Biruta

Não é possível encontrar o arquivo de script eol.vbs

26 posts neste tópico

Olá amigos

Assim como outros usuários, estou tendo o problema descrito no título deste tópico.

Resolvi criar mais este tópico pois notei que, em outras palavras, cada caso é um caso.

Segue abaixo o log gerado pelo HijackThis

Desde já, muito obrigado pela atenção e peço desculpas caso cometa algum erro ao fazer este ou algum outro procedimento dentro do site.

Rodrigo

Logfile of HijackThis v1.99.1

Scan saved at 16:35:13, on 17/01/2013

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [Google Update] "C:\Users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares

Por favor, observe o seguinte:

  • Não utilize softwares que não foram indicado.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em Seguir este tópico, segutpld.png,
    para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma Mensagem Privada (MP)

Peço que me envie um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá killer, já estou seguindo suas orientações.

Ao rodar o HijackThis, apareceram duas mensagens (não consegui copiar, mas o início da primeira diz "For some reason your system denied write access to the Hosts file... etc"

e após clicar ok, uma nova mensagem de erro apareceu, segue abaixo (consegui copiar pois foi automático para o clipboard):

An unexpected error has occurred at procedure: modMain_CheckOther1Item()

Error #75 - Path/File access error

Please email me at merijn@spywareinfo.com, reporting the following:

* What you were trying to fix when the error occurred, if applicable

* How you can reproduce the error

* A complete HijackThis scan log, if possible

Windows version: Windows NT 6.01.3505

MSIE version: 9.0.8112.16421

HijackThis version: 1.99.1

This message has been copied to your clipboard.

Click OK to continue the rest of the scan.

E então, gerou o seguinte log:

Logfile of HijackThis v1.99.1

Scan saved at 21:41:59, on 18/01/2013

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [Google Update] "C:\Users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

No aguardo de suas instruções

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites
e após clicar ok, uma nova mensagem de erro apareceu, segue abaixo (consegui copiar pois foi automático para o clipboard):

Basta executar o Hijackthis com privilegios de administrador.

Clique com o direito sobre o arquivo, depois clique em Executar%20como%20administrador.png

Baixe OTL by OldTimer, e salve na sua área de trabalho.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar%20como%20administrador.png

Feche todas as janelas e execute a ferramenta.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Usar WhiteList para Nomes de Companhias.
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

drives

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%PROGRAMFILES%(x86)\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

C:\windows\system32\Tasks\*.* /s /64

%windir%\tasks\*.*

CREATERESTOREPOINT

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do Extras.txt e cole na sua resposta.

Anexe o arquivo OTL.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

:legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não sei se há diferença ao executar o HijackThis com privilégios de administrador, em todo caso, estou reenviando o log, e logo abaixo, os demais procedimentos que solicitou:

Logfile of HijackThis v1.99.1

Scan saved at 19:18:45, on 27/01/2013

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:

C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

CONTEÚDO DO EXTRAS.TXT

OTL Extras logfile created on: 27/01/2013 19:27:29 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rodrigo\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,97 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,62% Memory free

3,94 Gb Paging File | 1,44 Gb Available in Paging File | 36,52% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 146,39 Gb Total Space | 69,65 Gb Free Space | 47,58% Space Free | Partition Type: NTFS

Drive D: | 146,48 Gb Total Space | 17,95 Gb Free Space | 12,26% Space Free | Partition Type: NTFS

Drive E: | 172,79 Gb Total Space | 37,62 Gb Free Space | 21,77% Space Free | Partition Type: NTFS

Computer Name: RODRIGO-BOB | User Name: Rodrigo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1CF447B9-2287-4D49-82BF-2CB1ED97456E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1D35769B-691E-4B14-AD0C-D7C63E806D43}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{2718184B-9343-4E23-B20A-09E552D9595E}" = lport=137 | protocol=17 | dir=in | app=system |

"{28222460-1C6D-4857-AE4A-599BD0526AFE}" = rport=138 | protocol=17 | dir=out | app=system |

"{3DCDA74D-C83A-49FA-9B2B-7FA65B698D25}" = lport=10243 | protocol=6 | dir=in | app=system |

"{46D297ED-74EC-40FC-8F4D-5C909B299F2F}" = lport=138 | protocol=17 | dir=in | app=system |

"{8FB9C968-BB30-4428-9078-31848E74DC7F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{9E8BB11A-1546-4095-B3A6-EDF55B6CAB9F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A3F66C48-D521-440B-8C9B-4ADE61E38D66}" = rport=139 | protocol=6 | dir=out | app=system |

"{A9B97B87-47E0-4C59-8FB2-30A61F9673F5}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AF617BC4-9A82-4E00-8B35-C06CA63AE03C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B4AA6525-FC1B-4EE3-8872-992020240763}" = lport=445 | protocol=6 | dir=in | app=system |

"{B92E614A-2B54-4668-B216-757BBF8B32D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{BC6BE913-6EDF-4585-BE38-1ED8CDC2C5F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D2EE50C1-7817-46A7-A714-7339992CAD34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{DE520DAC-BB8D-499D-AB7B-457D4BD98672}" = rport=137 | protocol=17 | dir=out | app=system |

"{E28FFFFE-E068-44AB-81D4-1BB424A12E08}" = lport=139 | protocol=6 | dir=in | app=system |

"{F175D446-3A4B-44E6-89D3-55C2846FB2ED}" = rport=445 | protocol=6 | dir=out | app=system |

"{F548350D-3F55-432A-A820-96DFD94C7ADF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F77B9B58-E517-4430-A908-50E4CAED02E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FCEF3DC8-A803-4B17-893D-CAF0BA2AA6DC}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0587EA70-4F66-481C-B407-5B6415B5FD49}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{0F7ECEB0-3A09-48B4-A277-8563CEFC524E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{18492CB9-00CB-4C8B-B7E5-05AD841B165B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{27DFEF74-DBD2-4102-884C-563878EE8154}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2D688216-CF5A-414B-881A-6667CF2EE004}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{351A0596-05C5-4F50-A203-E2D22D50154D}" = protocol=6 | dir=out | app=system |

