SpyWare BeWare! ASAP
April 23, 2017, 10:35:25 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1] 2 3 4   Go Down
  Print  
Author Topic: Problems in bank site  (Read 4349 times)
0 Members and 1 Guest are viewing this topic.
dudu0987
Newbie
*
Offline Offline

Date Registered:September 12, 2011, 01:49:02 PM
Posts: 26


« on: March 27, 2013, 01:00:03 PM »

Yesterday morning i've tried to access my bank site, www.bb.com.br , and it has occurred some estrange behavior. The site have asked the more than one password. It is unusual.

So I executed, in this order, onlty the create logs, without removing anything:

- Malwarbytes Anti-Malware (http://software-files-a.cnet.com/s/software/12/89/74/68/mbam-setup-1.70.0.1100.exe?lop=link&ptype=3001&ontid=8022&siteId=4&edId=3&spi=d18a756f06e874590793041521bd2eba&pid=12897468&psid=10804572&token=1364342629_4e7ca0e46ea4da35ddc1413a7f9b5341&fileName=mbam-setup-1.70.0.1100.exe);

- adwcleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner);

- kaspersky (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/avptool11/setup_11.0.0.1245.x01_2013_03_26_16_36.exe).

None of the logs showed malwares, but according to the bank costumer attendance the site behavior is unusual.

The computer is a notebook running windows 7 and is for personal use.

Following the add logs:

