 02:28:51 -------- d-----w- C:\ProgramData\Atheros

2012-07-28 02:27:43 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2012-07-28 02:27:43 533096 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2012-07-28 02:27:43 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-07-28 02:27:39 -------- d-----w- C:\Program Files (x86)\Realtek

2012-07-28 02:19:03 -------- d-----w- C:\NVIDIA

.

==================== Find3M ====================

.

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 15:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 17:49:50,34 ===============

ATTACH.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 27/07/2012 21:04:28

System Uptime: 14/08/2012 16:11:58 (1 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RF511/RF411/RF711

Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 101 GiB total, 71,439 GiB free.

D: is FIXED (NTFS) - 809 GiB total, 742,699 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP29: 12/08/2012 01:35:48 - ComboFix created restore point

RP30: 13/08/2012 19:24:49 - Installed AVG 2012

RP31: 13/08/2012 19:25:16 - Installed AVG 2012

.

==== Installed Programs ======================

.

µTorrent

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Combined Community Codec Pack 2011-11-11

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Easy Display Manager

Easy SpeedUp Manager

EVEREST Ultimate Edition v5.30

Foxit Reader

Free DVD ISO Burner version 1.2

Google Chrome

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Malwarebytes Anti-Malware versão 1.62.0.1300

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Movie Color Enhancer

NVIDIA PhysX

Opera 12.01

Origin8

OriginPro 8

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Samsung Update Plus

SamsungFirmwareUpdater

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Skype™ 5.10

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

USB Disk Security

Visual Studio 2008 x64 Redistributables

.

==== End Of File ===========================

gmer.txt

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-08-14 18:00:09

Windows 6.1.7601 Service Pack 1

Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4dee3c00b

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4dee3c00b@000dfd531e8a 0xF9 0x96 0x6B 0x5B ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4dee3c00b (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4dee3c00b@000dfd531e8a 0xF9 0x96 0x6B 0x5B ...

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste novo log do DDS, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • DDS

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

    Run by Alexandre at 0:30:39 on 2012-08-19

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.6055.3899 [GMT -3:00]

    .

    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\nvvsvc.exe

    C:\PROGRA~2\GbPlugin\GbpSv.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

    C:\Windows\system32\WLANExt.exe

    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\svchost.exe -k bthsvcs

    C:\Program Files\Elantech\ETDCtrl.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Elantech\ETDCtrlHelper.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe

    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

    C:\Windows\system32\igfxext.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    C:\Windows\SysWOW64\RunDll32.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

    C:\Windows\system32\hkcmd.exe

    C:\Windows\system32\igfxpers.exe

    C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

    C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

    C:\Program Files (x86)\uTorrent\uTorrent.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Alexandre\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

    Trusted Zone: bancobrasil.com.br\www

    Trusted Zone: bancobrasil.com.br\www14

    Trusted Zone: bancobrasil.com.br\www2

    Trusted Zone: bb.com.br\www

    TCP: DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{47DD2C18-23A0-4ADD-BE13-422EB36E181A} : DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{F34C9CEE-6FE7-4330-940A-70AA3F2D4E05} : DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{F34C9CEE-6FE7-4330-940A-70AA3F2D4E05}\55E6963616D607D234F6E66696765727163616F6 : DhcpNameServer = 143.106.2.5 143.106.2.131

    TCP: Interfaces\{F34C9CEE-6FE7-4330-940A-70AA3F2D4E05}\E4147414F4 : DhcpNameServer = 10.1.1.1

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

    {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}

    {C41A1C0E-EA6C-11D4-B1B8-444553540000}

    {DBC80044-A445-435b-BC74-9C25C1C588A9}

    mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

    SEH-X64: {E37CB5F0-51F5-4395-A808-5FA49E399F83}: GbPlugin ShlObj

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

    R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]

    R1 SamsungMonitorFirmware;SamsungMonitorFirmware;C:\Windows\system32\drivers\MFWCtwl.sys --> C:\Windows\system32\drivers\MFWCtwl.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 avgwd;Watchdog do AVG;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

    R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2012-8-12 214088]

    R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-28 13336]

    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-28 1262400]

    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

    R3 BTWAMPFL;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

    R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

    R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

    S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    .

    =============== Created Last 30 ================

    .

