Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
rkuyy

Laptop desligando sozinho e devagar

Recommended Posts

Meu laptop comecou a desligar sozinho, ficou mais devagar e toda vez que passo o spybot pega alguma coisa mesmo quando eu só desligo e ligo. Alguem poderia dar uma olhada nos logs por favor, obrigado

O log do gmer ficou muito grande e estava dando erro para postar, por isso estou colocando apenas o dds

DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86

Run by Aurora at 21:14:06,94 on 14/01/2013

Internet Explorer: 9.0.8112.16421

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3069.1482 [GMT -2:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\vfsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\StkASv2K.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

D:\Arquivos de Programa\Itunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Samsung\Kies\KiesHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe

C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Aurora\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\program files\gbplugin\gbiehuni.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {ECDEE021-0D17-467F-A1FF-C7A115230949} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"

mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "d:\arquivos de programa\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe

mRun: [<NO NAME>]

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\aurora\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com.br/s/v/66.31/uploader2.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GbPluginUni - c:\program files\gbplugin\gbiehUni.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\program files\gbplugin\gbiehuni.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-5-2 46016]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-12-2 28552]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-10-29 102040]

R1 RapportCerberus_44365;RapportCerberus_44365;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_44365.sys [2012-11-7 274328]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-10-29 97784]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-10-29 173752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2010-4-15 81920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-1 176128]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]

R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2012-10-31 279744]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-5-21 103992]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-10-29 1115992]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-6-3 599344]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-4-24 228408]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-28 59904]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-20 116136]

R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\46125\RapportIaso.sys [2012-11-7 55448]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-4-14 185344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-25 136176]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-9 251400]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-4-16 80824]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-25 136176]

S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-9-13 1098296]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-8 15872]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-4-16 181432]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-23 1343400]

=============== Created Last 30 ================

2013-01-09 22:04:29 626688 ----a-w- c:\windows\system32\usp10.dll

2013-01-09 22:04:12 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 22:04:11 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 22:04:09 1389568 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 22:04:00 420064 ----a-w- c:\windows\system32\locale.nls

2013-01-09 22:04:00 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-09 22:02:52 49152 ----a-w- c:\windows\system32\taskhost.exe

2013-01-09 22:02:52 220160 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-02 17:44:56 0 d-----w- c:\program files\common files\Macromedia Shared

2013-01-02 17:44:56 0 d-----w- c:\program files\common files\Macromedia

2013-01-02 17:44:47 0 d-----w- c:\program files\Macromedia

2013-01-02 17:44:02 0 d-----w- c:\windows\Downloaded Installations

2012-12-21 02:52:43 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 02:52:41 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-18 11:47:10 524288 --sha-w- c:\users\aurora\ntuser.dat{905b44a0-4908-11e2-b1e0-00247e5a9550}.TMContainer00000000000000000002.regtrans-ms

2012-12-18 11:47:09 524288 --sha-w- c:\users\aurora\ntuser.dat{905b44a0-4908-11e2-b1e0-00247e5a9550}.TMContainer00000000000000000001.regtrans-ms

2012-12-18 11:47:08 65536 --sha-w- c:\users\aurora\ntuser.dat{905b44a0-4908-11e2-b1e0-00247e5a9550}.TM.blf

==================== Find3M ====================

2013-01-10 01:08:10 673532 ----a-w- c:\windows\system32\prfh0416.dat

2013-01-10 01:08:10 133368 ----a-w- c:\windows\system32\prfc0416.dat

2013-01-09 09:53:21 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll

2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-17 14:19:00 954052 ----a-w- c:\windows\fonts\calibriz.ttf

2012-11-17 14:19:00 912248 ----a-w- c:\windows\fonts\calibrii.ttf

2012-11-17 14:19:00 868464 ----a-w- c:\windows\fonts\calibrili.ttf

2012-11-17 14:19:00 848924 ----a-w- c:\windows\fonts\calibrib.ttf

2012-11-17 14:19:00 811412 ----a-w- c:\windows\fonts\calibri.ttf

2012-11-17 14:19:00 758196 ----a-w- c:\windows\fonts\calibril.ttf

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll

2010-04-15 02:55:57 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat

2010-04-15 02:55:57 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat

2010-04-15 02:55:57 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat

2010-04-15 02:55:57 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2012-02-07 01:04:03 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2012-02-07 01:04:03 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2011-09-07 22:05:20 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat

2011-09-07 22:05:20 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat

2011-09-07 22:05:20 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

2012-02-07 01:04:03 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

2010-06-14 22:09:59 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2012-02-06 14:18:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2012-02-06 14:18:00 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2012-02-06 14:18:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

2010-04-16 11:09:55 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2011-11-27 14:02:03 262144 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\WinMail.exe

============= FINISH: 21:15:22,51 ===============

Attach.txt

DDS (Ver_09-12-01.01) - NTFSx86

Run by Aurora at 21:14:06,94 on 14/01/2013

Internet Explorer: 9.0.8112.16421

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3069.1482 [GMT -2:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\vfsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\StkASv2K.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

