Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
SouHomo

Services.exe infectado

Recommended Posts

Ola galera...

Seguinte, to com um problema aqui... tneho o antivirus NOD 32 4.0, e ele ta acusando que tenho um Trojan no arquivo Services.exe...

nao consigo atualizar o windows, nem ativar o firewall... e o antivirus nao consegue fazer nada ;$

nao sei o que fazer ;/

o Antivirus acusa um trojan chamado Patched.B.Gen

e de comentario..

Event occured during an attempt to acess the file by the application: C\:windows\system32\svchost.exe

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Klin at 21:23:40 on 2012-07-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.4919 [GMT -4:00]

.

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Klin\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\igfxext.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\vssvc.exe

C:\windows\System32\svchost.exe -k swprv

C:\windows\SysWOW64\NOTEPAD.EXE

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.toshiba.ca/welcome

uWindow Title = Presented by TOSHIBA Leading Innovation >>>

uDefault_Page_URL = hxxp://www.toshiba.ca/welcome

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Facebook Update] "C:\Users\Klin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Klin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Klin\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{CA8D95B8-1978-4C99-89CC-F38CEDE5CD88} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{CA8D95B8-1978-4C99-89CC-F38CEDE5CD88}\2454C4C4331313 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{CA8D95B8-1978-4C99-89CC-F38CEDE5CD88}\35471627265736B6370275966496 : DhcpNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{CA8D95B8-1978-4C99-89CC-F38CEDE5CD88}\84352434D27457563747E45647 : DhcpNameServer = 204.50.251.17 207.107.254.120

TCP: Interfaces\{CA8D95B8-1978-4C99-89CC-F38CEDE5CD88}\960586F6E65602A457C69616E616 : DhcpNameServer = 64.71.255.198 64.71.255.253

TCP: Interfaces\{CA8D95B8-1978-4C99-89CC-F38CEDE5CD88}\C696E6B6379737 : DhcpNameServer = 64.71.255.198

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Klin\AppData\Roaming\Mozilla\Firefox\Profiles\yhdfjn7k.default\

FF - prefs.js: network.proxy.ftp - 187.72.145.53

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.http - 187.72.145.53

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - 187.72.145.53

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - 187.72.145.53

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Klin\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll

FF - plugin: C:\Users\Klin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960]

R2 epfwwfpr;epfwwfpr;C:\windows\system32\DRIVERS\epfwwfpr.sys --> C:\windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-7 2458944]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-12-8 267192]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-5 2656280]

R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]

R3 enecir;ENE CIR Receiver;C:\windows\system32\DRIVERS\enecir.sys --> C:\windows\system32\DRIVERS\enecir.sys [?]

R3 enecirhid;ENE CIR HID Receiver;C:\windows\system32\DRIVERS\enecirhid.sys --> C:\windows\system32\DRIVERS\enecirhid.sys [?]

R3 enecirhidma;ENE CIR HIDmini Filter;C:\windows\system32\DRIVERS\enecirhidma.sys --> C:\windows\system32\DRIVERS\enecirhidma.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-5 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 250056]

S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 113120]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-14 17:50:04 -------- d-----w- C:\Users\Klin\AppData\Local\{DE28D747-DF10-4BC0-B42D-FC1276CE9D68}

2012-07-14 17:49:08 -------- d-----w- C:\Users\Klin\AppData\Local\{3524B508-28B3-4DB5-8F3D-27EE4F23E283}

2012-07-14 02:20:11 388096 ----a-r- C:\Users\Klin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-14 02:20:10 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-14 02:00:38 -------- d-----w- C:\Users\Klin\AppData\Roaming\Malwarebytes

2012-07-14 02:00:15 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-14 02:00:14 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-07-14 02:00:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-14 00:42:50 -------- d-----w- C:\Users\Klin\AppData\Roaming\SUPERAntiSpyware.com

2012-07-14 00:42:46 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-07-14 00:42:46 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-07-14 00:36:29 -------- d-----w- C:\Program Files\CCleaner

2012-07-13 22:01:27 -------- d-----w- C:\Users\Klin\AppData\Local\{83B263F2-B9C0-4DE5-A894-46367EAD1D22}

2012-07-13 22:00:47 -------- d-----w- C:\Users\Klin\AppData\Local\{68117BA7-B935-4BD6-A1D7-EC55B8F4B510}