"{432FAB29-DBE9-4DA9-B1BE-0F08694DC640}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4406FB3D-D5E2-4D30-A615-43353E43D397}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{55BBB57C-6A19-4631-876C-6D34F5D0CD1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{574F8D68-5136-47D7-934C-95B38B9E1616}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{62E12091-9A6B-4B46-9222-A78AD26EE334}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{68AA89ED-F950-479F-A880-CBE73A4D0B55}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6E6C0D88-E607-4E65-982A-26FD54E7FE31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{700A703A-6B56-43EF-BC40-3220DFFC1196}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{8A8F6D86-34ED-4CD8-8F25-5D3CA1C85BC4}" = protocol=6 | dir=in | app=c:\program files (x86)\psafe\psrsync.exe |

"{9A408E80-8BED-4140-8761-3AE914DA14F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9F27AD11-26AD-4382-AF76-393304DFB2D1}" = protocol=17 | dir=in | app=c:\program files (x86)\psafe\psrsync.exe |

"{B2FF134D-3521-4D9A-B74D-9C16965FD08C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{C1D43718-F092-4CA9-A212-7D379EE2FE77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CFF09E2C-B1CB-483A-B138-ACA0B1CC1854}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{E64B36F8-9E34-4A2F-85D2-08E32B0B6A6B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{EE68C740-45A2-49DA-A673-014A9E6E5FF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{27646FD2-132D-4A79-94F1-2E0E5CC5E5F9}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |

"TCP Query User{DA336D52-D273-4E18-9ED1-52AAB8EBF71E}C:\users\rodrigo\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\rodrigo\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{0604211F-26F5-4F15-9E55-46F0BA5A75E7}C:\users\rodrigo\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\rodrigo\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{D92F5CE8-E19E-43F0-8394-0EDE2FC4E210}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{280867A7-5185-4379-AE9E-5ADAB1211347}" = Native Instruments Passive EQ

"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor

"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5

"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive

"{53EE2829-E9DB-4913-B3EA-96F10F84E98B}" = Melodyne Runtime 4.1 (x64)

"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5

"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3

"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack

"{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1" = IK Multimedia Authorization Manager version 1.0.5

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{9D3BAEFB-5DDD-43D4-8BB2-D9989521F003}" = Native Instruments Razor

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 310.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 310.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 310.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 310.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.11.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver de áudio HD 1.3.18.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.9.1

"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FFABEF59-581B-482C-A51D-421D48AA69AE}" = Native Instruments Enhanced EQ

"157A0C000E37CBCABDDE054F327E7E179DF71430" = Windows Driver Package - Universal Audio Inc. (UAD2System) UAD2DSP (03/29/2012 6.01.0097)

"57ED3080113BC75BAB67AFD73CCCCEDBFA0ED5EE" = Windows Driver Package - Universal Audio Inc. (UAD2System) UAD2DSP (11/16/2012 6.04.0666)

"7BE5DD05AFC7EA233501CC85DB3E9E78F8E95311" = Windows Driver Package - Universal Audio Inc. (UAD2Pcie) UAD2DSP (03/29/2012 6.01.0097)

"93A78522D057352473D8B29C31AFAAE49803012C" = Windows Driver Package - Universal Audio Inc. (UAD2Pcie) UAD2DSP (11/16/2012 6.04.0666)

"Cyclop_is1" = Sugar Bytes Cyclop 1.0.1

"DF92A8FFFD19B772414727D203D9FAA2D509BBF0" = Windows Driver Package - Universal Audio Inc. (UAD2Fw) UAD2DSP (11/16/2012 6.04.0666)

"Diversion VST_is1" = Diversion VST version 1.2

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

"MSI Stereo Buss Compressor VST v1.0_is1" = MSI Stereo Buss Compressor VST v1.0

"Saffire PRO 40_is1" = Saffire MixControl 3.0

"Turnado_is1" = Sugar Bytes Turnado 1.5

"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00C950EE-9D99-408E-91A8-7270A3E64CC6}" = Phoscyon 1.9.0 (32bit)

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{232A756D-E4B4-4779-9232-DFF5374FC334}_is1" = Vyzex MPK49

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II

"{3A9F2B3F-9669-4AB2-ACEA-FFE7BBEAAF07}" = Microsoft VC8 CRT for Loomer Applications

"{45AEEC15-1EE4-4CD9-84C2-C0FF1F008EA1}_is1" = W2 Harmonizer v1.0

"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5

"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01

"{5790BB78-C3B6-11E0-AF6D-C6874824019B}" = Waldorf Edition

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{82BEEB3F-D0BF-42EE-8739-F4827C4805B7}" = VirtualDJ PRO Full

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8CBFDB1C-E36D-4161-84E0-9EFA299232D6}" = Nithonat 1.5.1 (32bit)

"{91000001-C561-4E32-99EB-3C5AD3683A70}" = Waves Complete V9r7

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E1959D9-82C4-4431-88EE-B5A751FD81BA}" = Mashup

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.9

"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Português

"{AFC19F5C-319B-4ECD-8576-8051D2E452F9}" = Drumazon 1.5.1 (32bit)

"{B2F62BBB-C527-4CE7-90D1-5717110677B6}" = Nepheton 1.5.1 (32bit)

"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7

"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility

"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver

"{E622ECC4-4310-4D7B-B401-159E0C22516A}" = YAMAHA VST Plugin Final Master Trial

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Analog Factory_is1" = Analog Factory 2.5

"ARP2600 V2_is1" = ARP2600 V2 2.0

"AudioRealism Bass Line 2_is1" = ABL 2.5.0

"avast" = avast! Free Antivirus

"Cool Edit Pro 2.0" = Cool Edit Pro 2.0

"CS-80V2_is1" = CS-80V2 2.0

"DAEMON Tools Lite" = DAEMON Tools Lite

"discoDSP Discovery Pro R5.6_is1" = discoDSP Discovery Pro

"eLicenser Control" = eLicenser Control

"FL Studio 10" = FL Studio 10

"Hematohm VST2" = OhmForce Hematohm VST2

"HijackThis" = HijackThis 1.99.1

"IL Download Manager" = IL Download Manager

"iZotope Alloy 2_is1" = iZotope Alloy 2

"iZotope Trash 2_is1" = iZotope Trash 2

"KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Full)

"Lexicon PSP 42 32bit" = Lexicon PSP 42 32bit

"LinPlug CronoX v2.0.1" = LinPlug CronoX v2.0.1

"Live 8.2.1" = Live 8.2.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.70.0.1100