    2012-08-15 16:36:22 -------- d-----w- C:\Users\Alexandre\AppData\Local\Diagnostics

    2012-08-15 16:32:20 -------- d-----w- C:\Program Files (x86)\SecureW2

    2012-08-15 16:32:15 -------- d-----w- C:\Users\Alexandre\AppData\Local\TempDIR

    2012-08-15 14:41:56 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

    2012-08-15 13:14:20 503808 ----a-w- C:\Windows\System32\srcore.dll

    2012-08-15 13:14:20 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

    2012-08-15 13:14:17 751104 ----a-w- C:\Windows\System32\win32spl.dll

    2012-08-15 13:14:16 67072 ----a-w- C:\Windows\splwow64.exe

    2012-08-15 13:14:16 59392 ----a-w- C:\Windows\System32\browcli.dll

    2012-08-15 13:14:16 559104 ----a-w- C:\Windows\System32\spoolsv.exe

    2012-08-15 13:14:16 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

    2012-08-15 13:14:16 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

    2012-08-15 13:14:16 3148800 ----a-w- C:\Windows\System32\win32k.sys

    2012-08-15 13:14:16 136704 ----a-w- C:\Windows\System32\browser.dll

    2012-08-15 13:14:15 956928 ----a-w- C:\Windows\System32\localspl.dll

    2012-08-13 22:27:26 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\AVG2012

    2012-08-13 22:25:52 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

    2012-08-13 22:25:36 -------- d--h--w- C:\$AVG

    2012-08-13 22:25:36 -------- d-----w- C:\Windows\System32\drivers\AVG

    2012-08-13 22:25:36 -------- d-----w- C:\ProgramData\AVG2012

    2012-08-13 22:25:07 -------- d-----w- C:\Program Files (x86)\AVG

    2012-08-13 22:19:14 -------- d--h--w- C:\ProgramData\Common Files

    2012-08-13 22:19:14 -------- d-----w- C:\ProgramData\MFAData

    2012-08-13 21:11:11 -------- d-----w- C:\Users\Alexandre\AppData\Local\Opera

    2012-08-12 04:35:21 -------- d-sh--w- C:\$RECYCLE.BIN

    2012-08-12 03:32:22 46408 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys

    2012-08-12 03:32:06 -------- d-----w- C:\ProgramData\GbPlugin

    2012-08-12 03:32:06 -------- d-----w- C:\Program Files (x86)\GbPlugin

    2012-08-12 03:16:28 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\Malwarebytes

    2012-08-12 03:16:21 -------- d-----w- C:\ProgramData\Malwarebytes

    2012-08-12 03:16:20 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2012-08-12 03:16:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2012-08-12 03:09:48 -------- d-----w- C:\Program Files\Bitdefender

    2012-08-12 03:08:06 -------- d-----w- C:\Program Files\Common Files\Bitdefender

    2012-08-12 03:07:48 -------- d-----w- C:\Program Files\CCleaner

    2012-08-10 23:49:19 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A46958BC-086A-4300-AA4F-512249E34224}\mpengine.dll

    2012-08-10 00:32:35 -------- d-----w- C:\Program Files (x86)\Oracle

    2012-08-10 00:32:16 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

    2012-08-10 00:32:16 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    2012-08-07 01:06:09 -------- d-----w- C:\Program Files (x86)\Free DVD ISO Burner

    2012-08-01 02:14:42 -------- d-----w- C:\Program Files (x86)\uTorrent

    2012-08-01 02:13:53 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\uTorrent

    2012-07-30 19:55:45 1139200 ----a-w- C:\Windows\System32\FntCache.dll

    2012-07-30 19:55:44 902656 ----a-w- C:\Windows\System32\d2d1.dll

    2012-07-30 19:55:44 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

    2012-07-29 15:29:48 -------- d-----w- C:\Windows\SysWow64\Wat

    2012-07-29 15:29:48 -------- d-----w- C:\Windows\System32\Wat

    2012-07-29 14:56:28 81408 ----a-w- C:\Windows\System32\imagehlp.dll

    2012-07-29 14:56:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

    2012-07-29 14:56:28 5120 ----a-w- C:\Windows\System32\wmi.dll

    2012-07-29 14:56:28 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

    2012-07-29 14:56:28 220672 ----a-w- C:\Windows\System32\wintrust.dll

    2012-07-29 14:56:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

    2012-07-29 14:56:28 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

    2012-07-28 18:47:17 21360 ----a-w- C:\Windows\System32\drivers\MFWCtwl.sys

    2012-07-28 18:47:16 -------- d-----w- C:\Program Files\SamsungFirmwareUpdater

    2012-07-28 18:28:26 -------- d-----w- C:\ProgramData\SAMSUNG

    2012-07-28 18:26:46 13824 ----a-w- C:\Windows\System32\drivers\SABI.sys

    2012-07-28 18:26:40 -------- d-----w- C:\Program Files (x86)\SAMSUNG

    2012-07-28 18:26:25 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

    2012-07-28 18:26:25 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

    2012-07-28 18:26:25 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

    2012-07-28 18:26:25 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

    2012-07-28 18:26:25 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

    2012-07-28 18:26:25 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

    2012-07-28 18:26:25 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

    2012-07-28 17:05:19 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\Foxit Software