2012-07-13 07:28:01 -------- d-----w- C:\Program Files (x86)\UEFI WinFlash

2012-07-13 07:24:03 -------- d-----w- C:\Users\Klin\AppData\Local\{4A9AB1D2-4605-4821-970A-C5879DE6A707}

2012-07-13 07:23:22 -------- d-----w- C:\Users\Klin\AppData\Local\{8AAD5FDB-1E24-4A5F-BE81-84B834421EB4}

2012-07-12 12:17:21 -------- d-----w- C:\Users\Klin\AppData\Local\{18980237-CD1E-4823-9588-F442E14562A2}

2012-07-12 12:16:35 -------- d-----w- C:\Users\Klin\AppData\Local\{F22AD07A-88D7-448C-B585-8079D7974D79}

2012-07-12 05:57:31 -------- d-----w- C:\Users\Klin\AppData\Local\ESET

2012-07-12 05:38:13 -------- d-----w- C:\Program Files\ESET

2012-07-11 22:44:23 328704 ----a-w- C:\windows\System32\services.exe.0CB72360C2296E5F

2012-07-11 22:39:02 328704 ----a-w- C:\windows\System32\services.exe.EA46584D86C22BB9

2012-07-11 22:35:38 -------- d-----w- C:\Users\Klin\AppData\Local\ElevatedDiagnostics

2012-07-11 21:36:54 -------- d-----w- C:\Users\Klin\AppData\Local\{82D9F9E2-1DCD-4B49-8F45-077D00A8AB51}

2012-07-11 21:36:04 -------- d-----w- C:\Users\Klin\AppData\Local\{B4CD0C8E-A21E-4F79-A50D-7B3773665478}

2012-07-11 09:35:06 -------- d-----w- C:\Users\Klin\AppData\Local\{EC7E9925-7E3D-4708-9521-E855630AC276}

2012-07-11 09:34:14 -------- d-----w- C:\Users\Klin\AppData\Local\{0A4315EC-2EC1-4ED5-9900-AEA9A0BFBC12}

2012-07-10 21:00:02 -------- d-----w- C:\Users\Klin\AppData\Local\{303A27EE-2598-44AA-90EA-E26E1C4C6B8C}

2012-07-10 20:59:21 -------- d-----w- C:\Users\Klin\AppData\Local\{E4AADD6C-1FF8-4DA3-922A-3D1AEFCA9BA3}

2012-07-10 20:58:30 -------- d-----w- C:\Users\Klin\AppData\Local\{EA7F8537-1B67-4F15-909E-63398C8F7F13}

2012-07-10 20:57:40 -------- d-----w- C:\Users\Klin\AppData\Local\{89465765-A2A8-42BA-9095-DA4CD35F1ABA}

2012-07-10 08:57:26 -------- d-----w- C:\Users\Klin\AppData\Local\{4D2E01C0-5731-474D-8357-507A19796F48}

2012-07-10 08:56:47 -------- d-----w- C:\Users\Klin\AppData\Local\{791247AC-18B7-4185-BBA8-A4E1C3FC9DB1}

2012-07-10 08:55:56 -------- d-----w- C:\Users\Klin\AppData\Local\{10A730BC-BC2D-4702-94F8-FA96BE7EEC96}

2012-07-10 08:55:05 -------- d-----w- C:\Users\Klin\AppData\Local\{AE4EFA3D-53E2-4A37-8062-EA24EC5C7DCD}

2012-07-09 20:54:13 -------- d-----w- C:\Users\Klin\AppData\Local\{9E5DF51E-53D1-480C-A7DA-7E602771DBAA}

2012-07-09 20:53:34 -------- d-----w- C:\Users\Klin\AppData\Local\{F77F392A-4A8E-4FC7-89F9-2CB0EAF68826}

2012-07-09 20:52:44 -------- d-----w- C:\Users\Klin\AppData\Local\{C87EBC01-3646-4CEA-A5D8-074F23DD7453}

2012-07-09 20:51:54 -------- d-----w- C:\Users\Klin\AppData\Local\{934319F3-22C5-450B-8516-427C1C7967CC}

2012-07-09 08:50:49 -------- d-----w- C:\Users\Klin\AppData\Local\{4E2277C1-EBF9-41BA-979B-F0D5FF5D8A68}