"minimoog V2_is1" = minimoog V2 2.0

"minimoogv2_5_is1" = minimoog-v 2.5.0

"Moog Modular V 2_is1" = Moog Modular V 2.5

"mv61xxDriver" = marvell 61xx

"Native Instruments Absynth 5" = Native Instruments Absynth 5

"Native Instruments Battery 3" = Native Instruments Battery 3

"Native Instruments Enhanced EQ" = Native Instruments Enhanced EQ

"Native Instruments FM7 VSTi DXI RTAS v1.1.3.4" = Native Instruments FM7 VSTi DXI RTAS v1.1.3.4

"Native Instruments FM8" = Native Instruments FM8

"Native Instruments Kontakt 5" = Native Instruments Kontakt 5

"Native Instruments Massive" = Native Instruments Massive

"Native Instruments Passive EQ" = Native Instruments Passive EQ

"Native Instruments Pro-53" = Native Instruments Pro-53

"Native Instruments Razor" = Native Instruments Razor

"Native Instruments Reaktor 5" = Native Instruments Reaktor 5

"Native Instruments Reflektor" = Native Instruments Reflektor

"Native Instruments Service Center" = Native Instruments Service Center

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Prophet-V2_is1" = Prophet-V2 2.0

"PSP VintageWarmer2 2.1.4" = PSP VintageWarmer2 2.1.4

"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0

"reFX Vanguard_is1" = reFX Vanguard VSTi RTAS v1.8.0

"Shift" = Loomer Shift

"Sonnoxplugins Oxford Elite Collection Native_is1" = Sonnoxplugins Oxford Elite Collection Native v1.0

"TC Native Bundle v3.1" = TC Native Bundle v3.1

"TerraTec Komplexer_is1" = TerraTec Komplexer VSTi 1.0.3

"Tone2 ElectraX full_is1" = ElectraX full

"Tone2 FilterBank3_is1" = FilterBank v3.3

"Tone2 FireBird_is1" = FireBird plus v1.11.2

"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2

"UAD Powered Plug-Ins" = UAD Powered Plug-Ins v6.4.0

"Wowcoder VST" = Wowcoder VST

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Octopus" = Octopus

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 24/01/2013 22:32:25 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\GTR

3.5.exe". Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",

na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade

do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".

A

definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".

Use

o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 24/01/2013 22:32:26 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\wlc.exe".

Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",

na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade

do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".

A

definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".

Use

o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 25/01/2013 15:00:18 | Computer Name = Rodrigo-BOB | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: CamtasiaStudio.exe, versão: 7.1.1.1785,

carimbo de hora: 0x4d2f69f8 Nome do módulo de falhas: tsccvid.dll, versão: 3.0.0.0,

carimbo de hora: 0x4c44a89a Código de exceção: 0xc0000005 Deslocamento com falha:

0x0003c830 Identificação do processo com falha: 0x3f8 Hora de início do aplicativo

com falha: 0x01cdfb27d348400c Caminho do aplicativo com falha: C:\Program Files

(x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe FCaminho do módulo de falhas:

C:\Windows\SysWOW64\tsccvid.dll Identificação do Relatório: 7544e235-6721-11e2-ac4b-f46d04735e9d

Error - 25/01/2013 15:02:03 | Computer Name = Rodrigo-BOB | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: CamtasiaStudio.exe, versão: 7.1.1.1785,

carimbo de hora: 0x4d2f69f8 Nome do módulo de falhas: tsccvid.dll, versão: 3.0.0.0,

carimbo de hora: 0x4c44a89a Código de exceção: 0xc0000005 Deslocamento com falha:

0x00002c75 Identificação do processo com falha: 0x108c Hora de início do aplicativo

com falha: 0x01cdfb2e40d84639 Caminho do aplicativo com falha: C:\Program Files

(x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe FCaminho do módulo de falhas:

C:\Windows\SysWOW64\tsccvid.dll Identificação do Relatório: b4170a90-6721-11e2-ac4b-f46d04735e9d

Error - 26/01/2013 12:49:29 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Erro no arquivo de manifesto ou de

diretiva c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",

na linha 3. O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

do atributo version no elemento assemblyIdentity é inválido.

Error - 26/01/2013 12:50:27 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\GTR

3.5.exe". Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",

na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade

do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".

A

definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".

Use

o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 26/01/2013 12:50:27 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\wlc.exe".

Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",

na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade

do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".

A

definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".

Use

o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 27/01/2013 16:08:36 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Erro no arquivo de manifesto ou de

diretiva c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",

na linha 3. O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

do atributo version no elemento assemblyIdentity é inválido.

Error - 27/01/2013 16:09:31 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\GTR

3.5.exe". Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",

na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade

do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".

A

definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".

Use

o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 27/01/2013 16:09:31 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\wlc.exe".

Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",

na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade

do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".

A

definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".

Use

o arquivo sxstrace.exe para obter um dignóstico detalhado.

[ System Events ]

Error - 20/01/2013 19:25:32 | Computer Name = Rodrigo-BOB | Source = DCOM | ID = 10010

Description =

Error - 27/01/2013 14:18:03 | Computer Name = Rodrigo-BOB | Source = EventLog | ID = 6008

Description = O desligamento anterior do sistema em 16:15:43 às ?27/?01/?2013 não

era esperado.

Error - 27/01/2013 14:18:05 | Computer Name = RODRIGO-BOB | Source = BugCheck | ID = 1001

Description =

< End of report >

OTL.TXT em anexo

No aguardo das suas instruções

Obrigado

OTL.Txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure seu windows para mostrar todos os arquivos ocultos

- Acesse o site http://www.virustotal.com e envie o(s) arquivo(s) abaixo para analise.

C:\Users\Rodrigo\AppData\Roaming\msregsvv.dll

Informe através da URL( link ) o resultado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Isso ainda acontece?

Não é possível encontrar o arquivo de script eol.vbs

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim. Ao ligar o computador, a primeira mensagem que aparece no windows é essa. Clico em "ok" e ela se fecha.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o Hijackthis.