    2012-07-28 15:03:39 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\LolClient

    2012-07-28 14:57:49 -------- d-----w- C:\Program Files (x86)\OriginLab

    2012-07-28 14:54:16 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack

    2012-07-28 14:48:59 517960 ----a-w- C:\Windows\System32\XAudio2_5.dll

    2012-07-28 14:41:25 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

    2012-07-28 14:41:19 -------- d-----w- C:\Windows\PCHEALTH

    2012-07-28 14:41:19 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

    2012-07-28 14:40:24 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

    2012-07-28 14:39:56 -------- d-----w- C:\Users\Alexandre\AppData\Local\Microsoft Help

    2012-07-28 14:18:08 -------- d-----w- C:\Windows\SysWow64\directx

    2012-07-28 14:08:02 -------- d-----w- C:\Users\Alexandre\AppData\Local\Google

    2012-07-28 14:07:29 -------- d-----w- C:\Users\Alexandre\AppData\Local\Apps

    2012-07-28 14:07:28 -------- d-----w- C:\Users\Alexandre\AppData\Local\Deployment

    2012-07-28 14:03:20 -------- d-----w- C:\Windows\SysWow64\NV

    2012-07-28 14:03:20 -------- d-----w- C:\Windows\System32\NV

    2012-07-28 14:02:10 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

    2012-07-28 14:02:10 858944 ----a-w- C:\Windows\System32\nv3dappshext.dll

    2012-07-28 14:02:10 63296 ----a-w- C:\Windows\System32\nvshext.dll

    2012-07-28 14:02:10 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

    2012-07-28 14:02:10 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll

    2012-07-28 14:02:10 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

    2012-07-28 14:02:10 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin

    2012-07-28 14:02:10 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

    2012-07-28 14:02:10 118080 ----a-w- C:\Windows\System32\nvmctray.dll

    2012-07-28 14:02:01 68928 ----a-w- C:\Windows\System32\OpenCL.dll

    2012-07-28 14:02:01 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll

    2012-07-28 13:58:10 -------- d-----w- C:\Program Files\Common Files\Intel

    2012-07-28 13:58:10 -------- d-----w- C:\Program Files (x86)\Common Files\Intel

    2012-07-28 13:55:58 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\Zbshareware Lab

    2012-07-28 13:55:58 -------- d-----w- C:\ProgramData\Zbshareware Lab

    2012-07-28 13:55:56 -------- d-----w- C:\Program Files (x86)\USB Disk Security

    2012-07-28 13:53:36 -------- d-----r- C:\Program Files (x86)\Skype

    2012-07-28 13:45:24 -------- d-----w- C:\Program Files (x86)\Lavalys

    2012-07-28 13:44:35 -------- d-----w- C:\Program Files (x86)\Foxit Software

    2012-07-28 13:37:05 -------- d-----w- C:\Users\Alexandre\AppData\Roaming\Intel Corporation