D:\Arquivos de Programa\Itunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Samsung\Kies\KiesHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe

C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Aurora\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\program files\gbplugin\gbiehuni.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {ECDEE021-0D17-467F-A1FF-C7A115230949} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"

mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "d:\arquivos de programa\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe

mRun: [<NO NAME>]

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\aurora\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com.br/s/v/66.31/uploader2.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GbPluginUni - c:\program files\gbplugin\gbiehUni.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\program files\gbplugin\gbiehuni.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-5-2 46016]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-12-2 28552]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-10-29 102040]

R1 RapportCerberus_44365;RapportCerberus_44365;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_44365.sys [2012-11-7 274328]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-10-29 97784]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-10-29 173752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2010-4-15 81920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-1 176128]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]

R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2012-10-31 279744]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-5-21 103992]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-10-29 1115992]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-6-3 599344]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-4-24 228408]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-28 59904]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-20 116136]

R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\46125\RapportIaso.sys [2012-11-7 55448]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-4-14 185344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-25 136176]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-9 251400]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-4-16 80824]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-25 136176]

S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-9-13 1098296]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-8 15872]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-4-16 181432]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-23 1343400]

=============== Created Last 30 ================

2013-01-09 22:04:29 626688 ----a-w- c:\windows\system32\usp10.dll

2013-01-09 22:04:12 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 22:04:11 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 22:04:09 1389568 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 22:04:00 420064 ----a-w- c:\windows\system32\locale.nls

2013-01-09 22:04:00 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-09 22:02:52 49152 ----a-w- c:\windows\system32\taskhost.exe

2013-01-09 22:02:52 220160 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-02 17:44:56 0 d-----w- c:\program files\common files\Macromedia Shared

2013-01-02 17:44:56 0 d-----w- c:\program files\common files\Macromedia

2013-01-02 17:44:47 0 d-----w- c:\program files\Macromedia

2013-01-02 17:44:02 0 d-----w- c:\windows\Downloaded Installations

2012-12-21 02:52:43 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 02:52:41 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-18 11:47:10 524288 --sha-w- c:\users\aurora\ntuser.dat{905b44a0-4908-11e2-b1e0-00247e5a9550}.TMContainer00000000000000000002.regtrans-ms

2012-12-18 11:47:09 524288 --sha-w- c:\users\aurora\ntuser.dat{905b44a0-4908-11e2-b1e0-00247e5a9550}.TMContainer00000000000000000001.regtrans-ms

2012-12-18 11:47:08 65536 --sha-w- c:\users\aurora\ntuser.dat{905b44a0-4908-11e2-b1e0-00247e5a9550}.TM.blf

==================== Find3M ====================

2013-01-10 01:08:10 673532 ----a-w- c:\windows\system32\prfh0416.dat

2013-01-10 01:08:10 133368 ----a-w- c:\windows\system32\prfc0416.dat

2013-01-09 09:53:21 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll

2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-17 14:19:00 954052 ----a-w- c:\windows\fonts\calibriz.ttf

2012-11-17 14:19:00 912248 ----a-w- c:\windows\fonts\calibrii.ttf

2012-11-17 14:19:00 868464 ----a-w- c:\windows\fonts\calibrili.ttf

2012-11-17 14:19:00 848924 ----a-w- c:\windows\fonts\calibrib.ttf

2012-11-17 14:19:00 811412 ----a-w- c:\windows\fonts\calibri.ttf

2012-11-17 14:19:00 758196 ----a-w- c:\windows\fonts\calibril.ttf

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll

2010-04-15 02:55:57 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat

2010-04-15 02:55:57 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat

2010-04-15 02:55:57 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat

2010-04-15 02:55:57 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2012-02-07 01:04:03 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2012-02-07 01:04:03 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2011-09-07 22:05:20 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat

2011-09-07 22:05:20 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat

2011-09-07 22:05:20 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

2012-02-07 01:04:03 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

2010-06-14 22:09:59 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2012-02-06 14:18:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2012-02-06 14:18:00 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2012-02-06 14:18:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

2010-04-16 11:09:55 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2011-11-27 14:02:03 262144 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\WinMail.exe

============= FINISH: 21:15:22,51 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz o log do combo, estou postando aqui. Obrgiado

ComboFix 13-01-15.02 - Aurora 16/01/2013 12:51:07.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3069.1824 [GMT -2:00]

Executando de: c:\users\Aurora\Desktop\ComboFix.exe

AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: ESET Personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 642 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\systeam

c:\systeam\idmaq

c:\systeam\javaupdatesystem11.exe

c:\systeam\pIDy23.03.ini

c:\systeam\prachotsys3.mod

c:\systeam\ressyne1.mod

c:\systeam\ressyne4.mod

c:\systeam\ressysn11.mod

c:\systeam\roninnn.cmd

c:\systeam\vggrenew11.jar

c:\systeam\xp86x86x82.ini

c:\users\Aurora\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll

c:\windows\system\whysosrs.DLL

c:\windows\system32\System32\MASetupCleaner.exe

c:\windows\system32\System32\muzapp.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

D:\install.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-12-16 to 2013-01-16 ))))))))))))))))))))))))))))

.