  • Clique em Open the Misc Tools Section.
  • Em seguida, clique em Generated StartupList Log. Certifique-se de ambas as caixas estejam marcadas
  • Clique em Sim/Yes.
  • Um bloco de notas será aberto, copie e cole o conteúdo desse bloco de notas na sua proxima resposta.
    OBS: Uma copia desse resultado é salvo na mesma pasta do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, segue abaixo o resultado do bloco de notas:

StartupList report, 02/02/2013, 17:29:53

StartupList version: 1.52.2

Started from : C:\Users\Rodrigo\Desktop\HijackThis.EXE

Detected: Unknown Windows (WinNT 6.01.3505 SP1)

Detected: Internet Explorer v9.00 (9.00.8112.16457)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Users\Rodrigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]

*No files*

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BCU = "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Google Update = "C:\Users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = %SystemRoot%\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *

StubPath = "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\Windows\Explorer\Explorer.exe: not present

C:\Windows\System\Explorer.exe: not present

C:\Windows\System32\Explorer.exe: not present

C:\Windows\Command\Explorer.exe: not present

C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: *Registry key not found*

.shb: *Registry key not found*

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename NOT OK: 'REGEDIT.EXE.MUI'

- File description: 'Editor do Registro'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

(no name) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskUserS-1-5-21-1571594046-1897512419-1774540078-1000Core.job

GoogleUpdateTaskUserS-1-5-21-1571594046-1897512419-1774540078-1000UA.job

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll

NameSpace #2: C:\Windows\system32\napinsp.dll

NameSpace #3: C:\Windows\system32\pnrpnsp.dll

NameSpace #4: C:\Windows\system32\pnrpnsp.dll

NameSpace #5: C:\Windows\System32\mswsock.dll

NameSpace #6: C:\Windows\System32\winrnr.dll

Protocol #1: C:\Windows\system32\mswsock.dll

Protocol #2: C:\Windows\system32\mswsock.dll

Protocol #3: C:\Windows\system32\mswsock.dll

Protocol #4: C:\Windows\system32\mswsock.dll

Protocol #5: C:\Windows\system32\mswsock.dll

Protocol #6: C:\Windows\system32\mswsock.dll

Protocol #7: C:\Windows\system32\mswsock.dll

Protocol #8: C:\Windows\system32\mswsock.dll

Protocol #9: C:\Windows\system32\mswsock.dll

Protocol #10: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

1394 OHCI Compliant Host Controller: system32\DRIVERS\1394ohci.sys (manual start)

Microsoft ACPI Driver: system32\drivers\ACPI.sys (system)

ACPI Power Meter Driver: \SystemRoot\system32\drivers\acpipmi.sys (manual start)

Adobe Acrobat Update Service: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" (autostart)

adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (manual start)

adpahci: \SystemRoot\system32\drivers\adpahci.sys (manual start)

adpu320: \SystemRoot\system32\drivers\adpu320.sys (manual start)

@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (manual start)

@%systemroot%\system32\drivers\afd.sys,-1000: \SystemRoot\system32\drivers\afd.sys (system)

Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)

ASUS Charger Plus Driver: system32\DRIVERS\AiChargerPlus.sys (system)

@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)

aliide: \SystemRoot\system32\drivers\aliide.sys (manual start)

amdide: \SystemRoot\system32\drivers\amdide.sys (manual start)

AMD K8 Processor Driver: \SystemRoot\system32\drivers\amdk8.sys (manual start)

AMD Processor Driver: \SystemRoot\system32\drivers\amdppm.sys (manual start)

amdsata: \SystemRoot\system32\drivers\amdsata.sys (manual start)

amdsbs: \SystemRoot\system32\drivers\amdsbs.sys (manual start)

amdxata: system32\drivers\amdxata.sys (system)

@%systemroot%\system32\appidsvc.dll,-102: \SystemRoot\system32\drivers\appid.sys (manual start)

@%systemroot%\system32\appidsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)

@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

@appmgmts.dll,-3250: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

arc: \SystemRoot\system32\drivers\arc.sys (manual start)

arcsas: \SystemRoot\system32\drivers\arcsas.sys (manual start)

ASUS Com Service: C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe (autostart)

ASUS HM Com Service: C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe (autostart)

AsIO: SysWow64\drivers\AsIO.sys (system)

ASMedia USB3 Hub Service: system32\DRIVERS\asmthub3.sys (manual start)

ASMEDIA XHCI Service: system32\DRIVERS\asmtxhci.sys (manual start)

Serviço de estado do ASP.NET: %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (manual start)

ASUS System Control Service: C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe (autostart)

AsUpIO: SysWow64\drivers\AsUpIO.sys (system)

aswMonFlt: \??\C:\Windows\system32\drivers\aswMonFlt.sys (autostart)

aswRdr: \SystemRoot\System32\Drivers\aswrdr2.sys (system)

@%systemroot%\system32\rascfg.dll,-32000: system32\DRIVERS\asyncmac.sys (manual start)

Canal de IDE: system32\drivers\atapi.sys (system)

@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)

avast! Antivirus: "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" (autostart)

@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)

Broadcom NetXtreme II VBD: \SystemRoot\system32\drivers\bxvbda.sys (manual start)

Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0: system32\DRIVERS\b57nd60a.sys (manual start)

Browser Configuration Utility Service: C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (autostart)

@%SystemRoot%\system32\bdesvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)

@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

blbdrive: system32\DRIVERS\blbdrive.sys (system)

@%systemroot%\system32\browser.dll,-102: system32\DRIVERS\bowser.sys (manual start)

Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\BrFiltLo.sys (manual start)

Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\BrFiltUp.sys (manual start)

@%systemroot%\system32\browser.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\System32\Drivers\Brserid.sys (manual start)

Brother WDM Serial driver: \SystemRoot\System32\Drivers\BrSerWdm.sys (manual start)

Brother MFC USB Fax Only Modem: \SystemRoot\System32\Drivers\BrUsbMdm.sys (manual start)

Brother MFC USB Serial WDM Driver: \SystemRoot\System32\Drivers\BrUsbSer.sys (manual start)

Bluetooth Serial Communications Driver: \SystemRoot\system32\drivers\bthmodem.sys (manual start)

@%SystemRoot%\System32\bthserv.dll,-101: %SystemRoot%\system32\svchost.exe -k bthsvcs (manual start)

CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)

Driver de CD-ROM: system32\DRIVERS\cdrom.sys (system)

@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (manual start)

@%SystemRoot%\system32\clfs.sys,-100: System32\CLFS.sys (system)

Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)

Microsoft .NET Framework NGEN v2.0.50727_X64: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (disabled)

Microsoft .NET Framework NGEN v4.0.30319_X86: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)

Microsoft .NET Framework NGEN v4.0.30319_X64: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (autostart)

Microsoft ACPI Control Method Battery Driver: \SystemRoot\system32\drivers\CmBatt.sys (manual start)

cmdide: \SystemRoot\system32\drivers\cmdide.sys (manual start)

: System32\Drivers\cng.sys (system)

Compbatt: \SystemRoot\system32\drivers\compbatt.sys (manual start)