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521  BrowserJavaVersion: 10.17.2
Run by WGSA II at 13:51:33 on 2013-03-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.3943.1636 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Battery Power\BatteryManagerService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
C:\Program Files (x86)\Scpad\scpVista.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\alg.exe
C:\Program Files\Motorola\Bluetooth\audiosrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Audio Power\AudioPower.exe
C:\Windows\System32\aetcrss1.exe
C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Positivo Informática\Recovery\Recovery2.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\WGSA II\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Users\WGSA II\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Battery Power\BatteryPower.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Smart Backup\PositivoSmartBackup.exe
C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:tabs
uWindow Title = Windows Internet Explorer fornecido por Yahoo!
uDefault_Page_URL = hxxp://br.yahoo.com/?fr=fp-yie9
uURLSearchHooks: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ssh2 Class: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
uRun: [Google Update] "C:\Users\WGSA II\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\WGSA II\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [HW_OPENEYE_OUC_Claro] "C:\Program Files (x86)\Claro\UpdateDog\ouc.exe"
uRun: [06488AD9E33626B1547CAFBC6F7F7BA0D7C92698._service_run] "C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\WGSAII~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RECORT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASSIST~1.LNK - C:\Program Files\Positivo Informática\Recovery\Recovery2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://www.tjms.jus.br/sajcas/login
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 189.7.72.38 189.7.72.33
TCP: Interfaces\{6ED5B07F-DC4E-4B50-844B-479852812ED3} : DHCPNameServer = 189.7.72.38 189.7.72.33
TCP: Interfaces\{6ED5B07F-DC4E-4B50-844B-479852812ED3}\3547162747E45647 : DHCPNameServer = 168.95.1.1
TCP: Interfaces\{6ED5B07F-DC4E-4B50-844B-479852812ED3}\3556D6026496F6 : DHCPNameServer = 201.10.128.3 192.168.0.1
TCP: Interfaces\{6ED5B07F-DC4E-4B50-844B-479852812ED3}\746545 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6ED5B07F-DC4E-4B50-844B-479852812ED3}\77763716 : DHCPNameServer = 10.1.1.1 192.168.0.1
TCP: Interfaces\{6ED5B07F-DC4E-4B50-844B-479852812ED3}\C696E6B6379737F5355435F54373636333 : DHCPNameServer = 201.17.0.65 201.17.0.55 201.17.0.45
TCP: Interfaces\{6ED5B07F-DC4E-4B50-844B-479852812ED3}\C696E6B6379737F5355435F5834313 : DHCPNameServer = 201.17.0.77 201.17.0.117
TCP: Interfaces\{88DEFDA3-DA66-476F-959C-EE4E765A4F18} : DHCPNameServer = 10.1.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
Notify: ScCertProp - <no file>
SSODL: WebCheck - <orphaned>
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [StartUpManagerPositivo] C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
x64-Run: [AudioPower] C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Audio Power\AudioPower.exe -startup
x64-Run: [CertificateRegistration] aetcrss1.exe
x64-Run: [SACMonitor] "C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe"
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: ScCertProp - <no file>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 88.80.13.240   www2.bancobrasil.com.br
Hosts: 88.80.13.241   aapj.bb.com.br
Hosts: 88.80.13.242   www2.infoseg.gov.br
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\WGSA II\AppData\Roaming\Mozilla\Firefox\Profiles\kv6pfm87.default\
FF - prefs.js: browser.startup.homepage - about:newtab
FF - prefs.js: keyword.URL - hxxp://www.google.com.br/search?hl=pt-BR&source=hp&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MIE\AlternaTIFF\npzzatif.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\WGSA II\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\WGSA II\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-12-21 27800]
R2 AntiVirSchedulerService;Avira Agendamento;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-21 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-21 110816]
R2 AppManagerService;Serviço do Mundo Positivo;C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [2012-10-25 64592]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-12-21 99912]
R2 BatteryManagerSrv;Battery Manager Service;C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Battery Power\BatteryManagerService.exe [2011-5-14 43008]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2011-5-14 679176]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2012-11-1 280168]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-14 13336]
R2 LiveGpdKBFilter;LiveGpdKBFilter;C:\Windows\System32\drivers\LiveGpdKBFilter.sys [2011-5-14 11168]
R2 LiveIO;LiveIO;C:\Windows\System32\drivers\LiveIO.sys [2011-5-14 14240]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-26 398184]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-1-9 1324104]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-1-9 795208]
R2 SACSrv;SACSrv;C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [2011-10-2 10712]
R2 scpVista;scpVista;C:\Program Files (x86)\Scpad\scpVista.exe [2012-4-12 368560]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2006-12-8 11576]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-14 2655768]
R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2011-5-14 4150864]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2011-5-14 1188616]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-5-14 1028096]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-6-11 85504]
R3 iKeyEnum;Rainbow iKey Enumerator;C:\Windows\System32\drivers\IKEYENUM.SYS [2010-7-8 16160]
R3 iKeyIFD;Rainbow iKey Virtual Reader;C:\Windows\System32\drivers\IKEYIFD.SYS [2010-7-8 22304]
R3 IntcDAud;Áudio do vídeo Intel(R);C:\Windows\System32\drivers\IntcDAud.sys [2011-4-11 317440]
R3 Livekbc;Livekbc;C:\Windows\System32\drivers\Livekbc.sys [2011-5-14 11680]
R3 Livemouclass;Livemouclass;C:\Windows\System32\drivers\Livemouclass.sys [2011-5-14 11168]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-26 24176]
R3 PositivoAudioDriverWdm;Positivo Audio Driver (WDM);C:\Windows\System32\drivers\pad.sys [2011-5-14 69520]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-5-14 1103464]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-26 682344]
S3 btmaudio;Motorola Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-5-14 43008]
S3 BTMCOM;Bluetooth Serial Port;C:\Windows\System32\drivers\btmcom.sys [2011-5-14 52736]
S3 BTMHID;BTMHID;C:\Windows\System32\drivers\btmhid.sys [2011-5-14 34176]
S3 BTMNET;Motorola Bluetooth Network Adapter Service;C:\Windows\System32\drivers\btmnet.sys [2011-5-14 30208]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\System32\drivers\btmusb.sys [2011-5-14 484224]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-6-11 117248]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-18 37344]
S3 GemCCID;GemCCID;C:\Windows\System32\drivers\GemCCID.sys [2009-8-10 119680]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-6-11 93696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456]
S3 RnbToken;Rainbow iKey Token Service;C:\Windows\System32\drivers\RNBTOKEN.SYS [2010-7-8 24352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-9 225280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-14 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-27 13:40:40   --------   d-----w-   C:\LinhaDefensiva
2013-03-27 12:21:15   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{E150BABC-057E-41E6-A7AF-24E84598B19A}
2013-03-26 21:43:33   --------   d-----w-   C:\MGADiagToolOutput
2013-03-26 17:49:03   76232   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE2B3CDD-EB52-4AB1-931E-24E762C944C2}\offreg.dll
2013-03-26 16:16:32   9311288   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE2B3CDD-EB52-4AB1-931E-24E762C944C2}\mpengine.dll
2013-03-26 14:05:25   24176   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-03-26 14:05:25   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-26 13:50:54   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{B270E8CA-C208-47D6-804E-7AEADB9D21FD}
2013-03-25 13:43:24   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{997F3A9A-F975-4D38-89EE-515C7198FEC5}
2013-03-24 13:42:13   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{5E34196D-EDE7-499D-B376-1A8582FF9218}
2013-03-22 13:39:44   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{F8FCE11C-9A75-4B60-9150-DF1E718D6BA8}
