RosauraChic

Membro
  • Content count

    39
  • Joined

  • Last visited

Community Reputation

0 Neutral

About RosauraChic

  • Rank
    Novato

Contact Methods

  • ICQ
    0
  1. Boa Tarde! AVG detectou Exploit Fake Flash Player. Numa segunda varredura detectou Adware Adpluguin que foi colocado em quarentena. Será que estou livre deles, mesmo? Grata,
  2. Conexao via cabo com modem da NET. Nada de roteador....Não sei como acessar configurações para ver a configuração de DNS. Grata! Já conseguimos remover o malware ? Rodei o RogueKiller e acusou algumas suspeitas. Vai o log abaixo: RogueKiller V8.8.15 _x64_ [Mar 27 2014] Por Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Site : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Iniciado em : Modo Normal Usuario : Rosa [Privilegios de Admnistrador] Modo : Verificar -- Data : 05/14/2014 13:21:50 | ARK || FAK || MBR | ¤¤¤ Entradas ruins : 0 ¤¤¤ ¤¤¤ Entradas do Registro : 5 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Rosa\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid a05e6c16d0cf47d3848cd1a920e7bb20-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913b [x][x][x]) -> ENCONTRADO [RUN][sUSP PATH] HKUS\S-1-5-21-272370721-492980238-3187547828-1000\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Rosa\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid a05e6c16d0cf47d3848cd1a920e7bb20-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913b [x][x][x]) -> ENCONTRADO [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ENCONTRADO [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO ¤¤¤ As tarefas agendadas : 0 ¤¤¤ ¤¤¤ entradas de inicialização : 0 ¤¤¤ ¤¤¤ Os navegadores da Web : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤ ¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤ ¤¤¤ Hives externas: ¤¤¤ ¤¤¤ Infecção : ¤¤¤ ¤¤¤ Arquivo de Hosts: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ Verificaçao do MBR: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++ --- User --- [MBR] 61e83b7271ba26f9c04b27442922ae63 [bSP] 3827c03048417811d0799c6f6d9b5023 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Photosmart C4280 USB Device +++++ Error reading User MBR! ([0x15] O dispositivo não está pronto. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] Não há suporte para o pedido. ) Concluido : << RKreport[0]_S_05142014_132150.txt >> RKreport[0]_S_05122014_010711.txt
  3. Carlos, um dos problemas que tenho percebido é o recebimento de spam no meu email cujo rementente aparece como sendo meu próprio e-mail ! Aí vai o resultado. Nao cliquei em nada porque nao havia onde clicar. Ao abrir o arquivo veio isto. Está correto? Grata! Task: {8610E4D6-4F38-4685-8879-471CFE23B884} - System32\Tasks\UpdaterEX => C:\Users\Rosa\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Rosa\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE C:\Users\Rosa\AppData\Roaming\UPDATE~1 Startup: C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PC App Store Uninstall 3.8.8.1435.lnk ShortcutTarget: PC App Store Uninstall 3.8.8.1435.lnk -> C:\Users\Rosa\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini (No File) S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X] 2014-05-12 00:23 - 2013-10-22 15:23 - 00000288 _____ () C:\Windows\Tasks\UpdaterEX.job C:\Users\Rosa\AppData\Roaming\Baidu Security C:\Program Files (x86)\Baidu Security C:\Windows\System32\drivers\BprotectEx.sys CMD: DEL %TEMP%\*.* /F /S /Q CMD: DEL %WINDIR%\TEMP\*.* /F /S /Q CMD: RD /S /Q %TEMP% C:\WINDOWS\*.tmp Reboot: Resposta 2 Programa FRST64 baixado antes. Clique em FIX.. Feito! Aí vai ! Fixlog resultado.txt
  4. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01 Ran by Rosa at 2014-05-12 11:57:11 Running from C:\Users\Rosa\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden Arquivo do WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - ) Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft) Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies) AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden Carnê-Leão 2014 (HKLM-x32\...\LEAO2014) (Version: 1.0 - Receita Federal do Brasil) DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden Extended Update (HKCU\...\UpdaterEX) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (PTB) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 9 Essentials (HKLM-x32\...\{a2c3617f-21e5-4400-857f-4c0032bc39fb}) (Version: - Nero AG) Nero BurnRights (x32 Version: 3.4.10.100 - Nero AG) Hidden Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero CoverDesigner (x32 Version: 4.4.9.203 - Nero AG) Hidden Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden Nero Disc Copy Gadget (x32 Version: 2.4.22.0 - Nero AG) Hidden Nero Disc Copy Gadget Help (x32 Version: 2.4.22.0 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.12.100 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.10.100 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.4.14.100 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.10.100 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero PhotoSnap (x32 Version: 1.53.2.0 - Nero AG) Hidden Nero PhotoSnap Help (x32 Version: 1.53.2.0 - Nero AG) Hidden Nero Recode (x32 Version: 4.4.22.54 - Nero AG) Hidden Nero Recode Help (x32 Version: 4.4.22.0 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.13.202 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.11.210 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.11.100 - Nero AG) Hidden Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden Nero Vision (x32 Version: 6.4.10.205 - Nero AG) Hidden Nero Vision Help (x32 Version: 6.4.8.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.10.506 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Sistema Inteligente de Monitoramento (HKLM-x32\...\{795DBE6F-834A-45AD-AAE1-4114D8B476E0}) (Version: 4.01 - Ice) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) ==================== Restore Points ========================= 02-04-2014 03:02:15 Ponto de Verificação Agendado 09-04-2014 16:06:45 Ponto de Verificação Agendado 10-04-2014 06:00:24 Windows Update 15-04-2014 05:20:32 Windows Update 21-04-2014 03:22:23 Installed Java 7 Update 55 02-05-2014 01:58:17 Ponto de Verificação Agendado 03-05-2014 05:04:39 Windows Update 06-05-2014 17:25:08 Windows Update ==================== Hosts content: ========================== 2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {422452E5-4901-4762-A0EA-1256A7905328} - System32\Tasks\{E440D5D3-744C-4EBE-AAA0-21048450E232} => Chrome.exe Task: {64975F59-E7C7-4410-8DA9-ABDEDE0865F1} - System32\Tasks\{AE965F0C-5242-42E9-B5D4-7A51B6A63FB6} => Chrome.exe Task: {8610E4D6-4F38-4685-8879-471CFE23B884} - System32\Tasks\UpdaterEX => C:\Users\Rosa\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {94CC7027-58A5-4120-9584-41FFA48F0DA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.) Task: {98906620-B489-421F-A40B-DA5983D29661} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated) Task: {99541309-F22D-41B2-B3C6-8E3327EAA524} - System32\Tasks\{173F5806-2941-4935-ACFA-0B4D39D41094} => Chrome.exe Task: {B060164F-F2AC-4D1D-B046-13848404FBDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.) Task: {B85ED186-C9F9-4320-86ED-652641F1B4F9} - System32\Tasks\{DFC692B1-9262-47DB-9DE0-1CD784DC2AC9} => Chrome.exe Task: {D1446536-4E13-495E-B10E-8AB83B8F8F13} - System32\Tasks\{13853CEB-7640-4F89-A82B-BE09AE59A871} => Chrome.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Rosa\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE ==================== Loaded Modules (whitelisted) ============= 2013-06-26 22:38 - 2009-06-02 01:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2014-04-30 00:53 - 2014-04-23 21:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll 2014-04-30 00:53 - 2014-04-23 21:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll 2014-04-30 00:53 - 2014-04-23 21:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll 2014-04-30 00:53 - 2014-04-23 21:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll 2014-04-30 00:53 - 2014-04-23 21:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll 2014-04-30 00:53 - 2014-04-23 21:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll 2014-04-30 00:53 - 2014-04-23 21:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/11/2014 08:14:15 PM) (Source: SideBySide) (User: ) (EventID: 80) Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/10/2014 06:42:29 PM) (Source: SideBySide) (User: ) (EventID: 80) Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/10/2014 03:48:29 PM) (Source: SideBySide) (User: ) (EventID: 80) Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/07/2014 11:41:26 PM) (Source: SideBySide) (User: ) (EventID: 80) Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/05/2014 00:57:16 AM) (Source: SideBySide) (User: ) (EventID: 80) Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/03/2014 01:05:48 AM) (Source: SideBySide) (User: ) (EventID: 80) Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/02/2014 10:10:54 PM) (Source: SideBySide) (User: ) (EventID: 80) Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/01/2014 10:52:25 PM) (Source: SideBySide) (User: ) (EventID: 80) Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/27/2014 02:09:07 PM) (Source: SideBySide) (User: ) (EventID: 80) Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/24/2014 01:05:40 AM) (Source: SideBySide) (User: ) (EventID: 80) Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (05/03/2014 02:04:56 AM) (Source: DCOM) (User: ) (EventID: 10010) Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Error: (04/25/2014 08:41:16 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: O serviço AVGIDSAgent terminou com o erro específico de serviço %%-536753635. Error: (04/25/2014 08:41:14 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: O serviço AVGIDSAgent terminou com o erro específico de serviço %%-536753635. Error: (04/25/2014 08:41:14 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: O serviço AVGIDSAgent terminou com o erro específico de serviço %%-536753635. Error: (04/25/2014 08:41:12 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: O serviço AVGIDSAgent terminou com o erro específico de serviço %%-536753635. Error: (04/25/2014 08:41:11 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: O serviço AVGIDSAgent terminou com o erro específico de serviço %%-536753635. Error: (04/25/2014 08:41:10 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: O serviço AVGIDSAgent terminou com o erro específico de serviço %%-536753635. Error: (04/25/2014 08:41:09 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: O serviço AVGIDSAgent terminou com o erro específico de serviço %%-536753635. Error: (04/25/2014 08:41:08 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: O serviço AVGIDSAgent terminou com o erro específico de serviço %%-536753635. Error: (04/25/2014 08:41:07 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: O serviço AVGIDSAgent terminou com o erro específico de serviço %%-536753635. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 47% Total physical RAM: 4061.24 MB Available physical RAM: 2115.68 MB Total Pagefile: 8120.66 MB Available Pagefile: 6144.9 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:419.59 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 41712435) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Rosa (administrator) on ROSA-PC on 12-05-2014 11:55:47 Running from C:\Users\Rosa\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Portuguese Brazilian Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-28] (Microsoft Corporation) HKU\S-1-5-21-272370721-492980238-3187547828-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.) HKU\S-1-5-21-272370721-492980238-3187547828-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Rosa\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid a05e6c16d0cf47d3848cd1a920e7bb20-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913b Startup: C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PC App Store Uninstall 3.8.8.1435.lnk ShortcutTarget: PC App Store Uninstall 3.8.8.1435.lnk -> C:\Users\Rosa\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3D91A1144773CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 189.4.128.68 189.4.128.63 201.6.4.116 FireFox: ======== FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR DefaultSearchKeyword: google.com.br CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Extension: (YouTube) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-27] CHR Extension: (Pesquisa do Google) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-27] CHR Extension: (Google Wallet) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-27] ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.) ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.) S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-12 11:55 - 2014-05-12 11:56 - 00008262 _____ () C:\Users\Rosa\Downloads\FRST.txt 2014-05-12 11:55 - 2014-05-12 11:55 - 00000000 ____D () C:\FRST 2014-05-12 11:53 - 2014-05-12 11:53 - 02066944 _____ (Farbar) C:\Users\Rosa\Downloads\FRST64.exe 2014-05-12 01:07 - 2014-05-12 01:07 - 00004343 _____ () C:\Users\Rosa\Desktop\RKreport[0]_S_05122014_010711.txt 2014-05-12 01:01 - 2014-05-12 01:02 - 04527616 _____ () C:\Users\Rosa\Downloads\RogueKillerX64.exe 2014-05-12 00:35 - 2013-02-11 18:51 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Rosa\Desktop\TDSSKiller.exe 2014-05-12 00:35 - 2011-01-01 01:14 - 00002254 ____R () C:\Users\Rosa\Desktop\eula.txt 2014-05-12 00:33 - 2014-05-12 00:34 - 00000000 ____D () C:\Users\Rosa\Downloads\tdsskiller 2014-05-12 00:24 - 2014-05-12 00:25 - 02218636 _____ () C:\Users\Rosa\Downloads\tdsskiller.zip 2014-05-10 16:01 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable) 2014-05-10 16:01 - 2014-05-10 16:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-10 16:01 - 2014-05-10 16:01 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-10 16:01 - 2014-05-10 16:01 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes 2014-05-10 16:01 - 2014-05-10 16:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-10 15:57 - 2014-05-10 16:22 - 00000000 ____D () C:\Users\Rosa\Desktop\mbar 2014-05-10 15:57 - 2014-05-10 15:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-10 15:52 - 2014-05-10 15:55 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Rosa\Downloads\mbar-1.07.0.1009.exe 2014-05-09 23:23 - 2014-05-09 23:23 - 00002381 _____ () C:\Users\Rosa\Desktop\FSS 1.txt 2014-05-09 23:22 - 2014-05-09 23:22 - 00002381 _____ () C:\Users\Rosa\Downloads\FSS.txt 2014-05-09 23:21 - 2014-05-09 23:21 - 00042848 _____ () C:\Users\Rosa\Desktop\MbrScan 1.txt 2014-05-09 23:21 - 2014-05-09 23:21 - 00042846 _____ () C:\Users\Rosa\Downloads\MbrScan.log 2014-05-09 23:20 - 2014-05-09 23:21 - 00000512 _____ () C:\Users\Rosa\Downloads\Dump_Hdd0_DR0.mbr 2014-05-09 23:17 - 2014-05-09 23:17 - 00007765 _____ () C:\Users\Rosa\Downloads\hijackthis.log 2014-05-09 23:17 - 2014-05-09 23:17 - 00007765 _____ () C:\Users\Rosa\Desktop\hijackthis 1.txt 2014-05-09 13:24 - 2014-05-09 13:24 - 00408576 _____ (Farbar) C:\Users\Rosa\Downloads\FSS.exe 2014-05-09 13:23 - 2014-05-09 13:23 - 00147456 _____ (Eric_71) C:\Users\Rosa\Downloads\MbrScan.exe 2014-05-09 13:22 - 2014-05-09 13:22 - 00218112 _____ (Soeperman Enterprises Ltd.) C:\Users\Rosa\Downloads\HijackThis.exe 2014-05-06 14:25 - 2014-05-06 14:25 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 13:02 - 2014-04-13 23:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 13:02 - 2014-04-13 23:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-04 15:50 - 2014-05-04 15:50 - 00000000 ____D () C:\Users\Rosa\Downloads\Dilma Sadinhas_files 2014-05-04 15:49 - 2014-05-04 15:50 - 01042479 _____ () C:\Users\Rosa\Downloads\Dilma Sadinhas.htm 2014-05-03 02:05 - 2014-04-29 11:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-03 02:05 - 2014-04-29 10:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-03 02:05 - 2014-04-29 09:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-03 02:05 - 2014-04-29 09:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-30 01:39 - 2014-04-30 01:39 - 00151552 _____ () C:\Users\Rosa\Downloads\Praça Independencia, aérea.jpeg 2014-04-30 01:07 - 2014-04-30 01:07 - 00304320 _____ () C:\Users\Rosa\Downloads\Dilma Boicote.htm 2014-04-21 00:25 - 2014-04-21 00:25 - 00000000 __SHD () C:\Users\Rosa\AppData\Local\EmieUserList 2014-04-21 00:25 - 2014-04-21 00:25 - 00000000 __SHD () C:\Users\Rosa\AppData\Local\EmieSiteList 2014-04-21 00:23 - 2014-04-21 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-21 00:23 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-21 00:23 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-21 00:23 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-21 00:23 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-21 00:22 - 2014-04-21 00:23 - 00004244 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-04-15 18:57 - 2014-04-15 18:57 - 00113512 _____ () C:\Users\Rosa\Downloads\Jornal Expansao - Dilma.htm 2014-04-15 18:57 - 2014-04-15 18:57 - 00000000 ____D () C:\Users\Rosa\Downloads\Jornal Expansao - Dilma_files 2014-04-15 02:21 - 2014-03-06 06:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-15 02:21 - 2014-03-06 05:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-15 02:21 - 2014-03-06 05:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-15 02:21 - 2014-03-06 05:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-15 02:21 - 2014-03-06 05:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-15 02:21 - 2014-03-06 05:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-15 02:21 - 2014-03-06 05:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-15 02:21 - 2014-03-06 05:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-15 02:21 - 2014-03-06 05:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-15 02:21 - 2014-03-06 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-15 02:21 - 2014-03-06 05:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-15 02:21 - 2014-03-06 05:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-15 02:21 - 2014-03-06 05:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-15 02:21 - 2014-03-06 05:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-15 02:21 - 2014-03-06 05:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-15 02:21 - 2014-03-06 05:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-15 02:21 - 2014-03-06 05:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-15 02:21 - 2014-03-06 04:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-15 02:21 - 2014-03-06 04:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-15 02:21 - 2014-03-06 04:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-15 02:21 - 2014-03-06 04:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-15 02:21 - 2014-03-06 04:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-15 02:21 - 2014-03-06 04:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-15 02:21 - 2014-03-06 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-15 02:21 - 2014-03-06 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-15 02:21 - 2014-03-06 04:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-15 02:21 - 2014-03-06 04:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-15 02:21 - 2014-03-06 04:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-15 02:21 - 2014-03-06 04:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-15 02:21 - 2014-03-06 04:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-15 02:21 - 2014-03-06 04:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-15 02:21 - 2014-03-06 04:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-15 02:21 - 2014-03-06 03:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-15 02:21 - 2014-03-06 03:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-15 02:21 - 2014-03-06 03:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-15 02:21 - 2014-03-06 03:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-15 02:21 - 2014-03-06 03:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-15 02:21 - 2014-03-06 02:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-15 02:21 - 2014-03-06 02:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-15 02:21 - 2014-03-06 02:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-15 02:21 - 2014-03-06 02:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-15 02:21 - 2014-03-06 02:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-15 02:20 - 2014-03-06 05:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-15 02:20 - 2014-03-06 04:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll ==================== One Month Modified Files and Folders ======= 2014-05-12 11:56 - 2014-05-12 11:55 - 00008262 _____ () C:\Users\Rosa\Downloads\FRST.txt 2014-05-12 11:56 - 2013-06-26 20:02 - 00000000 ____D () C:\Users\Todos os Usuários\MFAData 2014-05-12 11:56 - 2013-06-26 20:02 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-12 11:55 - 2014-05-12 11:55 - 00000000 ____D () C:\FRST 2014-05-12 11:54 - 2013-06-26 18:41 - 01415968 _____ () C:\Windows\WindowsUpdate.log 2014-05-12 11:53 - 2014-05-12 11:53 - 02066944 _____ (Farbar) C:\Users\Rosa\Downloads\FRST64.exe 2014-05-12 11:53 - 2013-06-26 19:38 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-12 11:50 - 2013-06-26 19:38 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-12 11:50 - 2013-06-26 18:50 - 00000000 ___RD () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-12 11:50 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-12 11:50 - 2009-07-14 01:51 - 00060700 _____ () C:\Windows\setupact.log 2014-05-12 01:18 - 2013-06-26 21:35 - 00000000 ____D () C:\Users\Rosa\Desktop\RK_Quarantine 2014-05-12 01:07 - 2014-05-12 01:07 - 00004343 _____ () C:\Users\Rosa\Desktop\RKreport[0]_S_05122014_010711.txt 2014-05-12 01:02 - 2014-05-12 01:01 - 04527616 _____ () C:\Users\Rosa\Downloads\RogueKillerX64.exe 2014-05-12 00:34 - 2014-05-12 00:33 - 00000000 ____D () C:\Users\Rosa\Downloads\tdsskiller 2014-05-12 00:25 - 2014-05-12 00:24 - 02218636 _____ () C:\Users\Rosa\Downloads\tdsskiller.zip 2014-05-12 00:23 - 2013-10-22 15:23 - 00000288 _____ () C:\Windows\Tasks\UpdaterEX.job 2014-05-12 00:19 - 2013-06-26 19:37 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-11 19:45 - 2009-07-14 01:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-11 19:45 - 2009-07-14 01:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-10 18:54 - 2013-06-26 22:38 - 00000000 ____D () C:\Users\Rosa\AppData\Roaming\Skype 2014-05-10 16:22 - 2014-05-10 16:01 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable) 2014-05-10 16:22 - 2014-05-10 16:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-10 16:22 - 2014-05-10 15:57 - 00000000 ____D () C:\Users\Rosa\Desktop\mbar 2014-05-10 16:01 - 2014-05-10 16:01 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-10 16:01 - 2014-05-10 16:01 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes 2014-05-10 16:01 - 2014-05-10 16:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-10 15:57 - 2014-05-10 15:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-10 15:55 - 2014-05-10 15:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Rosa\Downloads\mbar-1.07.0.1009.exe 2014-05-09 23:23 - 2014-05-09 23:23 - 00002381 _____ () C:\Users\Rosa\Desktop\FSS 1.txt 2014-05-09 23:22 - 2014-05-09 23:22 - 00002381 _____ () C:\Users\Rosa\Downloads\FSS.txt 2014-05-09 23:21 - 2014-05-09 23:21 - 00042848 _____ () C:\Users\Rosa\Desktop\MbrScan 1.txt 2014-05-09 23:21 - 2014-05-09 23:21 - 00042846 _____ () C:\Users\Rosa\Downloads\MbrScan.log 2014-05-09 23:21 - 2014-05-09 23:20 - 00000512 _____ () C:\Users\Rosa\Downloads\Dump_Hdd0_DR0.mbr 2014-05-09 23:17 - 2014-05-09 23:17 - 00007765 _____ () C:\Users\Rosa\Downloads\hijackthis.log 2014-05-09 23:17 - 2014-05-09 23:17 - 00007765 _____ () C:\Users\Rosa\Desktop\hijackthis 1.txt 2014-05-09 13:24 - 2014-05-09 13:24 - 00408576 _____ (Farbar) C:\Users\Rosa\Downloads\FSS.exe 2014-05-09 13:23 - 2014-05-09 13:23 - 00147456 _____ (Eric_71) C:\Users\Rosa\Downloads\MbrScan.exe 2014-05-09 13:22 - 2014-05-09 13:22 - 00218112 _____ (Soeperman Enterprises Ltd.) C:\Users\Rosa\Downloads\HijackThis.exe 2014-05-09 12:48 - 2013-06-26 19:38 - 00004060 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 12:48 - 2013-06-26 19:38 - 00003808 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-07 21:22 - 2013-08-11 20:54 - 01964032 ____H () C:\Users\Rosa\Downloads\photothumb.db 2014-05-06 14:25 - 2014-05-06 14:25 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-04 16:21 - 2013-09-03 23:28 - 00000000 ____D () C:\Users\Rosa\Downloads\Originals 2014-05-04 15:50 - 2014-05-04 15:50 - 00000000 ____D () C:\Users\Rosa\Downloads\Dilma Sadinhas_files 2014-05-04 15:50 - 2014-05-04 15:49 - 01042479 _____ () C:\Users\Rosa\Downloads\Dilma Sadinhas.htm 2014-05-01 20:15 - 2013-09-11 13:00 - 00101376 ____H () C:\Users\Rosa\Documents\photothumb.db 2014-04-30 01:39 - 2014-04-30 01:39 - 00151552 _____ () C:\Users\Rosa\Downloads\Praça Independencia, aérea.jpeg 2014-04-30 01:07 - 2014-04-30 01:07 - 00304320 _____ () C:\Users\Rosa\Downloads\Dilma Boicote.htm 2014-04-30 00:53 - 2013-06-26 19:39 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-29 12:24 - 2013-06-26 19:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 12:24 - 2013-06-26 19:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 12:24 - 2013-06-26 19:37 