2012-07-09 08:50:10 -------- d-----w- C:\Users\Klin\AppData\Local\{4E760FE6-4C03-4B62-83B7-A58007BAF4D5}

2012-07-09 08:49:19 -------- d-----w- C:\Users\Klin\AppData\Local\{85B529E5-0943-4DC9-8AD3-3DE1E7CB8276}

2012-07-09 08:48:29 -------- d-----w- C:\Users\Klin\AppData\Local\{C4FC77A5-A4C8-4FFA-9262-437BA299AC2D}

2012-07-08 20:47:35 -------- d-----w- C:\Users\Klin\AppData\Local\{605EDD5A-D6B3-48D3-B6DB-DF1E18500122}

2012-07-08 20:46:44 -------- d-----w- C:\Users\Klin\AppData\Local\{DA90C71C-D127-4DA5-9026-DE97C5C20219}

2012-07-08 08:45:49 -------- d-----w- C:\Users\Klin\AppData\Local\{BEA2389D-041B-42E2-8094-EB00028073F7}

2012-07-08 08:44:57 -------- d-----w- C:\Users\Klin\AppData\Local\{2A867729-D601-443F-B671-DC2BE681E5DF}

2012-07-07 20:24:15 -------- d-----w- C:\Users\Klin\AppData\Local\{EAB2F295-1EA5-40F2-97FA-E6E73BC0EE37}

2012-07-07 20:23:35 -------- d-----w- C:\Users\Klin\AppData\Local\{37A0E409-D63B-47E8-B61E-57B2FE4C8908}

2012-07-06 18:11:33 -------- d-----w- C:\Users\Klin\AppData\Local\{745C5D31-121E-40B7-B0A6-E7F7AFE9F7B8}

2012-07-06 18:10:53 -------- d-----w- C:\Users\Klin\AppData\Local\{13B85916-03D0-4323-8E3A-9E3C6CA00180}

2012-07-06 06:10:16 -------- d-----w- C:\Users\Klin\AppData\Local\Chromium

2012-07-06 05:31:49 -------- d-----w- C:\Users\Klin\AppData\Local\{106C8CA2-A861-4B86-B961-29403215AECC}

2012-07-06 05:30:58 -------- d-----w- C:\Users\Klin\AppData\Local\{F90A67B9-51F8-4C29-972A-53455A16E6AE}

2012-07-05 21:12:38 -------- d-----w- C:\Program Files (x86)\Rockstar Games

2012-07-05 20:45:00 -------- d-----w- C:\ProgramData\Rockstar Games

2012-07-05 17:29:49 -------- d-----w- C:\Users\Klin\AppData\Local\{2FC2A2E6-B068-4B9B-BC8E-EF597D7906C5}

2012-07-05 17:29:10 -------- d-----w- C:\Users\Klin\AppData\Local\{FCAA33AF-D38E-4AE3-8D11-C27816099DC4}

2012-07-03 17:36:36 -------- d-----w- C:\Users\Klin\AppData\Local\{8DC076E6-A5CC-4EDD-8269-5336EDD824BC}

2012-07-03 17:35:43 -------- d-----w- C:\Users\Klin\AppData\Local\{A8C6AB85-4DCC-467E-9AB2-E33ABB25753F}

2012-07-03 17:34:58 -------- d-----w- C:\Users\Klin\AppData\Local\{2A57FF2A-22A0-4A21-BB9E-78D406C21E1E}

2012-07-02 23:59:54 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2012-07-02 23:59:34 519000 ----a-w- C:\windows\System32\d3dx10_40.dll

2012-07-02 23:59:34 452440 ----a-w- C:\windows\SysWow64\d3dx10_40.dll

2012-07-02 23:59:34 2605920 ----a-w- C:\windows\System32\D3DCompiler_40.dll

2012-07-02 23:59:34 2036576 ----a-w- C:\windows\SysWow64\D3DCompiler_40.dll

2012-07-02 23:59:31 5631312 ----a-w- C:\windows\System32\D3DX9_40.dll

2012-07-02 23:59:31 4379984 ----a-w- C:\windows\SysWow64\D3DX9_40.dll

2012-07-02 23:35:18 -------- d-----w- C:\Games

2012-07-02 23:29:21 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys

2012-07-02 23:29:16 -------- d-----w- C:\Users\Klin\AppData\Roaming\DAEMON Tools Lite