2013-03-22 01:38:56   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{BCDE06D5-034B-45F2-AA60-1FCF6AB7D2ED}
2013-03-21 13:37:43   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{FDC3A59F-8AA5-4767-8C4C-35FA67B4199B}
2013-03-20 21:45:50   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{9CC2BB0E-0010-4EF4-91F8-8D633B5AC984}
2013-03-19 13:22:48   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{C1FFB745-D018-403D-804A-36ED0CC8003F}
2013-03-19 01:22:00   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{4747FAAB-4BE7-46BB-8DBF-5F6066C16C0C}
2013-03-18 13:21:56   19968   ----a-w-   C:\Windows\System32\drivers\usb8023.sys
2013-03-18 13:19:18   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{6CDCDF74-52BF-46DD-A663-595A2EC24497}
2013-03-17 19:35:38   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{885AF277-8037-40E6-A934-E8E5D3B9CEAC}
2013-03-17 01:07:45   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{EC8903CE-3498-4D82-A6A1-98D842130865}
2013-03-16 01:06:22   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{652F9F64-6147-44D8-B059-69BD7717E459}
2013-03-14 13:04:31   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{DD546CC8-3FEC-4752-BA57-F2602A9B9CB2}
2013-03-13 20:24:48   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{AFC05ACD-407C-4386-9C6E-E0B4DE2F8616}
2013-03-13 13:41:48   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{89975A14-909C-4235-A0A4-A76B66A70CC7}
2013-03-12 13:40:27   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{C6D37B57-5290-4AF7-B69F-248A0328E544}
2013-03-11 13:38:57   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{A008ADA4-E37C-4E26-8D8F-6EEF73821DA1}
2013-03-08 15:04:27   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{56E17830-3D40-4ACE-B2BB-E3736E07A1F3}
2013-03-07 15:03:07   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{21DF49BE-CC2D-4067-985A-2C747CA00A91}
2013-03-07 13:15:11   95648   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 03:02:20   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{7441C65F-E067-4C41-AA08-D08ADC073C55}
2013-03-06 15:01:57   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{6E0EDBF7-22EE-438F-A22E-6F99CEB13690}
2013-03-06 03:01:01   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{F8BC7B60-7D50-4FE7-8269-F159FD598F93}
2013-03-05 13:16:24   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{1FAD1C9C-4658-4BC0-9DDE-1BFFC3FDDE90}
2013-03-04 13:15:00   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{B30B3AE3-5374-4AC4-806A-94B257CC9DC8}
2013-03-02 20:56:09   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{4F6303CE-5E72-4B5B-AC9D-9C14B2C15B1D}
2013-03-01 15:17:05   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{2C436C9E-9DEA-4D13-A4C5-482DC4901076}
2013-02-28 14:03:23   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{0C9E3D06-5640-4FF2-9A00-56B5C99B1FCF}
2013-02-27 13:07:31   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{DA615C3D-7765-4836-904F-695CF87A2A02}
2013-02-26 13:03:04   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{2B95A7F1-F413-47E0-92CC-0FA1AFC1D095}
2013-02-26 01:02:28   --------   d-----w-   C:\Users\WGSA II\AppData\Local\{DFB0B8BF-F6DA-4485-B865-CBA26BB65A99}
.
==================== Find3M  ====================
.
2013-03-13 14:10:06   73432   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 14:10:06   693976   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-07 13:15:07   861088   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2013-03-07 13:15:07   782240   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2013-02-12 05:45:24   135168   ----a-w-   C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22   350208   ----a-w-   C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22   308736   ----a-w-   C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22   111104   ----a-w-   C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31   474112   ----a-w-   C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26   2176512   ----a-w-   C:\Windows\apppatch\AcGenral.dll
2013-02-06 11:42:10   203544   ----a-w-   C:\Windows\System32\drivers\ssudmdm.sys
2013-02-06 11:42:08   102936   ----a-w-   C:\Windows\System32\drivers\ssudbus.sys
2013-02-05 08:54:40   37344   ----a-w-   C:\Windows\SysWow64\FsUsbExDisk.Sys
2013-02-05 08:54:40   233472   ----a-w-   C:\Windows\SysWow64\FsUsbExService.Exe
2013-01-17 05:28:58   273840   ------w-   C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03   9728   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02   2560   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42   10752   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21   4096   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08   5632   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07   5632   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31   9728   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31   2560   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18   10752   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07   3584   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48   4096   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41   5632   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40   5632   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40   3072   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40   3072   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00   1247744   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22   1988096   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31   293376   ----a-w-   C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00   249856   ----a-w-   C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43   220160   ----a-w-   C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35   1504768   ----a-w-   C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04   1643520   ----a-w-   C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28   1175552   ----a-w-   C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01   604160   ----a-w-   C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58   207872   ----a-w-   C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14   187392   ----a-w-   C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30   2565120   ----a-w-   C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17   363008   ----a-w-   C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47   161792   ----a-w-   C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25   1080832   ----a-w-   C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39   333312   ----a-w-   C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32   1887232   ----a-w-   C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21   296960   ----a-w-   C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57   3419136   ----a-w-   C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04   245248   ----a-w-   C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33   648192   ----a-w-   C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30   221184   ----a-w-   C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42   194560   ----a-w-   C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04   1238528   ----a-w-   C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36   3928064   ----a-w-   C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06   417792   ----a-w-   C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58   364544   ----a-w-   C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43   465920   ----a-w-   C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52   522752   ----a-w-   C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42   1158144   ----a-w-   C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09   1682432   ----a-w-   C:\Windows\System32\XpsPrint.dll
2013-01-11 14:39:42   103936   ----a-w-   C:\Windows\System32\pdfcmon.dll
2013-01-05 05:53:43   5553512   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15   3967848   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11   3913064   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21   2284544   ----a-w-   C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13   2776576   ----a-w-   C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48   3153408   ----a-w-   C:\Windows\System32\win32k.sys
2013-01-04 02:47:35   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54   1913192   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42   288088   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 13:51:42,54 ===============
_________________________________________________________________________________________________________________________________