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 11:01 - 2014-05-03 02:05 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 10:40 - 2014-05-03 02:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 09:48 - 2014-05-03 02:05 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 09:34 - 2014-05-03 02:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-25 20:39 - 2014-03-31 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-04-25 20:39 - 2013-10-15 12:09 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-04-21 00:25 - 2014-04-21 00:25 - 00000000 __SHD () C:\Users\Rosa\AppData\Local\EmieUserList 2014-04-21 00:25 - 2014-04-21 00:25 - 00000000 __SHD () C:\Users\Rosa\AppData\Local\EmieSiteList 2014-04-21 00:25 - 2013-10-17 18:02 - 00000000 ____D () C:\Users\Todos os Usuários\Oracle 2014-04-21 00:25 - 2013-10-17 18:02 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-21 00:23 - 2014-04-21 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-21 00:23 - 2014-04-21 00:22 - 00004244 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-21 00:23 - 2013-06-26 19:59 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-04-18 02:50 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache 2014-04-15 18:57 - 2014-04-15 18:57 - 00113512 _____ () C:\Users\Rosa\Downloads\Jornal Expansao - Dilma.htm 2014-04-15 18:57 - 2014-04-15 18:57 - 00000000 ____D () C:\Users\Rosa\Downloads\Jornal Expansao - Dilma_files 2014-04-15 12:34 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-14 20:13 - 2014-04-21 00:23 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-21 00:23 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-21 00:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-21 00:23 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-14 01:44 - 2014-01-27 14:02 - 00000000 ____D () C:\Users\Rosa\Downloads\Dilma e CFK_files 2014-04-13 23:24 - 2014-05-06 13:02 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-04-13 23:19 - 2014-05-06 13:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Rosa\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Rosa\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Rosa\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Rosa\AppData\Local\Temp\ntdll_dump.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-10 15:47 ==================== End Of Log ============================
  5. Ok! Grata! Aqui vai o log: RogueKiller V8.8.15 _x64_ [Mar 27 2014] Por Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Site : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Iniciado em : Modo Normal Usuario : Rosa [Privilegios de Admnistrador] Modo : Verificar -- Data : 05/12/2014 01:07:11 | ARK || FAK || MBR | ¤¤¤ Entradas ruins : 2 ¤¤¤ [sUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe C:\Users\Rosa\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll _OpenUrl -run PC App Store Uninstall -ini OpenUrl.ini [x] -> rundll32.exe FINALIZADO [TermProc] [sUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe C:\Users\Rosa\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll _OpenUrl -run PC App Store Uninstall -ini OpenUrl.ini [x] -> rundll32.exe FINALIZADO [TermProc] ¤¤¤ Entradas do Registro : 5 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Rosa\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid a05e6c16d0cf47d3848cd1a920e7bb20-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913b [x][x][x]) -> ENCONTRADO [RUN][sUSP PATH] HKUS\S-1-5-21-272370721-492980238-3187547828-1000\[...]\Run : AVG-Secure-Search-Update_0913b (C:\Users\Rosa\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid a05e6c16d0cf47d3848cd1a920e7bb20-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913b [x][x][x]) -> ENCONTRADO [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ENCONTRADO [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO ¤¤¤ As tarefas agendadas : 2 ¤¤¤ [V1][sUSP PATH] UpdaterEX.job : C:\Users\Rosa\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> ENCONTRADO [V2][sUSP PATH] UpdaterEX : C:\Users\Rosa\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> ENCONTRADO ¤¤¤ entradas de inicialização : 1 ¤¤¤ [Rosa][sUSP PATH] PC App Store Uninstall 3.8.8.1435.lnk : C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PC App Store Uninstall 3.8.8.1435.lnk @C:\Windows\System32\rundll32.exe "C:\Users\Rosa\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini" [-][7][x] -> ENCONTRADO ¤¤¤ Os navegadores da Web : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤ ¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤ [Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0xF5031C90) [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xFD2DFB70) [Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x72CE2888) [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x766B46E9) ¤¤¤ Hives externas: ¤¤¤ ¤¤¤ Infecção : ¤¤¤ ¤¤¤ Arquivo de Hosts: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ Verificaçao do MBR: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++ --- User --- [MBR] 61e83b7271ba26f9c04b27442922ae63 [bSP] 3827c03048417811d0799c6f6d9b5023 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Photosmart C4280 USB Device +++++ Error reading User MBR! ([0x15] O dispositivo não está pronto. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] Não há suporte para o pedido. ) Concluido : << RKreport[0]_S_05122014_010711.txt >>
  6. Aí vai o resultado do TDSSKiller Quanto ao outro programa- RogueKiller.exe.- não consegui encontrar o local na página indicada onde estaria o download. Grata! 00:35:45.0020 3552 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 00:37:35.0883 3552 ============================================================ 00:37:35.0883 3552 Current date / time: 2014/05/12 00:37:35.0883 00:37:35.0884 3552 SystemInfo: 00:37:35.0884 3552 00:37:35.0884 3552 OS Version: 6.1.7601 ServicePack: 1.0 00:37:35.0884 3552 Product type: Workstation 00:37:35.0884 3552 ComputerName: ROSA-PC 00:37:35.0884 3552 UserName: Rosa 00:37:35.0884 3552 Windows directory: C:\Windows 00:37:35.0884 3552 System windows directory: C:\Windows 00:37:35.0884 3552 Running under WOW64 00:37:35.0884 3552 Processor architecture: Intel x64 00:37:35.0884 3552 Number of processors: 2 00:37:35.0884 3552 Page size: 0x1000 00:37:35.0884 3552 Boot type: Normal boot 00:37:35.0884 3552 ============================================================ 00:37:36.0554 3552 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:37:36.0591 3552 ============================================================ 00:37:36.0591 3552 \Device\Harddisk0\DR0: 00:37:36.0591 3552 MBR partitions: 00:37:36.0591 3552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 00:37:36.0591 3552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000 00:37:36.0591 3552 ============================================================ 00:37:36.0612 3552 C: <-> \Device\Harddisk0\DR0\Partition2 00:37:36.0612 3552 ============================================================ 00:37:36.0612 3552 Initialize success 00:37:36.0612 3552 ============================================================ 00:38:44.0579 0976 ============================================================ 00:38:44.0579 0976 Scan started 00:38:44.0579 0976 Mode: Manual; TDLFS; 00:38:44.0579 0976 ============================================================ 00:38:44.0907 0976 ================ Scan system memory ======================== 00:38:44.0907 0976 System memory - ok 00:38:44.0908 0976 ================ Scan services ============================= 00:38:45.0049 0976 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 00:38:45.0053 0976 1394ohci - ok 00:38:45.0077 0976 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 00:38:45.0082 0976 ACPI - ok 00:38:45.0099 0976 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 00:38:45.0102 0976 AcpiPmi - ok 00:38:45.0180 0976 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 00:38:45.0182 0976 AdobeARMservice - ok 00:38:45.0233 0976 [ 7C7E868E1D8096ED08D80FF7712BB9D8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 00:38:45.0237 0976 AdobeFlashPlayerUpdateSvc - ok 00:38:45.0283 0976 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 00:38:45.0290 0976 adp94xx - ok 00:38:45.0312 0976 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 00:38:45.0317 0976 adpahci - ok 00:38:45.0334 0976 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 00:38:45.0339 0976 adpu320 - ok 00:38:45.0361 0976 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 00:38:45.0363 0976 AeLookupSvc - ok 00:38:45.0397 0976 [ 79059559E89D06E8B80CE2944BE20228 ] AFD C:\Windows\system32\drivers\afd.sys 00:38:45.0410 0976 AFD - ok 00:38:45.0440 0976 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 00:38:45.0442 0976 agp440 - ok 00:38:45.0456 0976 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 00:38:45.0458 0976 ALG - ok 00:38:45.0483 0976 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 00:38:45.0486 0976 aliide - ok 00:38:45.0506 0976 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 00:38:45.0508 0976 amdide - ok 00:38:45.0541 0976 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 00:38:45.0543 0976 AmdK8 - ok 00:38:45.0564 0976 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 00:38:45.0568 0976 AmdPPM - ok 00:38:45.0586 0976 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 00:38:45.0589 0976 amdsata - ok 00:38:45.0605 0976 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 00:38:45.0608 0976 amdsbs - ok 00:38:45.0622 0976 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 00:38:45.0623 0976 amdxata - ok 00:38:45.0655 0976 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 00:38:45.0659 0976 AppID - ok 00:38:45.0680 0976 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 00:38:45.0684 0976 AppIDSvc - ok 00:38:45.0711 0976 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 00:38:45.0715 0976 Appinfo - ok 00:38:45.0739 0976 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 00:38:45.0745 0976 AppMgmt - ok 00:38:45.0775 0976 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 00:38:45.0778 0976 arc - ok 00:38:45.0793 0976 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 00:38:45.0796 0976 arcsas - ok 00:38:45.0878 0976 [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 00:38:45.0880 0976 aspnet_state - ok 00:38:45.0901 0976 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 00:38:45.0904 0976 AsyncMac - ok 00:38:45.0933 0976 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 00:38:45.0935 0976 atapi - ok 00:38:45.0978 0976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 00:38:45.0987 0976 AudioEndpointBuilder - ok 00:38:45.0999 0976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 00:38:46.0002 0976 AudioSrv - ok 00:38:46.0041 0976 [ 2D5E8A35808FDA50274CFD22000DAB53 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys 00:38:46.0042 0976 Avgdiska - ok 00:38:46.0135 0976 [ 7645B56EE79C68DFE19298BD531A66A3 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe 00:38:46.0188 0976 AVGIDSAgent - ok 00:38:46.0208 0976 [ E92276DB995B7E75DA9B9DD271058A8E ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 00:38:46.0210 0976 AVGIDSDriver - ok 00:38:46.0249 0976 [ F6CE2F1B6E890FB5EBC04A11A2E31DC1 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 00:38:46.0250 0976 AVGIDSHA - ok 00:38:46.0265 0976 [ B323DE78E0C75F3605C7A200F3CF350F ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 00:38:46.0269 0976 Avgldx64 - ok 00:38:46.0293 0976 [ 6E381AFF06BC6ABFAEF70405014D7A37 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 00:38:46.0297 0976 Avgloga - ok 00:38:46.0321 0976 [ DBFB9BEAE2816FDB4B4EF8C89AFA3DF0 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 00:38:46.0323 0976 Avgmfx64 - ok 00:38:46.0336 0976 [ 9C6CD518AE78D532FB33240DE11C765D ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 00:38:46.0337 0976 Avgrkx64 - ok 00:38:46.0354 0976 [ F86A506DA0BF61402E19DB8AF0684C9A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 00:38:46.0357 0976 Avgtdia - ok 00:38:46.0371 0976 [ DBAEB3D23C653018629A76E53260E122 ] avgwd C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe 00:38:46.0374 0976 avgwd - ok 00:38:46.0396 0976 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 00:38:46.0400 0976 AxInstSV - ok 00:38:46.0437 0976 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 00:38:46.0445 0976 b06bdrv - ok 00:38:46.0465 0976 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 00:38:46.0470 0976 b57nd60a - ok 00:38:46.0506 0976 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 00:38:46.0514 0976 BDESVC - ok 00:38:46.0527 0976 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 00:38:46.0530 0976 Beep - ok 00:38:46.0568 