    2012-07-28 13:34:37 439320 ----a-w- C:\Windows\System32\drivers\iaStor.sys

    2012-07-28 13:33:26 -------- d-----w- C:\Users\Alexandre\AppData\Local\Broadcom

    2012-07-28 13:33:00 349736 ----a-w- C:\Windows\System32\drivers\btwampfl.sys

    2012-07-28 13:31:48 22056 ----a-w- C:\Windows\System32\btwcoins.dll

    2012-07-28 13:31:46 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys

    2012-07-28 13:31:46 21416 ----a-w- C:\Windows\System32\drivers\btwrchid.sys

    2012-07-28 13:31:46 138280 ----a-w- C:\Windows\System32\drivers\btwavdt.sys

    2012-07-28 13:31:46 107560 ----a-w- C:\Windows\System32\drivers\btwaudio.sys

    2012-07-28 13:30:27 -------- d-----w- C:\Program Files\WIDCOMM

    2012-07-28 13:29:16 -------- d-----w- C:\Program Files (x86)\Renesas Electronics

    2012-07-28 13:24:43 -------- d-----w- C:\Program Files\Elantech

    2012-07-28 13:23:10 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

    2012-07-28 13:19:27 -------- d-----w- C:\Intel

    2012-07-28 13:18:52 207656 ----a-w- C:\Windows\System32\drivers\ETD.sys

    2012-07-28 09:09:53 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

    2012-07-28 08:47:51 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

    2012-07-28 08:46:58 43520 ----a-w- C:\Windows\System32\csrsrv.dll

    2012-07-28 08:46:55 515584 ----a-w- C:\Windows\System32\timedate.cpl

    2012-07-28 08:46:55 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

    2012-07-28 08:46:52 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

    2012-07-28 08:46:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

    2012-07-28 08:46:11 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

    2012-07-28 08:46:11 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

    2012-07-28 08:45:58 1395712 ----a-w- C:\Windows\System32\mfc42.dll

    2012-07-28 08:45:58 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

    2012-07-28 08:45:58 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

    2012-07-28 08:45:58 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

    2012-07-28 08:43:43 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

    2012-07-28 08:43:43 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

    2012-07-28 08:43:43 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

    2012-07-28 08:41:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

    2012-07-28 08:41:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

    2012-07-28 08:41:57 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

    2012-07-28 08:36:47 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

    2012-07-28 08:36:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

    2012-07-28 08:36:44 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

    2012-07-28 08:36:44 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

    2012-07-28 08:36:44 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

    2012-07-28 08:36:19 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

    2012-07-28 08:36:19 613888 ----a-w- C:\Windows\System32\psisdecd.dll

    2012-07-28 08:36:19 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

    2012-07-28 08:36:19 108032 ----a-w- C:\Windows\System32\psisrndr.ax

    2012-07-28 08:31:12 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

    2012-07-28 08:31:05 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

    2012-07-28 08:31:00 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

    2012-07-28 08:29:26 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

    2012-07-28 08:29:26 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

    2012-07-28 08:29:26 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

    2012-07-28 08:29:26 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

    2012-07-28 08:29:26 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

    2012-07-28 08:28:58 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

    2012-07-28 08:28:58 31232 ----a-w- C:\Windows\System32\prevhost.exe

    2012-07-28 08:24:30 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

    2012-07-28 08:24:06 976896 ----a-w- C:\Windows\System32\inetcomm.dll

    2012-07-28 08:24:06 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

    2012-07-28 08:24:01 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

    2012-07-28 08:24:01 634880 ----a-w- C:\Windows\System32\msvcrt.dll

    2012-07-28 08:23:51 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

    2012-07-28 08:23:48 861696 ----a-w- C:\Windows\System32\oleaut32.dll

    2012-07-28 08:23:48 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

    2012-07-28 08:23:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

    2012-07-28 08:23:48 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

    2012-07-28 08:23:41 723456 ----a-w- C:\Windows\System32\EncDec.dll

    2012-07-28 08:23:41 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

    2012-07-28 08:23:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    2012-07-28 08:23:28 2048 ----a-w- C:\Windows\System32\tzres.dll

    2012-07-28 08:23:05 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

    2012-07-28 08:07:46 77312 ----a-w- C:\Windows\System32\packager.dll

    2012-07-28 08:07:46 67072 ----a-w- C:\Windows\SysWow64\packager.dll

    2012-07-28 07:58:18 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

    2012-07-28 07:58:18 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

    2012-07-28 07:58:18 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

    2012-07-28 07:53:57 2622464 ----a-w- C:\Windows\System32\wucltux.dll

    2012-07-28 07:53:52 99840 ----a-w- C:\Windows\System32\wudriver.dll

    2012-07-28 07:53:43 36864 ----a-w- C:\Windows\System32\wuapp.exe

    2012-07-28 07:53:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll

    2012-07-28 07:21:39 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

    2012-07-28 04:57:35 -------- d-----w- C:\Windows\Panther

    2012-07-28 04:57:05 -------- d-----w- C:\Windows\System32\OEM

    2012-07-28 02:55:15 -------- d-----w- C:\Program Files (x86)\Cisco

    2012-07-28 02:54:32 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll

    2012-07-28 02:54:32 60928 ----a-w- C:\Windows\System32\bcmwlrmt.dll

    2012-07-28 02:54:32 4961800 ----a-w- C:\Windows\SysWow64\vcredist_x64.exe

    2012-07-28 02:54:32 459 ----a-w- C:\Windows\SysWow64\vcredist_x64.bat

    2012-07-28 02:54:32 4428288 ----a-w- C:\Windows\System32\bcmttls.dll

    2012-07-28 02:54:32 22592 ----a-w- C:\Windows\System32\drivers\bcm42rly.sys

    2012-07-28 02:54:31 7761408 ----a-w- C:\Windows\System32\BCMWLCPL.CPL

    2012-07-28 02:54:31 73728 ----a-w- C:\Windows\System32\wltrynt.dll

    2012-07-28 02:54:30 4745280 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS