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 14/06/2011 18:49:02
System Uptime: 27/03/2013 09:16:22 (4 hours ago)
.
Motherboard: POSITIVO |  | MB40II5
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 689 GiB total, 531,815 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6) - Português
Assistente de Instalação Certisign
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
Avira Free Antivirus
Bing Bar
BitTorrent
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CNPJ (PGD) - versão 3.1
Controle ActiveX do Windows Live Mesh para Conexões Remotas
CutePDF Writer 2.8
D3DX10
Facebook Video Calling 1.2.0.287
Gerenciador de Inicialização Positivo
Google Chrome
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Internet Explorer (Enable DEP)
IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
Java 7 Update 17
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
K-Lite Mega Codec Pack 7.5.0
LIVE! Control Center 1.11(X64)
LIVE! OSD 1.35
Malwarebytes Anti-Malware versão 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft CAPICOM 2.1.0.2 SDK
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Motorola Bluetooth
Mozilla Firefox 19.0.2 (x86 pt-BR)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mundo Positivo
Mural dos Amigos
Mural Positivo
MyFreeCodec
OpenSC (64bit)
OptimizerPro1
PC-CCID
PDF Architect
PDFCreator
Positivo Audio Power
Positivo Battery Power
Positivo My Webcam
Positivo News
Positivo NIS 2011 License Activator
Positivo Smart Backup
PrintFolder 1.3
Readiris Pro 10
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Driver
Receitanet
SafeNet Authentication Client 8.1 SP1
SafeSign 64-bits
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SaveByclick
Screensaver 300C
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SmarThru 4
Software de Cadastro Positivo 6.0
Synaptics Pointing Device Driver
TeamViewer 7
Tutorial 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
Visualizador
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.01 (64-bit)
Yahoo! Software Update
.
==== End Of File ===========================
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #1 on: March 27, 2013, 01:38:37 PM »

Hello and welcome to the SWBW forums.