0976 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 00:38:46.0579 0976 BFE - ok 00:38:46.0612 0976 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 00:38:46.0624 0976 BITS - ok 00:38:46.0644 0976 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 00:38:46.0647 0976 blbdrive - ok 00:38:46.0664 0976 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 00:38:46.0666 0976 bowser - ok 00:38:46.0680 0976 BprotectEx - ok 00:38:46.0696 0976 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:38:46.0700 0976 BrFiltLo - ok 00:38:46.0715 0976 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:38:46.0718 0976 BrFiltUp - ok 00:38:46.0738 0976 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 00:38:46.0742 0976 Browser - ok 00:38:46.0766 0976 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 00:38:46.0773 0976 Brserid - ok 00:38:46.0786 0976 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 00:38:46.0790 0976 BrSerWdm - ok 00:38:46.0803 0976 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 00:38:46.0807 0976 BrUsbMdm - ok 00:38:46.0815 0976 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 00:38:46.0818 0976 BrUsbSer - ok 00:38:46.0840 0976 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 00:38:46.0843 0976 BTHMODEM - ok 00:38:46.0874 0976 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 00:38:46.0876 0976 bthserv - ok 00:38:46.0891 0976 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 00:38:46.0894 0976 cdfs - ok 00:38:46.0916 0976 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 00:38:46.0919 0976 cdrom - ok 00:38:46.0950 0976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 00:38:46.0954 0976 CertPropSvc - ok 00:38:46.0973 0976 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 00:38:46.0976 0976 circlass - ok 00:38:46.0991 0976 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 00:38:46.0995 0976 CLFS - ok 00:38:47.0045 0976 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:38:47.0049 0976 clr_optimization_v2.0.50727_32 - ok 00:38:47.0081 0976 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 00:38:47.0084 0976 clr_optimization_v2.0.50727_64 - ok 00:38:47.0127 0976 [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:38:47.0129 0976 clr_optimization_v4.0.30319_32 - ok 00:38:47.0146 0976 [ 4AEDAB50F83580D0B4D6CF78191F92AA ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 00:38:47.0149 0976 clr_optimization_v4.0.30319_64 - ok 00:38:47.0173 0976 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 00:38:47.0176 0976 CmBatt - ok 00:38:47.0193 0976 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 00:38:47.0195 0976 cmdide - ok 00:38:47.0218 0976 [ EBF28856F69CF094A902F884CF989706 ] CNG C:\Windows\system32\Drivers\cng.sys 00:38:47.0223 0976 CNG - ok 00:38:47.0244 0976 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 00:38:47.0246 0976 Compbatt - ok 00:38:47.0275 0976 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 00:38:47.0278 0976 CompositeBus - ok 00:38:47.0288 0976 COMSysApp - ok 00:38:47.0304 0976 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 00:38:47.0307 0976 crcdisk - ok 00:38:47.0333 0976 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll 00:38:47.0340 0976 CryptSvc - ok 00:38:47.0370 0976 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 00:38:47.0377 0976 CSC - ok 00:38:47.0398 0976 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 00:38:47.0406 0976 CscService - ok 00:38:47.0431 0976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 00:38:47.0439 0976 DcomLaunch - ok 00:38:47.0464 0976 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 00:38:47.0468 0976 defragsvc - ok 00:38:47.0487 0976 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 00:38:47.0489 0976 DfsC - ok 00:38:47.0519 0976 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 00:38:47.0527 0976 Dhcp - ok 00:38:47.0555 0976 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 00:38:47.0558 0976 discache - ok 00:38:47.0581 0976 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 00:38:47.0583 0976 Disk - ok 00:38:47.0608 0976 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 00:38:47.0612 0976 Dnscache - ok 00:38:47.0635 0976 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 00:38:47.0640 0976 dot3svc - ok 00:38:47.0667 0976 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 00:38:47.0670 0976 DPS - ok 00:38:47.0704 0976 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 00:38:47.0708 0976 drmkaud - ok 00:38:47.0744 0976 [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 00:38:47.0754 0976 DXGKrnl - ok 00:38:47.0773 0976 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 00:38:47.0777 0976 EapHost - ok 00:38:47.0836 0976 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 00:38:47.0889 0976 ebdrv - ok 00:38:47.0915 0976 [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS C:\Windows\System32\lsass.exe 00:38:47.0917 0976 EFS - ok 00:38:47.0969 0976 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 00:38:47.0979 0976 ehRecvr - ok 00:38:48.0001 0976 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 00:38:48.0006 0976 ehSched - ok 00:38:48.0053 0976 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 00:38:48.0060 0976 elxstor - ok 00:38:48.0083 0976 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 00:38:48.0086 0976 ErrDev - ok 00:38:48.0130 0976 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 00:38:48.0136 0976 EventSystem - ok 00:38:48.0157 0976 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 00:38:48.0161 0976 exfat - ok 00:38:48.0180 0976 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 00:38:48.0183 0976 fastfat - ok 00:38:48.0215 0976 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 00:38:48.0225 0976 Fax - ok 00:38:48.0241 0976 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 00:38:48.0245 0976 fdc - ok 00:38:48.0256 0976 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 00:38:48.0259 0976 fdPHost - ok 00:38:48.0265 0976 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 00:38:48.0268 0976 FDResPub - ok 00:38:48.0282 0976 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 00:38:48.0284 0976 FileInfo - ok 00:38:48.0298 0976 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 00:38:48.0300 0976 Filetrace - ok 00:38:48.0312 0976 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 00:38:48.0316 0976 flpydisk - ok 00:38:48.0343 0976 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 00:38:48.0347 0976 FltMgr - ok 00:38:48.0385 0976 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 00:38:48.0413 0976 FontCache - ok 00:38:48.0454 0976 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 00:38:48.0456 0976 FontCache3.0.0.0 - ok 00:38:48.0469 0976 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 00:38:48.0470 0976 FsDepends - ok 00:38:48.0489 0976 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 00:38:48.0492 0976 Fs_Rec - ok 00:38:48.0526 0976 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 00:38:48.0529 0976 fvevol - ok 00:38:48.0555 0976 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 00:38:48.0558 0976 gagp30kx - ok 00:38:48.0594 0976 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 00:38:48.0603 0976 gpsvc - ok 00:38:48.0644 0976 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 00:38:48.0646 0976 gupdate - ok 00:38:48.0652 0976 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 00:38:48.0654 0976 gupdatem - ok 00:38:48.0674 0976 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 00:38:48.0680 0976 hcw85cir - ok 00:38:48.0721 0976 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 00:38:48.0727 0976 HdAudAddService - ok 00:38:48.0738 0976 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 00:38:48.0741 0976 HDAudBus - ok 00:38:48.0755 0976 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 00:38:48.0760 0976 HidBatt - ok 00:38:48.0778 0976 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 00:38:48.0782 0976 HidBth - ok 00:38:48.0789 0976 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 00:38:48.0793 0976 HidIr - ok 00:38:48.0814 0976 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 00:38:48.0817 0976 hidserv - ok 00:38:48.0848 0976 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 00:38:48.0853 0976 HidUsb - ok 00:38:48.0883 0976 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 00:38:48.0888 0976 hkmsvc - ok 00:38:48.0910 0976 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 00:38:48.0916 0976 HomeGroupListener - ok 00:38:48.0937 0976 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 00:38:48.0942 0976 HomeGroupProvider - ok 00:38:48.0968 0976 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 00:38:48.0971 0976 HpSAMD - ok 00:38:49.0015 0976 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 00:38:49.0025 0976 HTTP - ok 00:38:49.0048 0976 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 00:38:49.0049 0976 hwpolicy - ok 00:38:49.0078 0976 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 00:38:49.0083 0976 i8042prt - ok 00:38:49.0124 0976 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 00:38:49.0130 0976 iaStorV - ok 00:38:49.0192 0976 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 00:38:49.0202 0976 idsvc - ok 00:38:49.0215 0976 IEEtwCollectorService - ok 00:38:49.0393 0976 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 00:38:49.0549 0976 igfx - ok 00:38:49.0586 0976 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 00:38:49.0589 0976 iirsp - ok 00:38:49.0625 0976 [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT C:\Windows\System32\ikeext.dll 00:38:49.0636 0976 IKEEXT - ok 00:38:49.0665 0976 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 00:38:49.0666 0976 intelide - ok 00:38:49.0681 0976 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 00:38:49.0683 0976 intelppm - ok 00:38:49.0706 0976 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 00:38:49.0710 0976 IPBusEnum - ok 00:38:49.0730 0976 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:38:49.0733 0976 IpFilterDriver - ok 00:38:49.0762 0976 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 00:38:49.0771 0976 iphlpsvc - ok 00:38:49.0795 0976 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 00:38:49.0799 0976 IPMIDRV - ok 00:38:49.0817 0976 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 00:38:49.0820 0976 IPNAT - ok 00:38:49.0847 0976 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 00:38:49.0851 0976 IRENUM - ok 00:38:49.0862 0976 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 00:38:49.0864 0976 isapnp - ok 00:38:49.0888 0976 [ 96BB922A0981BC7432C8CF52B5410FE6 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 00:38:49.0892 0976 iScsiPrt - ok 00:38:49.0914 0976 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 00:38:49.0916 0976 kbdclass - ok 00:38:49.0933 0976 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 00:38:49.0936 0976 kbdhid - ok 00:38:49.0955 0976 [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso C:\Windows\system32\lsass.exe 00:38:49.0956 0976 KeyIso - ok 00:38:49.0978 0976 [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 00:38:49.0980 0976 KSecDD - ok 00:38:50.0006 0976 [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 00:38:50.0008 0976 KSecPkg - ok 00:38:50.0025 0976 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 00:38:50.0029 0976 ksthunk - ok 00:38:50.0056 0976 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 00:38:50.0062 0976 KtmRm - ok 00:38:50.0085 0976 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 00:38:50.0090 0976 LanmanServer - ok 00:38:50.0110 0976 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 00:38:50.0116 0976 LanmanWorkstation - ok 00:38:50.0137 0976 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 00:38:50.0139 0976 lltdio - ok 00:38:50.0156 0976 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 00:38:50.0161 0976 lltdsvc - ok 00:38:50.0178 0976 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 00:38:50.0182 0976 lmhosts - ok 00:38:50.0208 0976 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 00:38:50.0211 0976 LSI_FC - ok 00:38:50.0225 0976 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 00:38:50.0229 0976 LSI_SAS - ok 00:38:50.0243 0976 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:38:50.0246 0976 LSI_SAS2 - ok 00:38:50.0258 0976 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:38:50.0262 0976 LSI_SCSI - ok 00:38:50.0291 0976 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 00:38:50.0292 0976 luafv - ok 00:38:50.0315 0976 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 00:38:50.0319 0976 Mcx2Svc - ok 00:38:50.0333 0976 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 