    2012-07-28 02:54:30 3952128 ----a-w- C:\Windows\System32\bcmihvsrv64.dll

    2012-07-28 02:54:30 3617280 ----a-w- C:\Windows\System32\bcmihvui64.dll

    2012-07-28 02:54:30 -------- d-----w- C:\Program Files\Broadcom

    2012-07-28 02:44:27 1014784 ----a-w- C:\Windows\System32\BCMLogon.dll

    2012-07-28 02:44:18 47632 ----a-w- C:\Windows\System32\drivers\npf.sys

    2012-07-28 02:44:16 457 ----a-w- C:\Windows\System32\vcredist_x64.bat

    2012-07-28 02:44:16 3161088 ----a-w- C:\Windows\System32\vcredist_x64.exe

    2012-07-28 02:44:15 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll

    2012-07-28 02:31:00 -------- d-sh--w- C:\Windows\Installer

    2012-07-28 02:28:56 2797056 ----a-w- C:\Windows\System32\athrx.sys

    2012-07-28 02:28:51 -------- d-----w- C:\ProgramData\Atheros

    2012-07-28 02:27:43 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

    2012-07-28 02:27:43 533096 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

    2012-07-28 02:27:43 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

    2012-07-28 02:27:39 -------- d-----w- C:\Program Files (x86)\Realtek

    2012-07-28 02:19:03 -------- d-----w- C:\NVIDIA

    .

    ==================== Find3M ====================

    .

    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-06-06 11:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

    2012-05-31 15:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

    .

    ============= FINISH: 0:31:22,34 ===============

    ATTACH

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 27/07/2012 21:04:28

    System Uptime: 17/08/2012 10:33:53 (38 hours ago)

    .

    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RF511/RF411/RF711

    Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU 1 | 1375/100mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 101 GiB total, 36,058 GiB free.

    D: is FIXED (NTFS) - 809 GiB total, 740,084 GiB free.

    E: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP29: 12/08/2012 01:35:48 - ComboFix created restore point

    RP30: 13/08/2012 19:24:49 - Installed AVG 2012

    RP31: 13/08/2012 19:25:16 - Installed AVG 2012

    RP32: 15/08/2012 11:39:18 - Windows Update

    RP33: 15/08/2012 18:30:45 - Windows Update

    .

    ==== Installed Programs ======================

    .

    µTorrent

    Cisco EAP-FAST Module

    Cisco LEAP Module

    Cisco PEAP Module

    Combined Community Codec Pack 2011-11-11

    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

    Easy Display Manager

    Easy SpeedUp Manager

    EVEREST Ultimate Edition v5.30

    Foxit Reader

    Free DVD ISO Burner version 1.2

    Google Chrome

    Intel® Processor Graphics

    Intel® Rapid Storage Technology

    Java Auto Updater

    Java 7 Update 5

    JavaFX 2.1.1

    Malwarebytes Anti-Malware versão 1.62.0.1300

    Microsoft Office 2010 Service Pack 1 (SP1)

    Microsoft Office Access MUI (Portuguese (Brazil)) 2010

    Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

    Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

    Microsoft Office Professional Plus 2010

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (Portuguese (Brazil)) 2010

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (Portuguese (Brazil)) 2010

    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

    Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

    Microsoft Office Word MUI (Portuguese (Brazil)) 2010

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Movie Color Enhancer

    NVIDIA PhysX

    Opera 12.01

    Origin8

    OriginPro 8

    Realtek Ethernet Controller Driver

    Realtek High Definition Audio Driver

    Renesas Electronics USB 3.0 Host Controller Driver

    Samsung Update Plus

    SamsungFirmwareUpdater

    SecureW2 EAP Suite 1.1.2 for Windows

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553091)

    Security Update for Microsoft Office 2010 (KB2553096)

    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

    Skype™ 5.10

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft Office 2010 (KB2553065)

    Update for Microsoft Office 2010 (KB2553092)

    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2566458)

    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

    USB Disk Security

    Visual Studio 2008 x64 Redistributables

    .