2012-07-02 23:29:13 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2012-07-02 23:28:36 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2012-07-02 20:51:58 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-02 20:39:08 -------- d-----w- C:\windows\pss

2012-07-02 20:35:02 328704 ----a-w- C:\windows\System32\services.exe.F1F651337FEF5FA4

2012-07-02 20:30:20 328704 ----a-w- C:\windows\System32\services.exe.CF9EFBD7843BED2B

2012-07-02 20:23:22 328704 ----a-w- C:\windows\System32\services.exe.E5E0A96CF519DEE7

2012-07-02 20:12:31 -------- d-----w- C:\Users\Klin\AppData\Local\{2B8EE565-AE90-4B7C-8EA5-7CD0908832C6}

2012-07-02 20:11:52 -------- d-----w- C:\Users\Klin\AppData\Local\{5D4BCD7A-D9C3-44A4-BC15-0D07A3ECFAA2}

2012-07-02 07:46:25 -------- d-----w- C:\Users\Klin\AppData\Local\{E07620E8-F2A7-42E6-AF1B-141AB8D98628}

2012-07-02 07:45:33 -------- d-----w- C:\Users\Klin\AppData\Local\{C1F9C811-BCAC-4694-A7DA-8352E68157A1}

2012-07-01 19:44:38 -------- d-----w- C:\Users\Klin\AppData\Local\{62C4A81A-4B60-4A38-AF8D-56A1DAED4D90}

2012-07-01 19:43:47 -------- d-----w- C:\Users\Klin\AppData\Local\{40367E95-B943-4321-8B9C-9170DF769A10}

2012-07-01 07:42:40 -------- d-----w- C:\Users\Klin\AppData\Local\{82618273-671D-4AE6-9FA2-6C3655D49ED7}

2012-07-01 07:41:49 -------- d-----w- C:\Users\Klin\AppData\Local\{5BE828FF-D436-44FA-9498-A5C7EB82F652}

2012-06-30 19:40:54 -------- d-----w- C:\Users\Klin\AppData\Local\{9AF88E6A-813D-4C4A-8D32-1B1352DA3ED8}

2012-06-30 19:40:14 -------- d-----w- C:\Users\Klin\AppData\Local\{B07F95A4-C943-4861-88E4-C8040C511B96}

2012-06-30 19:39:24 -------- d-----w- C:\Users\Klin\AppData\Local\{5D4EEB20-F016-4F59-87D1-6193CC3811DF}

2012-06-30 19:38:34 -------- d-----w- C:\Users\Klin\AppData\Local\{6032F279-297B-424A-B65E-479DC9B4226D}

2012-06-30 07:37:26 -------- d-----w- C:\Users\Klin\AppData\Local\{3179B6BF-32AE-4A76-B0AC-3802594ED3EA}

2012-06-30 07:36:46 -------- d-----w- C:\Users\Klin\AppData\Local\{9E48CB47-F10B-4A31-AE6F-889F004EE575}

2012-06-29 06:01:03 -------- d-----w- C:\Users\Klin\AppData\Local\{2DF82AD3-87CC-49E7-A0E4-BCAC2527B1FE}

2012-06-29 06:00:24 -------- d-----w- C:\Users\Klin\AppData\Local\{CBE15C37-A86F-49DD-B641-19E4DE45C9D8}

2012-06-29 05:59:34 -------- d-----w- C:\Users\Klin\AppData\Local\{D37F70D6-A2D1-4789-8CCD-7B87B3D13EAA}

2012-06-28 17:57:49 -------- d-----w- C:\Users\Klin\AppData\Local\{68ADCC7C-86C8-4880-A5D7-67AD093C2212}

2012-06-28 17:57:10 -------- d-----w- C:\Users\Klin\AppData\Local\{42ABF6EE-C357-4A26-A75A-63C3A80BD06A}

2012-06-28 05:26:19 -------- d-----w- C:\Users\Klin\AppData\Local\{522E1920-E4D9-41AF-8BD0-E5B13F9AB7B8}