00:38:50.0337 0976 megasas - ok 00:38:50.0362 0976 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 00:38:50.0366 0976 MegaSR - ok 00:38:50.0390 0976 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 00:38:50.0394 0976 MMCSS - ok 00:38:50.0413 0976 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 00:38:50.0415 0976 Modem - ok 00:38:50.0435 0976 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 00:38:50.0437 0976 monitor - ok 00:38:50.0449 0976 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 00:38:50.0451 0976 mouclass - ok 00:38:50.0466 0976 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 00:38:50.0470 0976 mouhid - ok 00:38:50.0493 0976 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 00:38:50.0496 0976 mountmgr - ok 00:38:50.0511 0976 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 00:38:50.0514 0976 mpio - ok 00:38:50.0536 0976 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 00:38:50.0540 0976 mpsdrv - ok 00:38:50.0569 0976 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 00:38:50.0581 0976 MpsSvc - ok 00:38:50.0609 0976 [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 00:38:50.0614 0976 MRxDAV - ok 00:38:50.0636 0976 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 00:38:50.0638 0976 mrxsmb - ok 00:38:50.0654 0976 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:38:50.0658 0976 mrxsmb10 - ok 00:38:50.0670 0976 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:38:50.0672 0976 mrxsmb20 - ok 00:38:50.0704 0976 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 00:38:50.0707 0976 msahci - ok 00:38:50.0735 0976 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 00:38:50.0738 0976 msdsm - ok 00:38:50.0756 0976 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 00:38:50.0760 0976 MSDTC - ok 00:38:50.0791 0976 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 00:38:50.0791 0976 Msfs - ok 00:38:50.0805 0976 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 00:38:50.0807 0976 mshidkmdf - ok 00:38:50.0819 0976 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 00:38:50.0820 0976 msisadrv - ok 00:38:50.0840 0976 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 00:38:50.0845 0976 MSiSCSI - ok 00:38:50.0852 0976 msiserver - ok 00:38:50.0871 0976 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 00:38:50.0873 0976 MSKSSRV - ok 00:38:50.0886 0976 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 00:38:50.0889 0976 MSPCLOCK - ok 00:38:50.0906 0976 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 00:38:50.0909 0976 MSPQM - ok 00:38:50.0939 0976 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 00:38:50.0943 0976 MsRPC - ok 00:38:50.0955 0976 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 00:38:50.0957 0976 mssmbios - ok 00:38:50.0973 0976 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 00:38:50.0975 0976 MSTEE - ok 00:38:50.0991 0976 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 00:38:50.0994 0976 MTConfig - ok 00:38:51.0008 0976 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 00:38:51.0010 0976 Mup - ok 00:38:51.0047 0976 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 00:38:51.0053 0976 napagent - ok 00:38:51.0076 0976 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 00:38:51.0083 0976 NativeWifiP - ok 00:38:51.0124 0976 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 00:38:51.0134 0976 NDIS - ok 00:38:51.0149 0976 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 00:38:51.0152 0976 NdisCap - ok 00:38:51.0165 0976 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 00:38:51.0166 0976 NdisTapi - ok 00:38:51.0201 0976 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 00:38:51.0205 0976 Ndisuio - ok 00:38:51.0231 0976 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 00:38:51.0236 0976 NdisWan - ok 00:38:51.0257 0976 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 00:38:51.0260 0976 NDProxy - ok 00:38:51.0333 0976 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 00:38:51.0345 0976 Nero BackItUp Scheduler 4.0 - ok 00:38:51.0374 0976 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 00:38:51.0375 0976 NetBIOS - ok 00:38:51.0398 0976 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 00:38:51.0403 0976 NetBT - ok 00:38:51.0412 0976 [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon C:\Windows\system32\lsass.exe 00:38:51.0413 0976 Netlogon - ok 00:38:51.0437 0976 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 00:38:51.0443 0976 Netman - ok 00:38:51.0478 0976 [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:38:51.0481 0976 NetMsmqActivator - ok 00:38:51.0488 0976 [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:38:51.0490 0976 NetPipeActivator - ok 00:38:51.0516 0976 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 00:38:51.0523 0976 netprofm - ok 00:38:51.0536 0976 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:38:51.0538 0976 NetTcpActivator - ok 00:38:51.0544 0976 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:38:51.0547 0976 NetTcpPortSharing - ok 00:38:51.0578 0976 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 00:38:51.0581 0976 nfrd960 - ok 00:38:51.0595 0976 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 00:38:51.0602 0976 NlaSvc - ok 00:38:51.0617 0976 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 00:38:51.0618 0976 Npfs - ok 00:38:51.0630 0976 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 00:38:51.0634 0976 nsi - ok 00:38:51.0647 0976 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 00:38:51.0650 0976 nsiproxy - ok 00:38:51.0694 0976 [ 1A29A59A4C5BA6F8C85062A613B7E2B2 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 00:38:51.0720 0976 Ntfs - ok 00:38:51.0733 0976 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 00:38:51.0735 0976 Null - ok 00:38:51.0769 0976 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 00:38:51.0772 0976 nvraid - ok 00:38:51.0783 0976 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 00:38:51.0786 0976 nvstor - ok 00:38:51.0799 0976 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 00:38:51.0802 0976 nv_agp - ok 00:38:51.0851 0976 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 00:38:51.0856 0976 odserv - ok 00:38:51.0872 0976 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 00:38:51.0875 0976 ohci1394 - ok 00:38:51.0893 0976 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:38:51.0896 0976 ose - ok 00:38:51.0934 0976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 00:38:51.0942 0976 p2pimsvc - ok 00:38:51.0962 0976 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 00:38:51.0971 0976 p2psvc - ok 00:38:51.0997 0976 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 00:38:52.0001 0976 Parport - ok 00:38:52.0019 0976 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 00:38:52.0021 0976 partmgr - ok 00:38:52.0038 0976 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 00:38:52.0042 0976 PcaSvc - ok 00:38:52.0067 0976 PCFApiUtil - ok 00:38:52.0094 0976 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 00:38:52.0097 0976 pci - ok 00:38:52.0133 0976 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 00:38:52.0135 0976 pciide - ok 00:38:52.0159 0976 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 00:38:52.0163 0976 pcmcia - ok 00:38:52.0181 0976 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 00:38:52.0183 0976 pcw - ok 00:38:52.0206 0976 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 00:38:52.0213 0976 PEAUTH - ok 00:38:52.0257 0976 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 00:38:52.0284 0976 PeerDistSvc - ok 00:38:52.0326 0976 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 00:38:52.0330 0976 PerfHost - ok 00:38:52.0388 0976 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 00:38:52.0413 0976 pla - ok 00:38:52.0440 0976 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 00:38:52.0447 0976 PlugPlay - ok 00:38:52.0469 0976 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 00:38:52.0474 0976 PNRPAutoReg - ok 00:38:52.0493 0976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 00:38:52.0496 0976 PNRPsvc - ok 00:38:52.0521 0976 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 00:38:52.0530 0976 PolicyAgent - ok 00:38:52.0560 0976 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 00:38:52.0565 0976 Power - ok 00:38:52.0585 0976 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 00:38:52.0590 0976 PptpMiniport - ok 00:38:52.0613 0976 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 00:38:52.0619 0976 Processor - ok 00:38:52.0652 0976 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 00:38:52.0658 0976 ProfSvc - ok 00:38:52.0668 0976 [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe 00:38:52.0669 0976 ProtectedStorage - ok 00:38:52.0704 0976 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 00:38:52.0707 0976 Psched - ok 00:38:52.0749 0976 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 00:38:52.0775 0976 ql2300 - ok 00:38:52.0804 0976 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 00:38:52.0807 0976 ql40xx - ok 00:38:52.0833 0976 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 00:38:52.0841 0976 QWAVE - ok 00:38:52.0852 0976 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 00:38:52.0856 0976 QWAVEdrv - ok 00:38:52.0870 0976 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 00:38:52.0872 0976 RasAcd - ok 00:38:52.0903 0976 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 00:38:52.0907 0976 RasAgileVpn - ok 00:38:52.0915 0976 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 00:38:52.0919 0976 RasAuto - ok 00:38:52.0944 0976 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 00:38:52.0948 0976 Rasl2tp - ok 00:38:52.0964 0976 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 00:38:52.0972 0976 RasMan - ok 00:38:52.0991 0976 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 00:38:52.0994 0976 RasPppoe - ok 00:38:53.0010 0976 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 00:38:53.0014 0976 RasSstp - ok 00:38:53.0041 0976 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 00:38:53.0044 0976 rdbss - ok 00:38:53.0053 0976 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 00:38:53.0057 0976 rdpbus - ok 00:38:53.0065 0976 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 00:38:53.0068 0976 RDPCDD - ok 00:38:53.0102 0976 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 00:38:53.0106 0976 RDPDR - ok 00:38:53.0122 0976 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 00:38:53.0125 0976 RDPENCDD - ok 00:38:53.0143 0976 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 00:38:53.0146 0976 RDPREFMP - ok 00:38:53.0169 0976 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 00:38:53.0173 0976 RDPWD - ok 00:38:53.0208 0976 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 00:38:53.0210 0976 rdyboost - ok 00:38:53.0232 0976 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 00:38:53.0238 0976 RemoteAccess - ok 00:38:53.0251 0976 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 00:38:53.0255 0976 RemoteRegistry - ok 00:38:53.0279 0976 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 00:38:53.0284 0976 RpcEptMapper - ok 00:38:53.0294 0976 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 00:38:53.0297 0976 RpcLocator - ok 00:38:53.0325 0976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 00:38:53.0330 0976 RpcSs - ok 00:38:53.0358 0976 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 00:38:53.0361 0976 rspndr - ok 00:38:53.0395 0976 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 00:38:53.0402 0976 RTL8167 - ok 00:38:53.0421 0976 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 00:38:53.0424 0976 s3cap - ok 00:38:53.0434 0976 [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs C:\Windows\system32\lsass.exe 00:38:53.0436 0976 SamSs - ok 00:38:53.0454 0976 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 00:38:53.0457 0976 sbp2port - ok 00:38:53.0477 0976 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 00:38:53.0482 0976 SCardSvr - ok 00:38:53.0500 0976 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 00:38:53.0504 0976 scfilter - ok 00:38:53.0541 0976 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 00:38:53.0569 0976 Schedule - ok 00:38:53.0592 0976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 00:38:53.0593 0976 SCPolicySvc - ok 00:38:53.0610 0976 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 00:38:53.0616 0976 SDRSVC - ok 00:38:53.0639 0976 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 00:38:53.0641 0976 secdrv - ok 00:38:53.0654 0976 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 00:38:53.0658 0976 seclogon - ok 