    ==== End Of File ===========================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Aqui esta o log do ComboFix

    ComboFix 12-08-22.03 - Alexandre 24/08/2012 0:02.2.4 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.6056.4506 [GMT -3:00]

    Executando de: c:\users\Alexandre\Desktop\ComboFix.exe

    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Criado um novo ponto de restauração

    .

    ADS - drivers: deleted 208 bytes in 1 streams.

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\Alexandre\AppData\Local\TempDIR

    c:\windows\SysWow64\drivers\ati4irxx.sys

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2012-07-24 to 2012-08-24 ))))))))))))))))))))))))))))

    .

    .

    2012-08-24 03:05 . 2012-08-24 03:05 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-08-15 16:32 . 2012-08-15 16:32 -------- d-----w- c:\program files (x86)\SecureW2

    2012-08-15 14:41 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

    2012-08-15 13:14 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

    2012-08-15 13:14 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

    2012-08-15 13:14 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

    2012-08-15 13:14 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

    2012-08-15 13:14 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

    2012-08-15 13:14 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

    2012-08-15 13:14 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

    2012-08-15 13:14 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

    2012-08-15 13:14 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

    2012-08-15 13:14 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

    2012-08-15 13:14 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

    2012-08-15 13:14 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

    2012-08-13 22:25 . 2012-08-13 22:25 -------- d-----w- c:\windows\SysWow64\drivers\AVG

    2012-08-13 22:25 . 2012-08-23 21:40 -------- d-----w- c:\windows\system32\drivers\AVG

    2012-08-13 22:25 . 2012-08-13 22:35 -------- d-----w- c:\programdata\AVG2012

    2012-08-13 22:25 . 2012-08-13 22:25 -------- d-----w- C:\$AVG

    2012-08-13 22:25 . 2012-08-13 22:25 -------- d-----w- c:\program files (x86)\AVG

    2012-08-13 22:19 . 2012-08-23 21:40 -------- d-----w- c:\programdata\MFAData

    2012-08-13 22:19 . 2012-08-13 22:19 -------- d--h--w- c:\programdata\Common Files

    2012-08-13 21:11 . 2012-08-22 15:29 -------- d-----w- c:\program files (x86)\Opera

    2012-08-12 03:32 . 2012-04-05 12:34 46408 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys

    2012-08-12 03:32 . 2012-08-12 03:32 -------- d-----w- c:\program files (x86)\GbPlugin

    2012-08-12 03:32 . 2012-08-12 03:32 -------- d-----w- c:\programdata\GbPlugin

    2012-08-12 03:16 . 2012-08-12 03:16 -------- d-----w- c:\programdata\Malwarebytes

    2012-08-12 03:16 . 2012-08-12 03:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2012-08-12 03:16 . 2012-07-03 16:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-08-12 03:09 . 2012-08-12 03:09 -------- d-----w- c:\program files\Bitdefender

    2012-08-12 03:08 . 2012-08-12 03:09 -------- d-----w- c:\program files\Common Files\Bitdefender

    2012-08-12 03:07 . 2012-08-12 03:07 -------- d-----w- c:\program files\CCleaner

    2012-08-10 23:49 . 2012-07-16 05:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A46958BC-086A-4300-AA4F-512249E34224}\mpengine.dll

    2012-08-10 00:32 . 2012-08-10 00:32 -------- d-----w- c:\program files (x86)\Common Files\Java

    2012-08-10 00:32 . 2012-08-10 00:32 -------- d-----w- c:\program files (x86)\Oracle

    2012-08-10 00:32 . 2012-07-06 01:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2012-08-10 00:32 . 2012-07-06 01:06 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2012-08-10 00:32 . 2012-08-10 00:32 -------- d-----w- c:\program files (x86)\Java

    2012-08-07 01:06 . 2012-08-07 01:06 -------- d-----w- c:\program files (x86)\Free DVD ISO Burner

    2012-08-01 02:14 . 2012-08-01 02:14 -------- d-----w- c:\program files (x86)\uTorrent

    2012-07-30 19:55 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

    2012-07-30 19:55 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

    2012-07-30 19:55 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

    2012-07-30 19:50 . 2012-08-15 14:39 62134624 ----a-w- c:\windows\system32\MRT.exe

    2012-07-29 15:29 . 2012-07-29 15:29 -------- d-----w- c:\windows\SysWow64\Wat

    2012-07-29 15:29 . 2012-07-29 15:29 -------- d-----w- c:\windows\system32\Wat

    2012-07-29 14:57 . 2012-07-29 14:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