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • If you don't know or understand something, please don't hesitate to ask.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.
.

IMPORTANT: Please take time to read this topic where the Forum Guidelines are explained.

NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================


If I could point you in the direction of the Please Start HERE topic, which states under Please Note!

Quote
1.  Before proceeding, please uninstall the following via Add or Remove Programs in Control Panel:

File sharing programs such as uTorrent, Bittorrent, LimeWire, Morpheus, Azureus, Kazaa are a major conduit for malware and a likely source of your current issues. In order to receive assistance, it is requested that you uninstall any such programs prior to cleanup and to prevent reinfection.
Please uninstall BitTorrent

Quote
2. This site does not support the use of "cracked" programs.  If your helper detects the presence of pirated/cracked software on your computer, your topic will be closed.
Please uninstall Microsoft Office Enterprise 2007  

Quote
3. If you are having problems with a business machine, please consult your IT Department or System Administrator. We cannot undertake the liability of a business-owned asset. You are advised to consult your employer's "Acceptable Usage Policy" to ensure that you are not in breach of Company rules by attempting to fix a business asset. If you ask for help and, unknown to us, it involves a Business or Corporate owned computer, you need to understand that any damages resulting from our advice are YOUR RESPONSIBILITY.
Please confirm this is a personal computer, owned by yourself.  


Uninstall Programs

  • Go to start > control panel > Programs > programs and features.
  • Right click on each instance of:
Quote
BitTorrent
Microsoft Office Enterprise 2007

  • Click Uninstall & then follow the prompts to remove it.
.


OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
Logged

dudu0987
Newbie
*
Offline Offline

Date Registered:September 12, 2011, 01:49:02 PM
Posts: 26


« Reply #2 on: March 27, 2013, 05:31:41 PM »

the logs are following:

OTL logfile created on: 27/03/2013 15:21:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\WGSA II\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,85 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 49,04% Memory free
7,70 Gb Paging File | 5,25 Gb Available in Paging File | 68,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688,87 Gb Total Space | 531,81 Gb Free Space | 77,20% Space Free | Partition Type: NTFS
 