00:38:53.0680 0976 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 00:38:53.0684 0976 SENS - ok 00:38:53.0701 0976 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 00:38:53.0708 0976 SensrSvc - ok 00:38:53.0729 0976 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 00:38:53.0732 0976 Serenum - ok 00:38:53.0745 0976 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 00:38:53.0749 0976 Serial - ok 00:38:53.0772 0976 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 00:38:53.0775 0976 sermouse - ok 00:38:53.0813 0976 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 00:38:53.0819 0976 SessionEnv - ok 00:38:53.0835 0976 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 00:38:53.0842 0976 sffdisk - ok 00:38:53.0854 0976 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 00:38:53.0858 0976 sffp_mmc - ok 00:38:53.0864 0976 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 00:38:53.0867 0976 sffp_sd - ok 00:38:53.0879 0976 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 00:38:53.0883 0976 sfloppy - ok 00:38:53.0906 0976 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 00:38:53.0912 0976 SharedAccess - ok 00:38:53.0937 0976 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 00:38:53.0944 0976 ShellHWDetection - ok 00:38:53.0963 0976 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:38:53.0966 0976 SiSRaid2 - ok 00:38:53.0983 0976 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 00:38:53.0987 0976 SiSRaid4 - ok 00:38:54.0030 0976 [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 00:38:54.0032 0976 SkypeUpdate - ok 00:38:54.0050 0976 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 00:38:54.0053 0976 Smb - ok 00:38:54.0078 0976 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 00:38:54.0081 0976 SNMPTRAP - ok 00:38:54.0096 0976 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 00:38:54.0096 0976 spldr - ok 00:38:54.0123 0976 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 00:38:54.0131 0976 Spooler - ok 00:38:54.0206 0976 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 00:38:54.0258 0976 sppsvc - ok 00:38:54.0276 0976 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 00:38:54.0281 0976 sppuinotify - ok 00:38:54.0305 0976 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 00:38:54.0310 0976 srv - ok 00:38:54.0343 0976 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 00:38:54.0348 0976 srv2 - ok 00:38:54.0368 0976 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 00:38:54.0371 0976 srvnet - ok 00:38:54.0399 0976 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 00:38:54.0404 0976 SSDPSRV - ok 00:38:54.0421 0976 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 00:38:54.0426 0976 SstpSvc - ok 00:38:54.0445 0976 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 00:38:54.0447 0976 stexstor - ok 00:38:54.0471 0976 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 00:38:54.0481 0976 stisvc - ok 00:38:54.0499 0976 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 00:38:54.0500 0976 storflt - ok 00:38:54.0526 0976 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 00:38:54.0532 0976 StorSvc - ok 00:38:54.0543 0976 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 00:38:54.0545 0976 storvsc - ok 00:38:54.0558 0976 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 00:38:54.0560 0976 swenum - ok 00:38:54.0585 0976 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 00:38:54.0593 0976 swprv - ok 00:38:54.0644 0976 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 00:38:54.0679 0976 SysMain - ok 00:38:54.0696 0976 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 00:38:54.0701 0976 TabletInputService - ok 00:38:54.0716 0976 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 00:38:54.0723 0976 TapiSrv - ok 00:38:54.0734 0976 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 00:38:54.0739 0976 TBS - ok 00:38:54.0783 0976 [ 40AF23633D197905F03AB5628C558C51 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 00:38:54.0817 0976 Tcpip - ok 00:38:54.0866 0976 [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 00:38:54.0876 0976 TCPIP6 - ok 00:38:54.0897 0976 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 00:38:54.0900 0976 tcpipreg - ok 00:38:54.0919 0976 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 00:38:54.0925 0976 TDPIPE - ok 00:38:54.0948 0976 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 00:38:54.0951 0976 TDTCP - ok 00:38:54.0984 0976 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 00:38:54.0988 0976 tdx - ok 00:38:55.0000 0976 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 00:38:55.0002 0976 TermDD - ok 00:38:55.0030 0976 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 00:38:55.0040 0976 TermService - ok 00:38:55.0068 0976 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 00:38:55.0073 0976 Themes - ok 00:38:55.0093 0976 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 00:38:55.0095 0976 THREADORDER - ok 00:38:55.0109 0976 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 00:38:55.0114 0976 TrkWks - ok 00:38:55.0143 0976 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 00:38:55.0146 0976 TrustedInstaller - ok 00:38:55.0176 0976 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 00:38:55.0181 0976 tssecsrv - ok 00:38:55.0211 0976 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 00:38:55.0217 0976 TsUsbFlt - ok 00:38:55.0261 0976 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 00:38:55.0264 0976 tunnel - ok 00:38:55.0292 0976 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 00:38:55.0295 0976 uagp35 - ok 00:38:55.0315 0976 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 00:38:55.0320 0976 udfs - ok 00:38:55.0350 0976 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 00:38:55.0354 0976 UI0Detect - ok 00:38:55.0375 0976 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 00:38:55.0377 0976 uliagpkx - ok 00:38:55.0403 0976 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 00:38:55.0407 0976 umbus - ok 00:38:55.0420 0976 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 00:38:55.0424 0976 UmPass - ok 00:38:55.0450 0976 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 00:38:55.0456 0976 UmRdpService - ok 00:38:55.0478 0976 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 00:38:55.0484 0976 upnphost - ok 00:38:55.0508 0976 [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 00:38:55.0513 0976 usbccgp - ok 00:38:55.0542 0976 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir C:\Windows\system32\drivers\usbcir.sys 00:38:55.0545 0976 usbcir - ok 00:38:55.0563 0976 [ 18A85013A3E0F7E1755365D287443965 ] usbehci C:\Windows\system32\drivers\usbehci.sys 00:38:55.0567 0976 usbehci - ok 00:38:55.0598 0976 [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 00:38:55.0604 0976 usbhub - ok 00:38:55.0625 0976 [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci C:\Windows\system32\drivers\usbohci.sys 00:38:55.0629 0976 usbohci - ok 00:38:55.0656 0976 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 00:38:55.0660 0976 usbprint - ok 00:38:55.0685 0976 [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan C:\Windows\system32\drivers\usbscan.sys 00:38:55.0688 0976 usbscan - ok 00:38:55.0708 0976 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:38:55.0711 0976 USBSTOR - ok 00:38:55.0720 0976 [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 00:38:55.0723 0976 usbuhci - ok 00:38:55.0743 0976 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 00:38:55.0747 0976 UxSms - ok 00:38:55.0756 0976 [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc C:\Windows\system32\lsass.exe 00:38:55.0758 0976 VaultSvc - ok 00:38:55.0774 0976 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 00:38:55.0776 0976 vdrvroot - ok 00:38:55.0807 0976 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 00:38:55.0816 0976 vds - ok 00:38:55.0836 0976 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 00:38:55.0841 0976 vga - ok 00:38:55.0857 0976 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 00:38:55.0860 0976 VgaSave - ok 00:38:55.0875 0976 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 00:38:55.0878 0976 vhdmp - ok 00:38:55.0893 0976 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 00:38:55.0895 0976 viaide - ok 00:38:55.0916 0976 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 00:38:55.0919 0976 vmbus - ok 00:38:55.0936 0976 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 00:38:55.0939 0976 VMBusHID - ok 00:38:55.0956 0976 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 00:38:55.0958 0976 volmgr - ok 00:38:55.0977 0976 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 00:38:55.0982 0976 volmgrx - ok 00:38:55.0999 0976 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 00:38:56.0002 0976 volsnap - ok 00:38:56.0037 0976 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 00:38:56.0040 0976 vsmraid - ok 00:38:56.0087 0976 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 00:38:56.0114 0976 VSS - ok 00:38:56.0124 0976 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 00:38:56.0129 0976 vwifibus - ok 00:38:56.0152 0976 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 00:38:56.0159 0976 W32Time - ok 00:38:56.0181 0976 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 00:38:56.0184 0976 WacomPen - ok 00:38:56.0209 0976 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 00:38:56.0213 0976 WANARP - ok 00:38:56.0227 0976 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 00:38:56.0228 0976 Wanarpv6 - ok 00:38:56.0265 0976 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 00:38:56.0299 0976 wbengine - ok 00:38:56.0315 0976 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 00:38:56.0321 0976 WbioSrvc - ok 00:38:56.0347 0976 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 00:38:56.0354 0976 wcncsvc - ok 00:38:56.0362 0976 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 00:38:56.0368 0976 WcsPlugInService - ok 00:38:56.0386 0976 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 00:38:56.0389 0976 Wd - ok 00:38:56.0423 0976 [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 00:38:56.0431 0976 Wdf01000 - ok 00:38:56.0446 0976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 00:38:56.0451 0976 WdiServiceHost - ok 00:38:56.0456 0976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 00:38:56.0459 0976 WdiSystemHost - ok 00:38:56.0480 0976 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient C:\Windows\System32\webclnt.dll 00:38:56.0487 0976 WebClient - ok 00:38:56.0497 0976 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 00:38:56.0502 0976 Wecsvc - ok 00:38:56.0520 0976 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 00:38:56.0524 0976 wercplsupport - ok 00:38:56.0540 0976 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 00:38:56.0543 0976 WerSvc - ok 00:38:56.0555 0976 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 00:38:56.0558 0976 WfpLwf - ok 00:38:56.0580 0976 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 00:38:56.0583 0976 WIMMount - ok 00:38:56.0599 0976 WinDefend - ok 00:38:56.0619 0976 WinHttpAutoProxySvc - ok 00:38:56.0666 0976 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 00:38:56.0670 0976 Winmgmt - ok 00:38:56.0715 0976 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 00:38:56.0750 0976 WinRM - ok 00:38:56.0800 0976 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 00:38:56.0813 0976 Wlansvc - ok 00:38:56.0831 0976 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 00:38:56.0833 0976 WmiAcpi - ok 00:38:56.0854 0976 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 00:38:56.0858 0976 wmiApSrv - ok 00:38:56.0878 0976 WMPNetworkSvc - ok 00:38:56.0894 0976 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 00:38:56.0900 0976 WPCSvc - ok 00:38:56.0922 0976 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 00:38:56.0929 0976 WPDBusEnum - ok 00:38:56.0957 0976 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 00:38:56.0958 0976 ws2ifsl - ok 00:38:56.0977 0976 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 00:38:56.0983 0976 wscsvc - ok 00:38:56.0993 0976 WSearch - ok 00:38:57.0051 0976 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 00:38:57.0086 0976 wuauserv - ok 00:38:57.0115 0976 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 00:38:57.0120 0976 WudfPf - ok 00:38:57.0151 0976 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 00:38:57.0156 0976 WUDFRd - ok 00:38:57.0169 0976 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 00:38:57.0175 0976 wudfsvc - ok 00:38:57.0196 0976 [ 04F82965C09CBDF646B487E145060301 ] WwanSvc C:\Windows\System32\wwansvc.dll 00:38:57.0202 0976 WwanSvc - ok 00:38:57.0218 0976 ================ Scan global =============================== 00:38:57.0233 0976 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 00:38:57.0255 0976 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll 00:38:57.0270 0976 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll 00:38:57.0291 0976 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 00:38:57.0316 0976 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 00:38:57.0321 0976 [Global] - ok 00:38:57.0321 0976 ================ Scan MBR ================================== 00:38:57.0334 0976 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 00:38:57.0741 0976 \Device\Harddisk0\DR0 - ok 00:38:57.0741 0976 ================ Scan VBR ================================== 00:38:57.0766 0976 [ A93E553D1E44B771FA74ECACDC7FD2DE ] \Device\Harddisk0\DR0\Partition1 00:38:57.0767 0976 \Device\Harddisk0\DR0\Partition1 - ok 00:38:57.0776 0976 [ F82B1C5A88D04C08667D04E0E95C0AFB ] \Device\Harddisk0\DR0\Partition2 00:38:57.0778 0976 \Device\Harddisk0\DR0\Partition2 - ok 00:38:57.0779 0976 ============================================================ 00:38:57.0779 0976 Scan finished 00:38:57.0779 0976 ============================================================ 00:38:57.0793 1612 Detected object count: 0 00:38:57.0793 1612 Actual detected object count: 0