    2012-07-29 14:56 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

    2012-07-29 14:56 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

    2012-07-29 14:56 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

    2012-07-29 14:56 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

    2012-07-29 14:56 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

    2012-07-29 14:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

    2012-07-29 14:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

    2012-07-28 18:47 . 2011-12-26 17:16 21360 ----a-w- c:\windows\system32\drivers\MFWCtwl.sys

    2012-07-28 18:47 . 2012-07-28 18:47 -------- d-----w- c:\program files\SamsungFirmwareUpdater

    2012-07-28 18:28 . 2012-07-28 18:28 -------- d-----w- c:\programdata\SAMSUNG

    2012-07-28 18:26 . 2009-05-28 18:38 13824 ----a-w- c:\windows\system32\drivers\SABI.sys

    2012-07-28 18:26 . 2012-07-28 18:29 -------- d-----w- c:\program files (x86)\SAMSUNG

    2012-07-28 14:57 . 2012-07-28 14:57 -------- d-----w- c:\program files (x86)\OriginLab

    2012-07-28 14:54 . 2012-07-28 14:54 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack

    2012-07-28 14:48 . 2009-09-04 20:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll

    2012-07-28 14:47 . 2005-02-05 22:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll

    2012-07-28 14:41 . 2012-07-28 14:41 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

    2012-07-28 14:41 . 2012-07-30 19:44 -------- d-----w- c:\program files (x86)\Microsoft.NET

    2012-07-28 14:41 . 2012-07-28 14:41 -------- d-----w- c:\windows\PCHEALTH

    2012-07-28 14:41 . 2012-07-28 14:41 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

    2012-07-28 14:40 . 2012-07-28 14:40 -------- d-----w- c:\program files\Microsoft Office

    2012-07-28 14:40 . 2012-07-28 14:40 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

    2012-07-28 14:39 . 2012-08-15 14:41 -------- d-----w- c:\programdata\Microsoft Help

    2012-07-28 14:39 . 2012-07-28 14:39 -------- d-----r- C:\MSOCache

    2012-07-28 14:03 . 2012-07-28 18:48 -------- d-----w- c:\windows\SysWow64\NV

    2012-07-28 14:03 . 2012-07-28 18:48 -------- d-----w- c:\windows\system32\NV

    2012-07-28 14:01 . 2012-07-28 14:01 -------- d-----w- c:\programdata\NVIDIA Corporation

    2012-07-28 13:58 . 2012-07-28 13:58 -------- d-----w- c:\program files\Common Files\Intel

    2012-07-28 13:58 . 2012-07-28 13:58 -------- d-----w- c:\program files (x86)\Common Files\Intel

    2012-07-28 13:55 . 2012-07-28 13:55 -------- d-----w- c:\programdata\Zbshareware Lab

    2012-07-28 13:55 . 2012-07-28 13:57 -------- d-----w- c:\program files (x86)\USB Disk Security

    2012-07-28 13:53 . 2012-07-28 13:53 -------- d-----w- c:\program files (x86)\Common Files\Skype

    2012-07-28 13:53 . 2012-07-28 13:53 -------- d-----r- c:\program files (x86)\Skype

    2012-07-28 13:53 . 2012-07-30 19:53 -------- d-----w- c:\programdata\Skype

    2012-07-28 13:45 . 2012-07-28 13:45 -------- d-----w- c:\program files (x86)\Lavalys

    2012-07-28 13:44 . 2012-07-28 13:44 -------- d-----w- c:\program files (x86)\Foxit Software

    2012-07-28 13:34 . 2011-02-18 11:11 439320 ----a-w- c:\windows\system32\drivers\iaStor.sys

    2012-07-28 13:33 . 2011-08-25 17:18 349736 ----a-w- c:\windows\system32\drivers\btwampfl.sys

    2012-07-28 13:31 . 2011-08-25 17:18 22056 ----a-w- c:\windows\system32\btwcoins.dll

    2012-07-28 13:31 . 2011-08-25 17:18 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys

    2012-07-28 13:31 . 2011-08-25 17:18 21416 ----a-w- c:\windows\system32\drivers\btwrchid.sys

    2012-07-28 13:31 . 2011-08-25 17:18 138280 ----a-w- c:\windows\system32\drivers\btwavdt.sys

    2012-07-28 13:31 . 2011-08-25 17:18 107560 ----a-w- c:\windows\system32\drivers\btwaudio.sys