2012-06-28 05:25:40 -------- d-----w- C:\Users\Klin\AppData\Local\{D9A91DEA-1E86-4E48-8591-909F8604E4AD}

2012-06-28 05:24:48 -------- d-----w- C:\Users\Klin\AppData\Local\{05E8DFF9-7B77-41CB-92FE-3174FF26001C}

2012-06-28 05:23:58 -------- d-----w- C:\Users\Klin\AppData\Local\{A8F1F91D-82B5-4D59-A88F-57FE554CA3A3}

2012-06-27 17:45:14 -------- d-sh--w- C:\windows\System32\%APPDATA%

2012-06-27 17:22:49 -------- d-----w- C:\Users\Klin\AppData\Local\{AA2B5EDA-826D-4A58-B710-CC0FD617A3CC}

2012-06-27 17:22:09 -------- d-----w- C:\Users\Klin\AppData\Local\{02956F2D-B23A-4B40-9F43-F688F9C54C04}

2012-06-27 05:13:51 -------- d-----w- C:\Users\Klin\AppData\Local\{53C7D000-70CC-4DBB-8FA7-FFE13708BEF0}

2012-06-27 05:13:01 -------- d-----w- C:\Users\Klin\AppData\Local\{BA7CA540-146D-4D7F-BD86-B360D0EAE73E}

2012-06-26 17:02:29 -------- d-----w- C:\Users\Klin\AppData\Local\{569BB665-DF6F-40CB-9A4A-00F0E8DB7CE4}

2012-06-26 17:01:50 -------- d-----w- C:\Users\Klin\AppData\Local\{ED4DA71B-8EA0-4BDE-A57E-A98AC3F5F707}

2012-06-25 21:24:32 -------- d-----w- C:\Users\Klin\AppData\Local\{77E53C5C-4752-40FC-9613-11640FC30245}

2012-06-25 21:23:53 -------- d-----w- C:\Users\Klin\AppData\Local\{1180893D-D118-4F06-B5D9-F04948683507}

2012-06-25 21:23:02 -------- d-----w- C:\Users\Klin\AppData\Local\{1C9F38ED-16C5-47F2-9F67-D64B77FB701D}

2012-06-25 21:22:12 -------- d-----w- C:\Users\Klin\AppData\Local\{9AAA3492-02B0-4501-9A8E-95F1B70429D7}

2012-06-25 09:21:03 -------- d-----w- C:\Users\Klin\AppData\Local\{EAC71B54-0E28-4470-8730-F1EE19A92F82}

2012-06-25 09:20:23 -------- d-----w- C:\Users\Klin\AppData\Local\{DC66753D-90A0-4D5E-A06B-B53E7F186C87}

2012-06-24 07:06:53 -------- d-----w- C:\Users\Klin\AppData\Local\{B4E43FDA-6470-4BF9-B6D1-B413F2693F6F}

2012-06-24 07:06:13 -------- d-----w- C:\Users\Klin\AppData\Local\{189B5DF1-1248-43EF-9A8C-BADCC490BF23}

2012-06-23 17:44:14 -------- d-----w- C:\Users\Klin\AppData\Local\{8F685264-BE4A-4372-A308-AC3EE799D9AA}

2012-06-23 17:43:34 -------- d-----w- C:\Users\Klin\AppData\Local\{CDAACF49-D1F4-4392-86B5-E06FA3687377}

2012-06-22 15:14:10 -------- d-----w- C:\Users\Klin\AppData\Local\{8CBE98E4-2450-479A-AC71-3068220CC0CD}

2012-06-22 15:13:19 -------- d-----w- C:\Users\Klin\AppData\Local\{36635B94-5692-4C91-A4ED-376DF5111EE9}

2012-06-22 02:43:37 -------- d-----w- C:\Users\Klin\AppData\Local\{3AB7735C-12CA-4270-9115-92382E546648}

2012-06-22 02:42:43 -------- d-----w- C:\Users\Klin\AppData\Local\{7737ED8F-5059-4AA9-BA58-E7A368830BC1}

2012-06-21 14:41:32 -------- d-----w- C:\Users\Klin\AppData\Local\{3799DA6B-F1C0-43B2-A04D-D97E6BE94736}

2012-06-21 14:40:50 -------- d-----w- C:\Users\Klin\AppData\Local\{436EADFF-35D3-44CD-A56F-43C869149464}