  7. Boa tarde, Carlos! Aqui vai: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17105 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.599000 GHz Memory total: 4258521088, free: 2164293632 Downloaded database version: v2014.05.10.09 Downloaded database version: v2014.03.27.01 Initializing... ====================== ------------ Kernel report ------------ 05/10/2014 16:01:14 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx64.sys \SystemRoot\system32\DRIVERS\avgloga.sys \SystemRoot\system32\DRIVERS\avgmfx64.sys \SystemRoot\system32\DRIVERS\avgidsha.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\avgtdia.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avgldx64.sys \SystemRoot\system32\DRIVERS\avgidsdrivera.sys \SystemRoot\system32\DRIVERS\avgdiska.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\USBD.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\drivers\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\ATMFD.DLL \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8004b97790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006a\ Lower Device Object: 0xfffffa80058f6b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004c0d060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\ Lower Device Object: 0xfffffa8004998060 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004c0d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004c0dab0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004c0d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800499b520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004998060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 41712435 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 976564224 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8004b97790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80058ff910, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004b97790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80058f6b60, DeviceName: \Device\0000006a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Read File: File "c:\programdata\avg2014\chjw\5640c4c140c4a957.dat:5be94203-d8ef-4b32-a39f-e72f0cd54e32" is sparse (flags = 32768) Read File: File "c:\programdata\avg2014\chjw\9660c0d160c0b8ef.dat:85875e7a-ea9b-4330-b748-7068f58ed20c" is sparse (flags = 32768) Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgrs.log.3" is compressed (flags = 1) Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.1" is compressed (flags = 1) Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgcore.log.5" is compressed (flags = 1) Scan finished
  8. Boa noite, Carlos ! Aqui vão os resultados: Logfile of HijackThis v1.99.1 Scan saved at 23:17:14, on 09/05/2014 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v11.0 (11.00.9600.17041) Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Rosa\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0913b] C:\Users\Rosa\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid a05e6c16d0cf47d3848cd1a920e7bb20-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913b O4 - Startup: PC App Store Uninstall 3.8.8.1435.lnk = C:\Windows\System32\rundll32.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing) Farbar Service Scanner Version: 03-05-2014 Ran by Rosa (administrator) on 09-05-2014 at 23:22:43 Running from "C:\Users\Rosa\Downloads" Microsoft Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Farbar Service Scanner Version: 03-05-2014 Ran by Rosa (administrator) on 09-05-2014 at 23:22:43 Running from "C:\Users\Rosa\Downloads" Microsoft Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log *** Farbar Service Scanner Version: 03-05-2014 Ran by Rosa (administrator) on 09-05-2014 at 23:22:43 Running from "C:\Users\Rosa\Downloads" Microsoft Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** FALTOU ESTE: MBRScan v1.1.1 OS : Windows 7 Service Pack 1 (64 bit) PROCESSOR : Intel64 Family 6 Model 23 Stepping 10, GenuineIntel BOOT : Normal Boot DATE : 2014/05/09 (ISO 8601) at 23:21:03 ________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __ST500DM002-1BD142 (KC45) BUS_TYPE : (0x03) P-ATA USE_PIO : NO MAX_TRANSFER : 128 Kb ALIGNMENT_MASK : word aligned ________________________________________________________________________________ Device\Harddisk0\DR0 465.8 Go [Fixed] ==> 7 MBR Code MBR_MD5 : 61E83B7271BA26F9C04B27442922AE63 MBR_SHA1 : 318FFF39E2EEBCC065A67652BDD6A1A626D6B215 Device\Harddisk0\Partition1 100.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __ Device\Harddisk0\Partition2 465.7 Go 0x07 NTFS / HPFS ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk ADDRESS : 0x02A11000 SIZE : 292.0 Ko DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk ADDRESS : 0x00BA4000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk ADDRESS : 0x00C3A000 SIZE : 316.0 Ko DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk ADDRESS : 0x00C9D000 SIZE : 376.0 Ko DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk ADDRESS : 0x00CFB000 SIZE : 768.0 Ko DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk ADDRESS : 0x00EB8000 SIZE : 776.0 Ko DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk ADDRESS : 0x00F7A000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk ADDRESS : 0x00F8A000 SIZE : 348.0 Ko DRIVER : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk ADDRESS : 0x00FE1000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk ADDRESS : 0x00FEA000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\pci.sys => Invisible on the disk ADDRESS : 0x00E00000 SIZE : 204.0 Ko DRIVER : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk ADDRESS : 0x00E33000 SIZE : 52.0 Ko DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk ADDRESS : 0x00E40000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk ADDRESS : 0x00E55000 SIZE : 84.0 Ko DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk ADDRESS : 0x01001000 SIZE : 368.0 Ko DRIVER : C:\Windows\system32\drivers\intelide.sys => Invisible on the disk ADDRESS : 0x0105D000 SIZE : 32.0 Ko DRIVER : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk ADDRESS : 0x01065000 SIZE : 64.0 Ko DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk ADDRESS : 0x01075000 SIZE : 104.0 Ko DRIVER : C:\Windows\system32\drivers\vmbus.sys => Invisible on the disk ADDRESS : 0x0108F000 SIZE : 240.0 Ko DRIVER : C:\Windows\system32\drivers\winhv.sys => Invisible on the disk ADDRESS : 0x010CB000 SIZE : 80.0 Ko DRIVER : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk ADDRESS : 0x010DF000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk ADDRESS : 0x010E8000 SIZE : 168.0 Ko DRIVER : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk ADDRESS : 0x01112000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk ADDRESS : 0x0111D000 SIZE : 304.0 Ko DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk ADDRESS : 0x01169000 SIZE : 80.0 Ko DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk ADDRESS : 0x01215000 SIZE : 1.66 Mo DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk ADDRESS : 0x0117D000 SIZE : 376.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk ADDRESS : 0x013BE000 SIZE : 108.0 Ko DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk ADDRESS : 0x01450000 SIZE : 456.0 Ko DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk ADDRESS : 0x014C2000 SIZE : 68.0 Ko DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk ADDRESS : 0x014D3000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk ADDRESS : 0x014DD000 SIZE : 968.0 Ko DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk ADDRESS : 0x01690000 SIZE : 384.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk ADDRESS : 0x016F0000 SIZE : 172.0 Ko DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk ADDRESS : 0x01801000 SIZE : 2.00 Mo DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk ADDRESS : 0x0171B000 SIZE : 292.0 Ko DRIVER : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk ADDRESS : 0x01764000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk ADDRESS : 0x01774000 SIZE : 304.0 Ko DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk ADDRESS : 0x017C0000 SIZE : 32.0 Ko DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk ADDRESS : 0x01600000 SIZE : 232.0 Ko DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk ADDRESS : 0x0163A000 SIZE : 72.0 Ko DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk ADDRESS : 0x0164C000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk ADDRESS : 0x01655000 SIZE : 232.0 Ko DRIVER : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk ADDRESS : 0x017C8000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk ADDRESS : 0x015CF000 SIZE : 192.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgrkx64.sys => Invisible on the disk ADDRESS : 0x017DE000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgloga.sys => Invisible on the disk ADDRESS : 0x01AE2000 SIZE : 324.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgmfx64.sys => Invisible on the disk ADDRESS : 0x01B33000 SIZE : 140.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgidsha.sys => Invisible on the disk ADDRESS : 0x01B56000 SIZE : 196.0 Ko DRIVER : C:\Windows\system32\drivers\cdrom.sys => Invisible on the disk ADDRESS : 0x01BBD000 SIZE : 168.0 Ko DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk ADDRESS : 0x01BE7000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk ADDRESS : 0x01BF0000 SIZE : 28.0 Ko DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk ADDRESS : 0x01A00000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk ADDRESS : 0x01A0E000 SIZE : 148.0 Ko DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk ADDRESS : 0x01A33000 SIZE : 64.0 Ko DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk ADDRESS : 0x01A43000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk ADDRESS : 0x01A4C000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk ADDRESS : 0x01A55000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk ADDRESS : 0x01A5E000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk ADDRESS : 0x01A69000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk ADDRESS : 0x01A7A000 SIZE : 136.0 Ko DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk ADDRESS : 0x01A9C000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgtdia.sys => Invisible on the disk ADDRESS : 0x01400000 SIZE : 280.0 Ko DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk ADDRESS : 0x00E6A000 SIZE : 276.0 Ko DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk ADDRESS : 0x02EFE000 SIZE : 548.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk ADDRESS : 0x02F87000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk ADDRESS : 0x02F90000 SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk ADDRESS : 0x02FB6000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk ADDRESS : 0x02FC5000 SIZE : 116.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk ADDRESS : 0x02FE2000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk ADDRESS : 0x02E00000 SIZE : 80.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk ADDRESS : 0x02E14000 SIZE : 324.0 Ko DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk ADDRESS : 0x02E65000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk ADDRESS : 0x02E71000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk ADDRESS : 0x02E7C000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\csc.sys => Invisible on the disk ADDRESS : 0x040ED000 SIZE : 524.0 Ko DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk ADDRESS : 0x04170000 SIZE : 120.0 Ko DRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk ADDRESS : 0x0418E000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgldx64.sys => Invisible on the disk ADDRESS : 0x0419F000 SIZE : 248.