Driver Enumerador de Barramento de Composição: system32\DRIVERS\CompositeBus.sys (manual start)

@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Intel® Content Protection HECI Service: %SystemRoot%\SysWow64\IntelCpHeciSvc.exe (manual start)

Crcdisk Filter Driver: \SystemRoot\system32\drivers\crcdisk.sys (disabled)

@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

@%systemroot%\system32\cscsvc.dll,-202: system32\drivers\csc.sys (system)

@%systemroot%\system32\cscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)

@%SystemRoot%\system32\defragsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k defragsvc (manual start)

@%systemroot%\system32\drivers\dfsc.sys,-101: System32\Drivers\dfsc.sys (system)

@%SystemRoot%\system32\dhcpcore.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)

@%systemroot%\system32\drivers\discache.sys,-102: System32\drivers\discache.sys (system)

Driver de disco: system32\drivers\disk.sys (system)

dmvsc: \SystemRoot\system32\drivers\dmvsc.sys (manual start)

@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)

@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)

Drivers de Áudio Confiáveis da Microsoft: system32\drivers\drmkaud.sys (manual start)

DAEMON Tools Virtual Bus Driver: system32\DRIVERS\dtsoftbus01.sys (system)

LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)

@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Broadcom NetXtreme II 10 GigE VBD: \SystemRoot\system32\drivers\evbda.sys (manual start)

@%SystemRoot%\system32\efssvc.dll,-100: %SystemRoot%\System32\lsass.exe (manual start)

@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)

@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)

elxstor: \SystemRoot\system32\drivers\elxstor.sys (manual start)

Microsoft Hardware Error Device Driver: \SystemRoot\system32\drivers\errdev.sys (manual start)

@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)

@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

@%systemroot%\system32\fxsresm.dll,-118: %systemroot%\system32\fxssvc.exe (manual start)

Floppy Disk Controller Driver: \SystemRoot\system32\drivers\fdc.sys (manual start)

@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)

@%SystemRoot%\system32\drivers\fileinfo.sys,-100: system32\drivers\fileinfo.sys (system)

@%SystemRoot%\system32\drivers\filetrace.sys,-10001: system32\drivers\filetrace.sys (manual start)

Floppy Disk Driver: \SystemRoot\system32\drivers\flpydisk.sys (manual start)

@%SystemRoot%\system32\drivers\fltmgr.sys,-10001: system32\drivers\fltmgr.sys (system)

@%systemroot%\system32\FntCache.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (autostart)

@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (manual start)

@%SystemRoot%\system32\drivers\fsdepends.sys,-10001: System32\drivers\FsDepends.sys (manual start)

@%SystemRoot%\system32\drivers\fvevol.sys,-100: System32\DRIVERS\fvevol.sys (system)

Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)

@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Hauppauge Consumer Infrared Receiver: \SystemRoot\system32\drivers\hcw85cir.sys (manual start)

Driver de Função Microsoft 1.1 UAA para Serviço de High Definition Audio: system32\drivers\HdAudio.sys (manual start)

Driver de Barramento Microsoft UAA para High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)

HID UPS Battery Driver: \SystemRoot\system32\drivers\HidBatt.sys (manual start)

Microsoft Bluetooth HID Miniport: \SystemRoot\system32\drivers\hidbth.sys (manual start)

Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (manual start)

@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)

Driver de classe HID da Microsoft: system32\DRIVERS\hidusb.sys (manual start)

@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

@%SystemRoot%\System32\ListSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)

@%SystemRoot%\System32\provsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)

HpSAMD: \SystemRoot\system32\drivers\HpSAMD.sys (manual start)

@%SystemRoot%\system32\drivers\http.sys,-1: system32\drivers\HTTP.sys (manual start)

@%systemroot%\system32\drivers\hwpolicy.sys,-101: System32\drivers\hwpolicy.sys (system)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (manual start)

Intel RAID Controller Windows 7: \SystemRoot\system32\drivers\iaStorV.sys (manual start)

@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" (manual start)

igfx: system32\DRIVERS\igdkmd64.sys (manual start)

iirsp: \SystemRoot\system32\drivers\iirsp.sys (manual start)

@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (manual start)

Service for Realtek HD Audio (WDM): system32\drivers\RTKVHD64.sys (manual start)

Áudio do vídeo Intel®: system32\DRIVERS\IntcDAud.sys (manual start)

intelide: \SystemRoot\system32\drivers\intelide.sys (manual start)

Driver de Processador Intel: system32\DRIVERS\intelppm.sys (manual start)

@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)

@%systemroot%\system32\rascfg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)

@%SystemRoot%\system32\iphlpsvc.dll,-500: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)

IPMIDRV: \SystemRoot\system32\drivers\IPMIDrv.sys (manual start)

IP Network Address Translator: System32\drivers\ipnat.sys (manual start)

@%SystemRoot%\system32\drivers\irenum.sys,-100: system32\drivers\irenum.sys (manual start)

isapnp: \SystemRoot\system32\drivers\isapnp.sys (manual start)

iScsiPort Driver: \SystemRoot\system32\drivers\msiscsi.sys (manual start)

Driver de Classe de Teclado: system32\DRIVERS\kbdclass.sys (manual start)

Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (manual start)

@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)

: System32\Drivers\ksecdd.sys (system)

: System32\Drivers\ksecpkg.sys (system)

Kernel Streaming Thunks: \SystemRoot\system32\drivers\ksthunk.sys (manual start)

@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation (manual start)

@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)

@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)

Intel® Management and Security Application Local Management Service: C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (autostart)

LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (manual start)

LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (manual start)

LSI_SAS2: \SystemRoot\system32\drivers\lsi_sas2.sys (manual start)

LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (manual start)

@%systemroot%\system32\drivers\luafv.sys,-100: \SystemRoot\system32\drivers\luafv.sys (autostart)

@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)

megasas: \SystemRoot\system32\drivers\megasas.sys (manual start)

MegaSR: \SystemRoot\system32\drivers\MegaSR.sys (manual start)

Intel® Management Engine Interface: system32\DRIVERS\HECIx64.sys (manual start)

@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

: system32\drivers\modem.sys (manual start)

Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)

Mouse Class Driver: system32\DRIVERS\mouclass.sys (manual start)

Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)

@%SystemRoot%\system32\drivers\mountmgr.sys,-100: System32\drivers\mountmgr.sys (system)

mpio: \SystemRoot\system32\drivers\mpio.sys (manual start)

@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)