Computer Name: WGSAII-PC | User Name: WGSA II | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/27 15:18:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WGSA II\Desktop\OTL.exe
PRC - [2013/02/19 09:07:20 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\WGSA II\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/02/13 14:58:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/02/13 14:56:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/02/13 14:56:54 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/02/13 06:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/02/13 06:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/01/09 16:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2013/01/09 16:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/09 12:30:12 | 000,280,168 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2012/10/03 15:18:10 | 000,064,592 | ---- | M] (Positivo Informática S.A.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
PRC - [2012/09/10 08:31:46 | 000,209,920 | ---- | M] () -- C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe
PRC - [2012/07/16 10:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 10:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/04/12 11:39:47 | 000,368,560 | ---- | M] (Banco Bradesco S.A.) -- C:\Program Files (x86)\Scpad\scpVista.exe
PRC - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/20 13:07:02 | 000,866,304 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Audio Power\AudioPower.exe
PRC - [2011/03/16 13:39:58 | 000,413,184 | ---- | M] (Positivo Informática S.A) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Battery Power\BatteryPower.exe
PRC - [2011/03/16 13:39:54 | 000,043,008 | ---- | M] (Positivo Informática S.A) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Battery Power\BatteryManagerService.exe
PRC - [2010/11/30 18:31:04 | 001,367,816 | ---- | M] (Motorola, Inc.) -- C:\Arquivos de Programas\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/11/16 09:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/05 20:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 20:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/10 20:22:06 | 000,459,728 | ---- | M] () -- C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
MOD - [2013/03/10 20:22:05 | 012,662,224 | ---- | M] () -- C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/10 20:22:04 | 004,050,896 | ---- | M] () -- C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 20:21:18 | 000,596,944 | ---- | M] () -- C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 20:21:18 | 000,124,368 | ---- | M] () -- C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 20:21:16 | 001,552,848 | ---- | M] () -- C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/02/14 19:34:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/10 02:44:07 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/10 02:43:27 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 02:43:26 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
MOD - [2013/01/10 02:43:26 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll
MOD - [2013/01/10 02:34:24 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 02:34:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 02:34:03 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 02:33:52 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\2f32b665b25e874e0222f7be18b0161f\PresentationCFFRasterizer.ni.dll
MOD - [2013/01/10 02:33:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 02:33:42 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 02:33:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 02:33:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 02:33:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 02:33:26 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 02:33:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/04/20 13:07:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Audio Power\LibSoundManager.dll
MOD - [2011/04/20 10:07:36 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Audio Power\CustomWindow.dll
MOD - [2011/03/17 15:55:36 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo My Webcam\VCam.ax
MOD - [2010/11/21 05:37:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/12 19:35:07 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/24 12:44:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/13 10:10:06 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/13 14:58:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/13 14:56:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/01/09 16:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013/01/09 16:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/09 12:30:12 | 000,280,168 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2012/10/03 15:18:10 | 000,064,592 | ---- | M] (Positivo Informática S.A.) [Auto | Running] -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe -- (AppManagerService)
SRV - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/04/12 11:39:47 | 000,368,560 | ---- | M] (Banco Bradesco S.A.) [Auto | Running] -- C:\Program Files (x86)\Scpad\scpVista.exe -- (scpVista)
SRV - [2011/10/21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/02 21:18:06 | 000,010,712 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Arquivos de Programas\SafeNet\Authentication\SAC\x64\SACSrv.exe -- (SACSrv)
SRV - [2011/05/14 14:28:30 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Arquivos de Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011/05/14 14:28:29 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/03/16 13:39:54 | 000,043,008 | ---- | M] (Positivo Informática S.A) [Auto | Running] -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Battery Power\BatteryManagerService.exe -- (BatteryManagerSrv)
SRV - [2010/11/30 18:31:12 | 000,679,176 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/11/30 18:31:10 | 004,150,864 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Arquivos de Programas\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2010/11/30 18:31:08 | 001,188,616 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Arquivos de Programas\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2010/11/16 09:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/05 20:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 20:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/02/06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/02/06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/07 07:42:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/12/07 07:42:41 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/12/07 07:42:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/24 13:35:26 | 000,069,520 | ---- | M] (Positivo Informática S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pad.sys -- (PositivoAudioDriverWdm)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/30 18:31:52 | 000,484,224 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/11/30 18:31:50 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/11/30 18:31:50 | 000,043,008 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2010/11/30 18:31:50 | 000,034,176 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhid.sys -- (BTMHID)
DRV:64bit: - [2010/11/30 18:31:50 | 000,030,208 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmnet.sys -- (BTMNET)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/04 17:52:46 | 000,093,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2010/11/02 15:48:38 | 001,103,464 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 23:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/14 18:26:48 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/10/09 14:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/08/07 17:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/07/27 09:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/07/08 14:52:44 | 000,024,352 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RNBTOKEN.SYS -- (RnbToken)
DRV:64bit: - [2010/07/08 14:52:44 | 000,022,304 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IKEYIFD.SYS -- (iKeyIFD)
DRV:64bit: - [2010/07/08 14:52:44 | 000,016,160 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IKEYENUM.SYS -- (iKeyEnum)
DRV:64bit: - [2010/01/21 11:08:32 | 000,011,168 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\LiveGpdKBFilter.sys -- (LiveGpdKBFilter)
DRV:64bit: - [2010/01/21 11:08:04 | 000,011,168 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Livemouclass.sys -- (Livemouclass)
DRV:64bit: - [2010/01/21 11:07:50 | 000,011,680 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Livekbc.sys -- (Livekbc)
DRV:64bit: - [2010/01/21 10:32:16 | 000,014,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\LiveIO.sys -- (LiveIO)
DRV:64bit: - [2009/09/02 09:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/10 14:07:40 | 000,119,680 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GemCCID.sys -- (GemCCID)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/30 10:45:40 | 000,062,632 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksifdh.sys -- (AKSIFDH)
DRV:64bit: - [2006/12/08 06:48:56 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2006/12/08 06:47:08 | 000,054,072 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2013/02/05 04:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2012/10/09 12:29:58 | 000,046,440 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)
DRV - [2009/09/02 09:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{C6318E95-5180-42F2-A672-24B6161908DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=POSTDF&pc=POS2&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6775CD06-B99D-4E1F-A92D-AF4A3F955A77}: "URL" = http://www.bing.com/search?q={searchTerms}&form=POSTDF&pc=POS2&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:tabs
IE - HKCU\..\URLSearchHook: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9FB6DE2E-2BCC-4470-9354-62685270D0BD}
IE - HKCU\..\SearchScopes\{05928551-A5EB-40C8-850E-74EF395D4764}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{9FB6DE2E-2BCC-4470-9354-62685270D0BD}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{C5A981F8-9883-4298-AF2C-CDF5B58A2A36}: "URL" = http://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.startup.homepage: "about:newtab"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "http://www.google.com.br/search?hl=pt-BR&source=hp&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@alternatiff.com/AlternaTIFF: C:\Program Files (x86)\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\WGSA II\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\WGSA II\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\WGSA II\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/01/22 16:29:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/24 12:44:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/24 12:44:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/06/20 16:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WGSA II\AppData\Roaming\mozilla\Extensions
[2013/01/18 15:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WGSA II\AppData\Roaming\mozilla\Firefox\Profiles\kv6pfm87.default\extensions
[2011/10/26 16:07:22 | 000,000,000 | ---D | M] (Modulo de Protecao - Banco do Brasil) -- C:\Users\WGSA II\AppData\Roaming\mozilla\Firefox\Profiles\kv6pfm87.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2012/12/20 11:19:18 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\WGSA II\AppData\Roaming\mozilla\Firefox\Profiles\kv6pfm87.default\extensions\50c9efa38199b@50c9efa3819d5.com
[2013/03/24 12:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/03/24 12:44:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/01 13:24:32 | 000,001,240 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2013/03/01 13:24:32 | 000,001,425 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2013/03/01 13:24:32 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/03/01 13:24:32 | 000,001,381 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2013/03/01 13:24:32 | 000,001,165 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\WGSA II\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: AlternaTIFF (QuickTime compatible) (Enabled) = C:\Program Files (x86)\MIE\AlternaTIFF\npzzatif.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\WGSA II\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\WGSA II\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: SaveByclick = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\caiikhiiipikghfchkkmjhcjdfekhkci\1_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Superinteressante = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\degpihaammlmlmgcddhlnfebfcjlbjnk\1.3.1_0\
CHR - Extension: Facebook Like Button = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehaijobeonhempacbjelicepjkhoidi\1.0.3_0\
CHR - Extension: Meng\u00E3o News = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\khiabpjgmmllgannkoghdgjlknjfjinl\2_0\
CHR - Extension: Answers by Answers.com = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgeapdodalngkocjdblmncgfdhcnakd\1.0.5_0\
CHR - Extension: Facebook Notifications = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Dicion\u00E1rio = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\obckmoaibkamoieobiindhnlkjpmpfhb\1_0\
CHR - Extension: Meus 5 Minutos = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\odefkccnelomjbieaplhobhjpcakaglb\2.1.3_0\
CHR - Extension: Dilandau = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\peacmkenjjcaifjckopphcofncigpnlp\1.1.1_0\
CHR - Extension: SaveByclick = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\caiikhiiipikghfchkkmjhcjdfekhkci\1_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Superinteressante = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\degpihaammlmlmgcddhlnfebfcjlbjnk\1.3.1_0\
CHR - Extension: Facebook Like Button = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehaijobeonhempacbjelicepjkhoidi\1.0.3_0\
CHR - Extension: Meng\u00E3o News = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\khiabpjgmmllgannkoghdgjlknjfjinl\2_0\
CHR - Extension: Answers by Answers.com = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgeapdodalngkocjdblmncgfdhcnakd\1.0.5_0\
CHR - Extension: Facebook Notifications = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Dicion\u00E1rio = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\obckmoaibkamoieobiindhnlkjpmpfhb\1_0\
CHR - Extension: Meus 5 Minutos = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\odefkccnelomjbieaplhobhjpcakaglb\2.1.3_0\
CHR - Extension: Dilandau = C:\Users\WGSA II\AppData\Local\Google\Chrome\User Data\Default\Extensions\peacmkenjjcaifjckopphcofncigpnlp\1.1.1_0\
 