    2012-07-28 13:30 . 2012-07-28 13:30 -------- d-----w- c:\program files\WIDCOMM

    2012-07-28 13:29 . 2012-07-28 13:29 -------- d-----w- c:\program files (x86)\Renesas Electronics

    2012-07-28 13:24 . 2012-07-28 13:24 -------- d-----w- c:\program files\Elantech

    2012-07-28 13:23 . 2012-07-28 13:58 -------- d-----w- c:\program files (x86)\Intel

    2012-07-28 13:23 . 2010-12-15 19:10 53248 ----a-w- c:\windows\SysWow64\CSVer.dll

    2012-07-28 13:19 . 2012-07-28 13:57 -------- d-----w- C:\Intel

    2012-07-28 13:18 . 2011-12-27 19:41 207656 ----a-w- c:\windows\system32\drivers\ETD.sys

    2012-07-28 09:09 . 2012-07-28 09:09 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

    2012-07-28 08:47 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

    2012-07-28 08:46 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

    2012-07-28 08:46 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

    2012-07-28 08:46 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

    2012-07-28 08:46 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

    2012-07-28 08:46 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

    2012-07-28 08:46 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll

    2012-07-28 08:46 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll

    2012-07-28 08:45 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll

    2012-07-28 08:45 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll

    2012-07-28 08:45 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

    2012-07-28 08:45 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

    2012-07-28 08:45 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll

    2012-07-28 08:43 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

    2012-07-28 08:43 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

    2012-07-28 08:43 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

    2012-07-28 08:41 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-07-28 08:41 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2012-07-28 08:41 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    2012-07-28 08:36 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll

    2012-07-28 08:36 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

    2012-07-28 08:36 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys

    2012-07-28 08:36 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

    2012-07-28 08:36 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

    2012-07-28 08:36 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

    2012-07-28 08:36 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

    2012-07-28 08:36 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-06-06 11:49 . 2012-06-06 11:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

    2012-05-31 15:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

    "Facebook Update"="c:\users\Alexandre\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-23 138096]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-8-25 1132320]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2012-05-09 12:01 1313864 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux1"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

    .

    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-29 1255736]

    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]

    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]

    S1 SamsungMonitorFirmware;SamsungMonitorFirmware;c:\windows\system32\drivers\MFWCtwl.sys [2011-12-26 21360]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    S2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-05-09 214088]

    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]

    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

    S3 BTWAMPFL;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-08-25 349736]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-25 39464]

    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-12-27 207656]

    S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-22 317440]

    S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-02 80384]

    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-02 181248]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

    .

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2012-08-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-266488780-266011081-1359855488-1000Core.job

    - c:\users\Alexandre\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 22:57]

    .

    2012-08-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-266488780-266011081-1359855488-1000UA.job

    - c:\users\Alexandre\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 22:57]

    .

    2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266488780-266011081-1359855488-1000Core.job

    - c:\users\Alexandre\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-28 14:08]

    .

    2012-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266488780-266011081-1359855488-1000UA.job

    - c:\users\Alexandre\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-28 14:08]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-24 11895400]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll

    .

    ------- Scan Suplementar -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    Trusted Zone: bancobrasil.com.br\www

    Trusted Zone: bancobrasil.com.br\www14

    Trusted Zone: bancobrasil.com.br\www2

    Trusted Zone: bb.com.br\www

    TCP: DhcpNameServer = 192.168.1.1

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

    .

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    "Key"="ActionsPane3"

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Tempo para conclusão: 2012-08-24 00:06:38

    ComboFix-quarantined-files.txt 2012-08-24 03:06

    ComboFix2.txt 2012-08-12 04:31

    .

    Pré-execução: 66.955.755.520 bytes disponíveis

    Pós execução: 67.653.648.384 bytes disponíveis

    .

    - - End Of File - - 16A3AE528210CD9F8555DC656034D84E

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Abra o bloco de notas e copie (CTRL + C) e cole (CTRL + V) o seguinte texto entre QUOTE:


    reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" > C:\look.txt
    notepad C:\look.txt

    Salve o arquivo como FixServices.bat

    Escolha salvar colocando como tipo de arquivo: Todos os Arquivos.

    1. Ficará um ícone como este 4qhg48p.jpg.
    2. Dê um duplo clique em FixServices.bat.
    3. Espere o bat terminar de executar. Ao terminar a execução, aparecerá um arquivo de texto, copie-o e cole-o e sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×