@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)

@%systemroot%\system32\webclnt.dll,-104: \SystemRoot\system32\drivers\mrxdav.sys (manual start)

@%systemroot%\system32\wkssvc.dll,-1002: system32\DRIVERS\mrxsmb.sys (manual start)

@%systemroot%\system32\wkssvc.dll,-1004: system32\DRIVERS\mrxsmb10.sys (manual start)

@%systemroot%\system32\wkssvc.dll,-1006: system32\DRIVERS\mrxsmb20.sys (manual start)

msahci: \SystemRoot\system32\drivers\msahci.sys (manual start)

msdsm: \SystemRoot\system32\drivers\msdsm.sys (manual start)

@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)

@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100: \SystemRoot\System32\drivers\mshidkmdf.sys (manual start)

msisadrv: system32\drivers\msisadrv.sys (system)

@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)

@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec.exe /V (manual start)

Proxy de serviço de streaming Microsoft: system32\drivers\MSKSSRV.sys (manual start)

Proxy do relógio de streaming Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

Proxy de gerenciador de qualidade de streaming Microsoft: system32\drivers\MSPQM.sys (manual start)

Driver de BIOS de Gerenciamento de Sistema Microsoft: system32\DRIVERS\mssmbios.sys (system)

Conversor em T entre Coletores de streaming Microsoft: system32\drivers\MSTEE.sys (manual start)

Microsoft Input Configuration Driver: \SystemRoot\system32\drivers\MTConfig.sys (manual start)

@%systemroot%\system32\drivers\mup.sys,-101: System32\Drivers\mup.sys (system)

mv61xx: system32\DRIVERS\mv61xx.sys (system)

@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)

NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)

@%SystemRoot%\system32\drivers\ndis.sys,-200: system32\drivers\ndis.sys (system)

NDIS Capture LightWeight Filter: system32\DRIVERS\ndiscap.sys (manual start)

@%systemroot%\system32\rascfg.dll,-32001: system32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)

@%systemroot%\system32\rascfg.dll,-32002: system32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: system32\DRIVERS\netbios.sys (system)

@%SystemRoot%\system32\drivers\netbt.sys,-2: System32\DRIVERS\netbt.sys (system)

@%SystemRoot%\System32\netlogon.dll,-102: %systemroot%\system32\lsass.exe (manual start)

@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)

@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator (disabled)

@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)

@%SystemRoot%\system32\netprofm.dll,-202: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)

@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8201: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)

nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (manual start)

@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)

@%SystemRoot%\system32\drivers\nsiproxy.sys,-2: system32\drivers\nsiproxy.sys (system)

Service for NVIDIA High Definition Audio Driver: system32\drivers\nvhda64v.sys (manual start)

nvlddmkm: system32\DRIVERS\nvlddmkm.sys (manual start)

nvraid: \SystemRoot\system32\drivers\nvraid.sys (manual start)

nvstor: \SystemRoot\system32\drivers\nvstor.sys (manual start)

NVIDIA Display Driver Service: C:\Windows\system32\nvvsvc.exe (autostart)

NVIDIA Update Service Daemon: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (autostart)

NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)

1394 OHCI Compliant Host Controller (Legacy): \SystemRoot\system32\drivers\ohci1394.sys (manual start)

@%SystemRoot%\system32\pnrpsvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)

@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)

Parallel port driver: \SystemRoot\system32\drivers\parport.sys (manual start)

@%SystemRoot%\system32\drivers\partmgr.sys,-100: System32\drivers\partmgr.sys (system)

@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

PCI Bus Driver: system32\drivers\pci.sys (system)

pciide: system32\drivers\pciide.sys (system)

pcmcia: \SystemRoot\system32\drivers\pcmcia.sys (manual start)

Performance Counters for Windows Driver: System32\drivers\pcw.sys (system)

PEAUTH: system32\drivers\peauth.sys (autostart)

@%SystemRoot%\system32\peerdistsvc.dll,-9000: %SystemRoot%\System32\svchost.exe -k PeerDist (manual start)

@%systemroot%\sysWow64\perfhost.exe,-2: %SystemRoot%\SysWow64\perfhost.exe (manual start)

@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)

@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)

@%SystemRoot%\system32\pnrpauto.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)

@%SystemRoot%\system32\pnrpsvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)

@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (manual start)

@%SystemRoot%\system32\umpo.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)

@%systemroot%\system32\rascfg.dll,-32006: system32\DRIVERS\raspptp.sys (manual start)

Processor Driver: \SystemRoot\system32\drivers\processr.sys (manual start)

@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)

@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)

ql2300: \SystemRoot\system32\drivers\ql2300.sys (manual start)

ql40xx: \SystemRoot\system32\drivers\ql40xx.sys (manual start)

@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)

@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)

Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (manual start)

WAN Miniport (IKEv2): system32\DRIVERS\AgileVpn.sys (manual start)

@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

@%systemroot%\system32\rascfg.dll,-32005: system32\DRIVERS\rasl2tp.sys (manual start)

@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

@%systemroot%\system32\rascfg.dll,-32007: system32\DRIVERS\raspppoe.sys (manual start)

@%systemroot%\system32\sstpsvc.dll,-202: system32\DRIVERS\rassstp.sys (manual start)

@%systemroot%\system32\wkssvc.dll,-1000: system32\DRIVERS\rdbss.sys (system)

Remote Desktop Device Redirector Bus Driver: system32\DRIVERS\rdpbus.sys (manual start)

@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: System32\drivers\rdpdr.sys (manual start)

@%systemroot%\system32\drivers\RDPENCDD.sys,-101: system32\drivers\rdpencdd.sys (system)

@%systemroot%\system32\drivers\RdpRefMp.sys,-101: system32\drivers\rdprefmp.sys (system)

Remote Desktop Video Miniport Driver: System32\drivers\rdpvideominiport.sys (manual start)

ReadyBoost: System32\drivers\rdyboost.sys (system)

@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)

@%windir%\system32\RpcEpMap.dll,-1001: %SystemRoot%\system32\svchost.exe -k RPCSS (autostart)

@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)

@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)

Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)

Realtek 8167 NT Driver: system32\DRIVERS\Rt64win7.sys (manual start)

s3cap: \SystemRoot\system32\drivers\vms3cap.sys (manual start)

Saffire: System32\Drivers\Saffire.sys (manual start)

Saffire Audio: system32\drivers\SaffireAudio.sys (manual start)

Saffire MIDI: system32\drivers\SaffireMidi.sys (manual start)