2012-06-20 18:04:50 -------- d-----w- C:\Users\Klin\AppData\Local\{F47E7908-BCF0-4F31-8536-AB5AE0E2DA69}

2012-06-20 18:04:10 -------- d-----w- C:\Users\Klin\AppData\Local\{A50F4CB9-67B5-476B-B217-CB556CFFFA41}

2012-06-19 22:17:04 -------- d-----w- C:\Users\Klin\AppData\Local\{D5149087-B163-45AE-BBE8-239BB6D37F13}

2012-06-19 22:16:24 -------- d-----w- C:\Users\Klin\AppData\Local\{E73884A8-DC91-4069-9F41-DD22D0AAF6C0}

2012-06-19 21:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-06-19 05:24:35 -------- d-----w- C:\Users\Klin\AppData\Local\{F6E78042-8BE5-4F0D-B0F1-9B2343B4D5D8}

2012-06-19 05:23:35 -------- d-----w- C:\Users\Klin\AppData\Local\{D2FD57F5-1853-4C37-9F84-097517821087}

2012-06-19 05:22:45 -------- d-----w- C:\Users\Klin\AppData\Local\{B8BC6247-ED99-47E6-B864-59D570D0FA83}

2012-06-19 05:21:55 -------- d-----w- C:\Users\Klin\AppData\Local\{D6DB4B1B-9FB8-4850-AD10-A3CAC005BAFB}

2012-06-18 18:24:34 -------- d-----w- C:\Users\Klin\AppData\Local\CutePDF Writer

2012-06-18 18:24:14 -------- d-----w- C:\Program Files (x86)\GPLGS

2012-06-18 18:20:59 86608 ----a-w- C:\windows\System32\cpwmon64.dll

2012-06-18 18:20:58 -------- d-----w- C:\Program Files (x86)\Acro Software

2012-06-18 17:20:30 -------- d-----w- C:\Users\Klin\AppData\Local\{9FD5B371-D4DF-4278-A952-5C65C6C85FD8}

2012-06-18 05:19:37 -------- d-----w- C:\Users\Klin\AppData\Local\{4DBB5242-F6E4-4CAB-AB29-C5CF10DC2A46}

2012-06-16 22:24:02 -------- d-----w- C:\Users\Klin\AppData\Local\{2853F2D1-A525-454D-AB2A-66673AD7D946}

2012-06-15 21:58:55 -------- d-----w- C:\Users\Klin\AppData\Local\{CC05C4F5-7379-43F2-91D4-C87BCFBEEC39}

.

==================== Find3M ====================

.

2012-07-12 04:39:18 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 04:39:18 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys

2012-05-04 23:29:22 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-05-04 23:29:16 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll

2012-04-29 22:14:49 3052789044 ----a-w- C:\MSSetupv109.exe

2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

.

============= FINISH: 21:23:53.15 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Executei tudo nos conformes com o ComboFix.. entretanto na analise do arquivo 49 ele trava... repeti o processo 3x e mesmo assim quando chega no 49 ele trava...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Está desativando o antivírus?

    Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

    Tente novamente executar o ComboFix.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Entrei pelo modo de segurança, executei o ComboFix... ele alegou que o antivirus estava ativado, abri o NOD32, e assim, dava uma mensagem dizendo, você tem certeza que deseja iniciar o antivirus em modo de segurança? sinal que ele nao tava ativado... mandei o combofix rodar e aconteceu exatamente a mesma coisa.. na verificacao dos arquivos no stage 49 travou, e assim ficou...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Vamos por partes:

    FF - prefs.js: network.proxy.ftp - 187.72.145.53

    Esse proxy, é do seu conhecimento?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • nãão... nao me lembro de ter visto esse proxy nao... então, é desconhecido!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Configure o Windows para mostrar todos os arquivos

    Acesse este site: http://virustotal.com/

    Em Choose File coloque: C:\windows\System32\services.exe

    Em seguida clique em Submit

    Copie e poste o resultado deste exame.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Renato, entrei nas opcões de pastas e mandei aparecer os arquivos ocultos... quando entreo pelo windows explorer, o arquivo services.exe aparece, entretanto, tentando abrir pelo site do virustotal ele continua oculto...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Tente digitar o caminho, ele deverá aparecer.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×