.

2013-01-16 15:00 . 2013-01-16 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-16 15:00 . 2013-01-16 15:00 -------- d-----w- c:\users\Administrador\AppData\Local\temp

2013-01-16 14:56 . 2013-01-16 14:56 0 ----a-w- c:\windows\system32\drivers\ati4irxx.sys

2013-01-16 14:52 . 2013-01-16 14:52 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC6F4961-DAF0-4A3A-99A3-3236F03FF6D5}\offreg.dll

2013-01-16 14:48 . 2013-01-16 14:48 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2013-01-16 14:44 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC6F4961-DAF0-4A3A-99A3-3236F03FF6D5}\mpengine.dll

2013-01-09 22:04 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll

2013-01-09 22:04 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 22:04 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 22:04 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 22:04 . 2012-11-30 04:47 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-09 22:02 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe

2013-01-09 22:02 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-02 17:44 . 2013-01-02 18:32 -------- d-----w- c:\program files\Common Files\Macromedia Shared

2013-01-02 17:44 . 2013-01-02 17:44 -------- d-----w- c:\program files\Common Files\Macromedia

2013-01-02 17:44 . 2013-01-02 18:32 -------- d-----w- c:\program files\Macromedia

2013-01-02 17:44 . 2013-01-02 17:44 -------- d-----w- c:\windows\Downloaded Installations

2012-12-21 02:52 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 02:52 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 09:53 . 2012-05-09 18:38 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-09 09:53 . 2012-05-09 18:38 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-14 02:09 . 2012-12-12 03:10 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58 . 2012-12-12 03:10 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57 . 2012-12-12 03:10 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49 . 2012-12-12 03:10 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48 . 2012-12-12 03:10 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44 . 2012-12-12 03:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-09 04:42 . 2012-12-12 01:44 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 05:11 . 2012-12-12 01:44 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-10-30 00:00 . 2012-10-30 00:00 102040 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-15 39408]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]

"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="d:\arquivos de programa\Itunes\iTunesHelper.exe" [2011-08-19 421736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]

"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

.

c:\users\Aurora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2012-10-15 655552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2012-10-15 17:50 655552 ----a-w- c:\program files\GbPlugin\gbiehuni.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-08-22 17:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-02-18 20:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]

2009-09-01 13:41 499768 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]

R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [x]

S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 RapportCerberus_44365;RapportCerberus_44365;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_44365.sys [x]

S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]

S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]

S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [x]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\46125\rapportiaso.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - RAPPORTIASO

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-08-22 17:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-10 21:28 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 09:53]

.

2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-25 03:02]

.

2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-25 03:02]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)

WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)

MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-2660220376-2199175220-3557484792-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:b0,3e,c8,97,31,ee,f9,c5,45,7c,ee,98,f4,39,c6,2d,88,b5,b2,39,a7,5b,f4,

94,a0,d4,83,9b,8f,31,22,59,f5,dd,cf,ab,c2,9f,72,19,5d,c7,e8,d8,ad,50,ed,56,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

.

[HKEY_USERS\S-1-5-21-2660220376-2199175220-3557484792-1001\Software\SecuROM\License information*]

"datasecu"=hex:b8,79,38,e9,43,89,87,6a,02,0b,6e,30,45,8b,02,d5,02,23,67,3f,9f,

cb,60,0a,c7,67,c9,43,bf,de,28,14,6d,61,78,0d,9a,8d,31,35,ac,1f,36,89,0a,62,\

"rkeysecu"=hex:0d,3d,21,48,cf,f7,34,90,b5,4b,68,a1,b9,d9,32,2e

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'Explorer.exe'(376)

c:\program files\GbPlugin\gbiehUni.dll

c:\windows\System32\provsvc.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe

c:\windows\system32\atieclxx.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\System32\StkASv2K.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-01-16 13:07:29 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-01-16 15:07

.

Pré-execução: 149.659.860.992 bytes disponíveis

Pós execução: 149.592.887.296 bytes disponíveis

.

- - End Of File - - 4980FA0C8F0830DE4EE75271B5711130

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz o scan e nao foi detectado nada, o botao ficou laranja.

Mas so uma pergunta, esse programa precisa de internet para funcionar? porque deixei rodando a noite e quando fui checar de manha tinha acabado mas deu problema com wifi

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ele baixa, se atualiza e depois faz o scan normalmente, mesmo sem internet.

O problema inicial persiste?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tudo bom, sim o problema persiste, agradeco a ajuda mas vou ter que levar pra algum tecnico mesmo, porque agora nem ficar ligado ele fica direito, ligo ele e depois de 5 minutos desliga, alem de estar estão devagar so da tempo de logar praticamente

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desligamentos automáticos geralmente são relacionados a problema no hardware. Recomendo que leve em uma assistência especializada.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×