@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)

sbp2port: \SystemRoot\system32\drivers\sbp2port.sys (manual start)

@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)

@%SystemRoot%\System32\drivers\scfilter.sys,-11: System32\DRIVERS\scfilter.sys (manual start)

@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)

@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (manual start)

@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

@%SystemRoot%\System32\sensrsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)

Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)

Serial port driver: system32\DRIVERS\serial.sys (system)

Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (manual start)

@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (manual start)

SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)

SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)

High-Capacity Floppy Disk Drive: \SystemRoot\system32\drivers\sfloppy.sys (manual start)

@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

SiSRaid2: \SystemRoot\system32\drivers\SiSRaid2.sys (manual start)

SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (manual start)

@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (manual start)

@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)

@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)

@%SystemRoot%\system32\sppsvc.exe,-101: %SystemRoot%\system32\sppsvc.exe (autostart)

@%SystemRoot%\system32\sppuinotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

@%systemroot%\system32\srvsvc.dll,-102: System32\DRIVERS\srv.sys (manual start)

@%systemroot%\system32\srvsvc.dll,-104: System32\DRIVERS\srv2.sys (manual start)

: System32\DRIVERS\srvnet.sys (manual start)

@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)

@%SystemRoot%\system32\sstpsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

NVIDIA Stereoscopic 3D Driver Service: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (autostart)

stexstor: \SystemRoot\system32\drivers\stexstor.sys (manual start)

@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

@%SystemRoot%\system32\vmstorfltres.dll,-1000: system32\drivers\vmstorfl.sys (system)

storvsc: \SystemRoot\system32\drivers\storvsc.sys (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)

: System32\drivers\synth3dvsc.sys (manual start)

@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)

@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)

@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)

@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)

Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)

TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)

TDPIPE: system32\drivers\tdpipe.sys (manual start)

TDTCP: system32\drivers\tdtcp.sys (manual start)

@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)

Driver de dispositivo de terminal: system32\DRIVERS\termdd.sys (system)

Microsoft Remote Desktop Input Driver: \SystemRoot\system32\drivers\terminpt.sys (manual start)

@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)

@%SystemRoot%\System32\themeservice.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)

@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101: System32\DRIVERS\tssecsrv.sys (manual start)

: system32\drivers\tsusbflt.sys (manual start)

Remote Desktop Generic USB Device: \SystemRoot\system32\drivers\TsUsbGD.sys (manual start)

@%SystemRoot%\system32\drivers\tsusbhub.sys,-1: system32\drivers\tsusbhub.sys (manual start)

Driver do Adaptador de Miniporta de Túnel da Microsoft: system32\DRIVERS\tunnel.sys (manual start)

Universal Audio UAD-2 DSP Accelerator: system32\DRIVERS\UAD2Pcie.sys (manual start)

UAD-2 Global System Service: system32\DRIVERS\UAD2System.sys (manual start)

Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)

udfs: system32\DRIVERS\udfs.sys (disabled)

@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)

Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)

Driver de Enumerador UMBus: system32\DRIVERS\umbus.sys (manual start)

Microsoft UMPass Driver: \SystemRoot\system32\drivers\umpass.sys (manual start)

@%SystemRoot%\system32\umrdp.dll,-1000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)

Intel® Management and Security Application User Notification Service: "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" (autostart)

@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)

Driver de áudio USB (WDM): system32\drivers\usbaudio.sys (manual start)

Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)

eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbehci.sys (manual start)

Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)

Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbohci.sys (manual start)

Microsoft USB PRINTER Class: \SystemRoot\system32\drivers\usbprint.sys (manual start)

USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbuhci.sys (manual start)

@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

@%SystemRoot%\system32\vaultsvc.dll,-1003: %SystemRoot%\system32\lsass.exe (manual start)

Driver de enumerador da unidade virtual Microsoft: system32\drivers\vdrvroot.sys (system)

@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)

vga: system32\DRIVERS\vgapnp.sys (manual start)

: \SystemRoot\System32\drivers\vga.sys (system)

: System32\drivers\rdvgkmd.sys (manual start)

vhdmp: \SystemRoot\system32\drivers\vhdmp.sys (manual start)

viaide: \SystemRoot\system32\drivers\viaide.sys (manual start)

vmbus: \SystemRoot\system32\drivers\vmbus.sys (manual start)

VMBusHID: \SystemRoot\system32\drivers\VMBusHID.sys (manual start)

Volume Manager Driver: system32\drivers\volmgr.sys (system)

@%SystemRoot%\system32\drivers\volmgrx.sys,-100: System32\drivers\volmgrx.sys (system)

Volumes de armazenamento: system32\drivers\volsnap.sys (system)

vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (manual start)

@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)

@%SystemRoot%\System32\drivers\vwifibus.sys,-257: \SystemRoot\System32\drivers\vwifibus.sys (manual start)

@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (manual start)

@%systemroot%\system32\rascfg.dll,-32011: system32\DRIVERS\wanarp.sys (manual start)

@%systemroot%\system32\rascfg.dll,-32012: system32\DRIVERS\wanarp.sys (system)

@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)

@%systemroot%\system32\wbiosrvc.dll,-100: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup (manual start)

@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)

@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)

Wd: \SystemRoot\system32\drivers\wd.sys (manual start)

Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)

@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)

@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)

@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (manual start)

WFP Lightweight Filter: system32\DRIVERS\wfplwf.sys (system)

WIMMount: system32\drivers\wimmount.sys (manual start)

@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)

@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)

@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)

Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (manual start)

@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)

@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" (autostart)

@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)

@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)

@%systemroot%\System32\drivers\ws2ifsl.sys,-1000: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)

@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)

@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)

Windows Update: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

User Mode Driver Frameworks Platform Driver: system32\drivers\WudfPf.sys (manual start)

WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)

@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

@%SystemRoot%\System32\wwansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 53.887 bytes

Report generated in 1,124 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Compartilhar este post


Link para o post
Compartilhar em outros sites

Execute o MalwareBytes' Anti-Malware.

  • Vá na aba Atualização e clique em Baixar Atualizações. Se houver alguma atualização do software, permita que ele seja atualizado.
  • Volte a aba Verificação e clique em Verificação completa.
  • Aguarde ate o scan terminar.
  • O log é automaticamente gravado e pode ser consultado clicando em Logs do menu principal do programa.
  • Copie e cole o conteúdo desse log na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log gerado pelo programa:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Versão da Base de Dados: v2013.02.04.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Rodrigo :: RODRIGO-BOB [administrador]

04/02/2013 16:17:48

mbam-log-2013-02-04 (16-17-48).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|F:\|H:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 759355

Tempo decorrido: 1 hora(s), 23 minuto(s), 22 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o ComboFix e salve no desktop.