O1 HOSTS File: ([2013/03/27 09:41:35 | 000,000,173 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 88.80.13.240   www2.bancobrasil.com.br
O1 - Hosts: 127.0.0.1   www14.bancobrasil.com.br
O1 - Hosts: 88.80.13.241   aapj.bb.com.br
O1 - Hosts: 88.80.13.242   www2.infoseg.gov.br
O1 - Hosts: 127.0.0.1   www5.infoseg.gov.br
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AudioPower] C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Audio Power\AudioPower.exe (Microsoft)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll ()
O4:64bit: - HKLM..\Run: [CertificateRegistration] C:\Windows\SysNative\aetcrss1.exe (A.E.T. Europe B.V.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SACMonitor] C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe (SafeNet, Inc.)
O4:64bit: - HKLM..\Run: [StartUpManagerPositivo] C:\Arquivos de Programas\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [Facebook Update] C:\Users\WGSA II\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Claro] "C:\Program Files (x86)\Claro\UpdateDog\ouc.exe" File not found
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Arquivos de Programas\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Arquivos de Programas\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Arquivos de Programas\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Arquivos de Programas\Motorola\Bluetooth\btmiesend.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} http://www.tjms.jus.br/sajcas/login (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.72.38 189.7.72.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ED5B07F-DC4E-4B50-844B-479852812ED3}: DhcpNameServer = 189.7.72.38 189.7.72.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88DEFDA3-DA66-476F-959C-EE4E765A4F18}: DhcpNameServer = 10.1.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Banco Bradesco S.A.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{543c1348-b3c2-11e1-b8f1-4487fc1c2875}\Shell - "" = AutoRun
O33 - MountPoints2\{543c1348-b3c2-11e1-b8f1-4487fc1c2875}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{543c1354-b3c2-11e1-b8f1-4487fc1c2875}\Shell - "" = AutoRun
O33 - MountPoints2\{543c1354-b3c2-11e1-b8f1-4487fc1c2875}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{935bbe08-b7bb-11e1-a2a5-4487fc1c2875}\Shell - "" = AutoRun
O33 - MountPoints2\{935bbe08-b7bb-11e1-a2a5-4487fc1c2875}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c717e569-b48a-11e1-bdb1-4487fc1c2875}\Shell - "" = AutoRun
O33 - MountPoints2\{c717e569-b48a-11e1-bdb1-4487fc1c2875}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/27 15:18:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\WGSA II\Desktop\OTL.exe
[2013/03/27 15:15:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/03/27 09:40:40 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2013/03/27 08:21:15 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{E150BABC-057E-41E6-A7AF-24E84598B19A}
[2013/03/26 17:43:33 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/03/26 17:39:20 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\WGSA II\Desktop\MGADiag.exe
[2013/03/26 14:34:43 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\WGSA II\Desktop\dds.scr
[2013/03/26 10:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/26 10:05:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/26 10:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/26 10:04:07 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\WGSA II\Desktop\mbam-setup-1.70.0.1100 (1).exe
[2013/03/26 09:52:02 | 000,178,597 | ---- | C] (Igor Pavlov) -- C:\Users\WGSA II\Desktop\bankerfix.exe
[2013/03/26 09:50:54 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{B270E8CA-C208-47D6-804E-7AEADB9D21FD}
[2013/03/25 09:43:24 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{997F3A9A-F975-4D38-89EE-515C7198FEC5}
[2013/03/24 12:43:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/24 09:42:13 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{5E34196D-EDE7-499D-B376-1A8582FF9218}
[2013/03/22 09:39:44 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{F8FCE11C-9A75-4B60-9150-DF1E718D6BA8}
[2013/03/21 21:42:10 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/21 21:42:10 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/21 21:42:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/21 21:42:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/21 21:42:10 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/21 21:42:10 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/21 21:42:10 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/21 21:42:10 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/21 21:42:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/21 21:42:10 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/21 21:42:10 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/21 21:42:10 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/21 21:42:10 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/21 21:42:10 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/21 21:42:10 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/21 21:42:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/21 21:42:10 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/21 21:42:10 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/21 21:42:10 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/21 21:42:10 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/21 21:42:10 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/21 21:42:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/21 21:42:10 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/21 21:42:10 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/21 21:42:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/21 21:42:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/21 21:42:10 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/21 21:42:10 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/21 21:42:10 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/21 21:42:10 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/21 21:42:10 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/21 21:42:10 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/21 21:42:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/03/21 21:42:10 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/21 21:42:10 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/21 21:42:10 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/03/21 21:42:10 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/21 21:42:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/21 21:42:10 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/21 21:42:10 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/21 21:42:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/03/21 21:42:10 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/21 21:42:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/03/21 21:42:10 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/21 21:42:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/03/21 21:42:10 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/21 21:42:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/03/21 21:42:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/21 21:42:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/03/21 21:42:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/03/21 21:42:10 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/21 21:42:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/21 21:42:10 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/21 21:42:09 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/21 21:42:09 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/21 21:42:09 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/21 21:42:09 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/21 21:42:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/21 21:42:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/03/21 21:42:09 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/21 21:42:09 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/21 21:42:09 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/21 21:42:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/21 21:42:09 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/21 21:42:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/21 21:42:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/21 21:42:09 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/21 21:42:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/21 21:38:56 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{BCDE06D5-034B-45F2-AA60-1FCF6AB7D2ED}
[2013/03/21 09:37:43 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{FDC3A59F-8AA5-4767-8C4C-35FA67B4199B}
[2013/03/20 17:45:50 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{9CC2BB0E-0010-4EF4-91F8-8D633B5AC984}
[2013/03/19 09:22:48 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{C1FFB745-D018-403D-804A-36ED0CC8003F}
[2013/03/18 21:22:00 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{4747FAAB-4BE7-46BB-8DBF-5F6066C16C0C}
[2013/03/18 09:21:56 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/18 09:19:18 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{6CDCDF74-52BF-46DD-A663-595A2EC24497}
[2013/03/17 15:35:38 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{885AF277-8037-40E6-A934-E8E5D3B9CEAC}
[2013/03/16 21:07:45 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{EC8903CE-3498-4D82-A6A1-98D842130865}
[2013/03/15 21:06:22 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{652F9F64-6147-44D8-B059-69BD7717E459}
[2013/03/14 09:04:31 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{DD546CC8-3FEC-4752-BA57-F2602A9B9CB2}
[2013/03/13 16:24:48 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{AFC05ACD-407C-4386-9C6E-E0B4DE2F8616}
[2013/03/13 09:41:48 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{89975A14-909C-4235-A0A4-A76B66A70CC7}
[2013/03/12 09:40:27 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{C6D37B57-5290-4AF7-B69F-248A0328E544}
[2013/03/11 09:38:57 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{A008ADA4-E37C-4E26-8D8F-6EEF73821DA1}
[2013/03/08 11:04:27 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{56E17830-3D40-4ACE-B2BB-E3736E07A1F3}
[2013/03/07 11:03:07 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{21DF49BE-CC2D-4067-985A-2C747CA00A91}
[2013/03/07 09:15:16 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/07 09:15:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/07 09:15:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/07 09:15:11 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/07 09:15:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/06 23:02:20 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{7441C65F-E067-4C41-AA08-D08ADC073C55}
[2013/03/06 11:01:57 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{6E0EDBF7-22EE-438F-A22E-6F99CEB13690}
[2013/03/05 23:01:01 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{F8BC7B60-7D50-4FE7-8269-F159FD598F93}
[2013/03/05 09:16:24 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{1FAD1C9C-4658-4BC0-9DDE-1BFFC3FDDE90}
[2013/03/04 10:10:36 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
[2013/03/04 09:15:00 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{B30B3AE3-5374-4AC4-806A-94B257CC9DC8}
[2013/03/02 16:56:09 | 000,000,000 | ---D | C] -- C:\Users\WGSA II\AppData\Local\{4F6303CE-5E72-4B5B-AC9D-9C14B2C15B1D}
[2013/03/01 11:17:05 | 000,000,000 | ---D | C] --
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #3 on: March 27, 2013, 05:37:27 PM »