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgidsdrivera.sys => Invisible on the disk ADDRESS : 0x04000000 SIZE : 256.0 Ko DRIVER : C:\Windows\system32\DRIVERS\avgdiska.sys => Invisible on the disk ADDRESS : 0x04040000 SIZE : 164.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk ADDRESS : 0x04069000 SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk ADDRESS : 0x0408F000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk ADDRESS : 0x04AE4000 SIZE : 10.14 Mo DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk ADDRESS : 0x05507000 SIZE : 976.0 Ko DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk ADDRESS : 0x04A00000 SIZE : 280.0 Ko DRIVER : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk ADDRESS : 0x04A46000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk ADDRESS : 0x04225000 SIZE : 532.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk ADDRESS : 0x042AA000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk ADDRESS : 0x042B7000 SIZE : 344.0 Ko DRIVER : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk ADDRESS : 0x0430D000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\drivers\i8042prt.sys => Invisible on the disk ADDRESS : 0x04319000 SIZE : 120.0 Ko DRIVER : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the disk ADDRESS : 0x04337000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk ADDRESS : 0x04346000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk ADDRESS : 0x04356000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk ADDRESS : 0x0436C000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk ADDRESS : 0x04390000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk ADDRESS : 0x0439C000 SIZE : 188.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk ADDRESS : 0x043CB000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk ADDRESS : 0x04200000 SIZE : 132.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk ADDRESS : 0x043E6000 SIZE : 104.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk ADDRESS : 0x04A6A000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\drivers\mouclass.sys => Invisible on the disk ADDRESS : 0x04A75000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk ADDRESS : 0x04221000 SIZE : 8.0 Ko DRIVER : C:\Windows\system32\drivers\ks.sys => Invisible on the disk ADDRESS : 0x04A84000 SIZE : 268.0 Ko DRIVER : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk ADDRESS : 0x04AC7000 SIZE : 72.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk ADDRESS : 0x02E8B000 SIZE : 360.0 Ko DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk ADDRESS : 0x040A5000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the disk ADDRESS : 0x05C99000 SIZE : 368.0 Ko DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk ADDRESS : 0x05CF5000 SIZE : 244.0 Ko DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk ADDRESS : 0x05D32000 SIZE : 136.0 Ko DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk ADDRESS : 0x05D54000 SIZE : 24.0 Ko DRIVER : C:\Windows\system32\drivers\hidusb.sys => Invisible on the disk ADDRESS : 0x05D5A000 SIZE : 56.0 Ko DRIVER : C:\Windows\system32\drivers\HIDCLASS.SYS => Invisible on the disk ADDRESS : 0x05D68000 SIZE : 100.0 Ko DRIVER : C:\Windows\system32\drivers\HIDPARSE.SYS => Invisible on the disk ADDRESS : 0x05D81000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\USBD.SYS => Invisible on the disk ADDRESS : 0x05D8A000 SIZE : 8.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk ADDRESS : 0x05D8C000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk ADDRESS : 0x05D99000 SIZE : 116.0 Ko DRIVER : C:\Windows\system32\drivers\usbscan.sys => Invisible on the disk ADDRESS : 0x05DB6000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbprint.sys => Invisible on the disk ADDRESS : 0x05DC7000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk ADDRESS : 0x05DD3000 SIZE : 108.0 Ko DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk ADDRESS : 0x05DEE000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk ADDRESS : 0x05C00000 SIZE : 48.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk ADDRESS : 0x05C0C000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk ADDRESS : 0x05C15000 SIZE : 76.0 Ko DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk ADDRESS : 0x00060000 SIZE : 3.09 Mo DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk ADDRESS : 0x05C28000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk ADDRESS : 0x05C34000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk ADDRESS : 0x00470000 SIZE : 40.0 Ko DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk ADDRESS : 0x00720000 SIZE : 156.0 Ko DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk ADDRESS : 0x05C42000 SIZE : 140.0 Ko DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk ADDRESS : 0x05C65000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk ADDRESS : 0x05C7A000 SIZE : 96.0 Ko DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk ADDRESS : 0x028BA000 SIZE : 804.0 Ko DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk ADDRESS : 0x02983000 SIZE : 120.0 Ko DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk ADDRESS : 0x029A1000 SIZE : 96.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk ADDRESS : 0x029B9000 SIZE : 180.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk ADDRESS : 0x02800000 SIZE : 312.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk ADDRESS : 0x0284E000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk ADDRESS : 0x048F5000 SIZE : 664.0 Ko DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk ADDRESS : 0x0499B000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk ADDRESS : 0x049A6000 SIZE : 196.0 Ko DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk ADDRESS : 0x049D7000 SIZE : 72.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk ADDRESS : 0x04800000 SIZE : 420.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk ADDRESS : 0x05647000 SIZE : 608.0 Ko DRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk ADDRESS : 0x05715000 SIZE : 100.0 Ko DRIVER : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk ADDRESS : 0x0572E000 SIZE : 216.0 Ko DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk ADDRESS : 0x47C40000 SIZE : 128.0 Ko BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020) SystemStartOptions : NOEXECUTE=OPTIN ________________________________________________________________________________ _______MBR \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿. 0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹.. 0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å. 0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF.. 0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu. 0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t 0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h. 0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ. 0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V. 0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ 0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë. 0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U 0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd 0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu 0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT 0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.». 0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf 0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f 0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í 0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2ä 0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í 0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø 0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti 0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error 0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati 0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin 0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst 0x000001B0 65 6D 00 00 00 63 7B 9A 35 24 71 41 00 00 80 20 em...c{.5$qA... 0x000001C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF !..ß....... ...ß 0x000001D0 14 0C 07 FE FF FF 00 28 03 00 00 30 35 3A 00 00 ...þ...(...05:.. 0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
  9. Por favor, me ajudem. Passei o AVG que não detectou nada. Nao quero fazer o download do programa sugerido pelo Flash Payer. Obrigada !
  10. Obrigada, Carlos !
  11. Muito melhor! Nossa... Obrigada por toda ajuda! O FireFox é que me preocupa pq ainda trava. Muito menos, mas, ainda trava. Por que será?
  12. ESET Scanner log: C:\Users\Usuario\Downloads\mp3mymp3install.exe multiple threats cleaned by deleting - quarantined Logfile of HijackThis v1.99.1 Scan saved at 00:21:58, on 30/05/2013 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Usuario\Downloads\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe" /c O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O15 - Trusted IP range: http://189.34.212.69 O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} (ActiveViewGUI Control) - http://189.34.212.69:8080/ActiveViewGUI.cab O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://189.34.212.69:8080/ActiveView.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
  13. Agora, sim ! Eu selecionava, mas nao marcava a janela para a remoçao quando usava o MBAM ... Abaixo o log do Rogkiller: RogueKiller V8.5.4 [Mar 18 2013] Por Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Site : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Sistema Operacional : Windows 7 (6.1.7600 ) 32 bits version Iniciado em : Modo Normal Usuario : Usuario [Privilegios de Admnistrador] Modo : Verificar -- Data : 05/29/2013 12:27:19 | ARK || FAK || MBR | ¤¤¤ Entradas ruins : 0 ¤¤¤ ¤¤¤ Entradas do Registro : 4 ¤¤¤ [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO ¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤ ¤¤¤ Driver : [Carregado] ¤¤¤ ¤¤¤ Arquivo de Hosts: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ Verificaçao do MBR: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKX-003CA0 ATA Device +++++ --- User --- [MBR] 65a4cafbf4fb92c5e33d0774cd3f75c6 [bSP] e50db795db442ad5a6142d27f38efad1 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: HP Photosmart C4280 USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Concluido : << RKreport[1]_S_05292013_02d1227.txt >> RKreport[1]_S_05292013_02d1227.txt
  14. Vão abaixo, Carlos, Faço apenas uma observação. O programa MBAM, toda vez que faz a varredura acusa sempre infecçao pela mesma praga => Pup,Adware ou Pup.SpywareObrigada! # AdwCleaner v2.301 - Relatório criado em 28/05/2013 às 18:57:12 # Atualizado em 16/05/2013 por Xplode # Sistema Operacional : Windows 7 Home Premium (32 bits) # Usuário : Usuario - USUARIO-PC # Modo de Boot : Normal # Executado de : C:\Users\Usuario\Downloads\adwcleaner.exe # Opção [Remover] ***** [serviços] ***** ***** [Arquivos/Pastas] ***** ***** [Registro] ***** Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E ***** [Navegadores] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registro está limpo. -\\ Mozilla Firefox v20.0.1 (pt-BR) Arquivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\mussaqmx.default\prefs.js [OK] Arquivo está limpo. -\\ Google Chrome v27.0.1453.94 Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Arquivo está limpo. ************************* AdwCleaner[R1].txt - [4895 octets] - [28/05/2013 18:55:45] AdwCleaner[s1].txt - [4671 octets] - [01/07/2012 21:57:30] AdwCleaner[s2].txt - [4643 octets] - [28/05/2013 18:57:12] ########## EOF - C:\AdwCleaner[s2].txt - [4703 octets] ########## Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x86 Ran by Usuario on 28/05/2013 at 19:12:36,44 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\mussaqmx.default\minidumps [344 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 28/05/2013 at 19:13:46,03 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Versão da Base de Dados: v2013.05.27.01 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Usuario :: USUARIO-PC [administrador] 28/05/2013 19:17:06 mbam-log-2013-05-28 (19-17-06).txt Tipo de Verificação: Verificação Rápida Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 196623 Tempo decorrido: 3 minuto(s), 26 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 1 C:\Users\Usuario\Downloads\first-pdf-1054-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita. (fim)