Hi

In this instance please attach the logs. Click + Additional Options... on the reply box.
Logged

dudu0987
Newbie
*
Offline Offline

Date Registered:September 12, 2011, 01:49:02 PM
Posts: 26


« Reply #4 on: March 27, 2013, 05:59:24 PM »

the logs are following in the attach.
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #5 on: March 27, 2013, 06:24:48 PM »

Hi

Reset Hosts

Download this Microsoft fixit & save it to your desktop.

  • Right click MicrosoftFixit50267.msi and choose "Install"
  • Check the box I Agree & click next
  • Click next, then restart when prompted.
.


Re-run DDS

  • Double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
.
DDS.txt
Attach.txt

.
  • Post them in your next reply
.


Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • It is very important you do not use your computer while GMER is running
  • Right click the randomly named GMER icon & choose "Run as Administrator"
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important


  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
Note:
  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning
.

Logged

dudu0987
Newbie
*
Offline Offline

Date Registered:September 12, 2011, 01:49:02 PM
Posts: 26


« Reply #6 on: March 28, 2013, 08:36:00 AM »

I was not asked to restart the computer after running "microsoft fixit", but I restated it anyway.

Re-ran the DDS. The logs are following in the attach.

I downloaded the GMER, turned off the network, disabled "avira real-time protection", disabled "IAT/EAT" and "show all" and ran it as administrator. The log is following in the attach.

Meanwhile GMER running, Avira asked to restart in order to finish the update. I waited and did it after all.
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #7 on: March 28, 2013, 12:12:13 PM »

Hi

Please copy and paste the contents of your logs in your replies unless I specifically ask you to attach them due to character limitations - thanks.


Uninstall Programs
  • Go to start > control panel > Programs > programs and features.
  • Right click on each instance of:
Quote
SaveByclick

  • Click Uninstall & then follow the prompts to remove it.
.


aswMBR

Download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
.
Logged

dudu0987
Newbie
*
Offline Offline

Date Registered:September 12, 2011, 01:49:02 PM
Posts: 26


« Reply #8 on: March 28, 2013, 02:44:31 PM »

"SaveByclick" uninstalled.

The aswMBR log:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-28 13:46:53
-----------------------------
13:46:53.698    OS Version: Windows x64 6.1.7601 Service Pack 1
13:46:53.698    Number of processors: 4 586 0x2A07
13:46:53.699    ComputerName: WGSAII-PC  UserName: WGSA II
13:46:55.580    Initialize success
15:01:32.665    AVAST engine defs: 13032800
15:11:35.378    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:11:35.380    Disk 0 Vendor:   Size: 0MB BusType: 0
15:11:35.468    Disk 0 MBR read successfully
15:11:35.470    Disk 0 MBR scan
15:11:35.490    Disk 0 Windows 7 default MBR code
15:11:35.492    Disk 0 MBR hidden
15:11:35.499    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS        10000 MB offset 2048
15:11:35.517    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       705402 MB offset 20482048
15:11:35.631    Disk 0 scanning C:\Windows\system32\drivers
15:11:47.580    Service scanning
15:12:15.928    Modules scanning
15:12:15.933    Disk 0 trace - called modules:
15:12:16.006    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:12:16.011    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068de060]
15:12:16.014    3 CLASSPNP.SYS[fffff8800126143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ddd050]
15:12:17.422    AVAST engine scan C:\Windows
15:12:20.579    AVAST engine scan C:\Windows\system32
15:15:59.872    AVAST engine scan C:\Windows\system32\drivers
15:16:13.439    AVAST engine scan C:\Users\WGSA II
15:30:17.330    AVAST engine scan C:\ProgramData
15:32:11.762    Scan finished successfully
15:40:03.603    Disk 0 MBR has been saved successfully to "C:\Users\WGSA II\Desktop\MBR.dat"
15:40:03.607    The log file has been saved successfully to "C:\Users\WGSA II\Desktop\aswMBR.txt"


Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #9 on: March 28, 2013, 06:59:08 PM »

Hi

I think the problem lies with your hosts file, but after resetting it the entries still remain. Both GMER & aswMBR report possible problems with your MBR - we'll need to get an offline dump to be sure.


Let me know if you have any problems with these instructions.

You will need a USB drive & a CD.

Download GETxPUD.exe & save it to your your desktop.

  • Run GETxPUD.exe
  • A new folder will appear on the desktop named GETxPUD
  • Open the GETxPUD folder and click on get&burn.bat
  • The program will download xpud_0.9.2.iso, and when finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
.
Also download dumpit.ndf and save it to a USB drive.

  • Turn off the computer, Insert the USB drive and CD into the computer and boot the from the CD.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Expand sdb1 (your USB)
  • Confirm that you see dumpit.ndf
  • Double click dumpit.ndf
  • When dumpit finishes a report will be located on your USB drive named mbr.zip
  • Click on the HOME tab and choose Power Off to turn off xPUD
  • Remove the CD, turn on the computer & boot into Windows.
  • Attach mbr.zip in your next reply.
.
Please note:  If you have an ethernet connection you can access the internet using your computer by way of xPUD & Firefox.
Logged

melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #10 on: March 31, 2013, 03:48:08 AM »


Hi dudu0987

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • Topics can be closed after 3 days without a response. If you do not reply within that time, the topic will be closed.
Logged

dudu0987
Newbie
*
Offline Offline

Date Registered:September 12, 2011, 01:49:02 PM
Posts: 26


« Reply #11 on: April 01, 2013, 09:11:52 AM »

i could not buy a cd till today.

after insert the cd burned and the usb with dumpit.ndf and boot the computer, the welcome to xpud screen appeared followed by a prompt like ms-dos.

at this prompt i typed "file" and nothing happens. please explain to me how should i proceed at this prompt.
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #12 on: April 01, 2013, 09:40:52 AM »

You should see a screen similar to this one. The File option is available on the left.

Do you not see this screen?

Logged

dudu0987
Newbie
*
Offline Offline

Date Registered:September 12, 2011, 01:49:02 PM
Posts: 26


« Reply #13 on: April 01, 2013, 09:46:33 AM »

this screen does NOT appear.

first, appear a screen where i can choose the language. i just push "enter". a like ms-dos environment appear.

i can't print this screen to show.
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #14 on: April 01, 2013, 10:00:37 AM »

Is there any text on the screen?
Logged

Pages: [1] 2 3 4   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!