Nota: Por favor, Não utilize o ComboFix por conta própria. O uso incorreto poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Analistas de remoção de malware.

  • Feche todas as janelas e programas e desabilite seu programa antivirus e antispyware.
  • Dê um duplo-clique no ComboFix.exe
  • Se você usa Windows XP, será solicitada a instalação do Console de Recuperação, clique em Sim para iniciar o download.
  • Siga normalmente as instruções do programa.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log gerado pelo ComboFix

ComboFix 13-02-07.01 - Rodrigo 07/02/2013 15:38:30.1.8 - x64

Executando de: c:\users\Rodrigo\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Rodrigo\AppData\Roaming\msregsvv.dll

c:\windows\msvcr71.dll

c:\windows\SysWow64\hookdll.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-01-07 to 2013-02-07 ))))))))))))))))))))))))))))

.

.

2013-02-07 17:43 . 2013-02-07 17:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-02-07 17:43 . 2013-02-07 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-05 14:23 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F01E4622-3963-4B89-B58A-2F6D5A596CD1}\mpengine.dll

2013-01-29 15:21 . 2013-01-29 15:21 -------- d-----w- c:\program files\Common Files\Propellerhead Software

2013-01-29 15:21 . 2013-01-29 15:21 -------- d-----w- c:\program files (x86)\Common Files\Propellerhead Software

2013-01-29 15:21 . 2006-11-06 14:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2013-01-29 15:21 . 2006-11-06 14:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2013-01-29 15:21 . 2005-12-15 22:30 1060864 ----a-w- c:\windows\SysWow64\MFC71.dll

2013-01-29 15:21 . 2013-01-29 15:32 -------- d-----w- c:\program files (x86)\Waves

2013-01-24 21:31 . 2013-01-24 21:31 -------- d-----w- C:\Temp

2013-01-24 21:28 . 2013-01-24 21:33 -------- d-----w- c:\program files (x86)\coolpro2

2013-01-19 23:11 . 2013-01-19 23:11 -------- dc-h--w- c:\programdata\{E8674DB2-4487-4238-A191-4DD8B190B0BC}

2013-01-17 18:17 . 2013-01-17 18:17 -------- d-----w- c:\windows\ERUNT

2013-01-17 18:16 . 2013-01-17 18:16 -------- d-----w- C:\JRT

2013-01-17 01:08 . 2013-01-17 01:08 -------- d-----w- C:\_OTS

2013-01-16 21:14 . 2013-01-16 21:15 -------- d-----w- C:\LinhaDefensiva

2013-01-16 21:14 . 2013-01-16 21:14 -------- d-----w- c:\users\Rodrigo\AppData\Roaming\Malwarebytes

2013-01-16 21:14 . 2013-01-16 21:14 -------- d-----w- c:\programdata\Malwarebytes

2013-01-16 21:14 . 2013-01-16 21:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-16 21:14 . 2012-12-14 18:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-16 21:13 . 2013-01-16 21:13 -------- d-----w- c:\users\Rodrigo\AppData\Local\Programs

2013-01-16 16:06 . 2013-01-16 16:06 -------- d-----w- c:\users\Rodrigo\AppData\Local\ElevatedDiagnostics

2013-01-15 19:29 . 2013-01-15 19:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-01-11 18:38 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-11 18:38 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-11 18:38 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-11 18:38 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-11 18:38 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-11 18:38 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-11 18:36 . 2012-11-30 05:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-17 03:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-11 19:37 . 2012-07-24 21:53 67599240 ----a-w- c:\windows\system32\MRT.exe

2012-12-29 10:34 . 2013-01-07 18:22 1813432 ----a-w- c:\windows\system32\nvdispco64.dll

2012-12-29 10:34 . 2013-01-07 18:22 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-12-29 10:34 . 2013-01-07 18:22 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-12-29 10:34 . 2013-01-07 18:22 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-12-29 10:34 . 2013-01-07 18:22 7565240 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-29 10:34 . 2013-01-07 18:22 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-12-29 10:34 . 2013-01-07 18:22 2904504 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-29 10:34 . 2013-01-07 18:22 26931128 ----a-w- c:\windows\system32\nvoglv64.dll

2012-12-29 10:34 . 2013-01-07 18:22 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-07 18:22 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-12-29 10:34 . 2013-01-07 18:22 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-12-29 10:34 . 2013-01-07 18:22 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-29 10:34 . 2013-01-07 18:22 9389888 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-29 10:34 . 2013-01-07 18:22 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-12-29 10:34 . 2013-01-07 18:22 2824656 ----a-w- c:\windows\system32\nvapi64.dll

2012-12-29 10:34 . 2013-01-07 18:22 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-12-29 10:34 . 2013-01-07 18:22 25256376 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-29 10:34 . 2013-01-07 18:22 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-12-29 10:34 . 2013-01-07 18:22 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-07 18:22 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-12-29 10:34 . 2013-01-07 18:22 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-12-29 08:40 . 2013-01-07 18:23 6382008 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-29 08:40 . 2013-01-07 18:23 3455416 ----a-w- c:\windows\system32\nvsvc64.dll

2012-12-29 08:40 . 2013-01-07 18:23 884152 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-29 08:40 . 2013-01-07 18:23 63928 ----a-w- c:\windows\system32\nvshext.dll

2012-12-29 08:40 . 2013-01-07 18:23 2558392 ----a-w- c:\windows\system32\nvsvcr.dll

2012-12-29 08:40 . 2013-01-07 18:23 118712 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-29 04:54 . 2012-12-29 04:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-12-20 22:46 . 2012-12-20 22:46 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-12-16 17:11 . 2012-12-20 22:02 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-20 22:02 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-20 22:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-20 22:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 16:50 . 2012-07-24 01:32 912192 ----a-w- c:\windows\PE_Rom.dll

2012-12-04 18:26 . 2013-01-01 20:29 4249197 ----a-w- c:\windows\SysWow64\WIN Installer Authorization Manager (Ver. 1.0.9 RC4).exe

2012-11-30 21:43 . 2013-01-01 20:29 8600667 ----a-w- c:\windows\SysWow64\CustomShopInstallerTR4.exe

2012-11-30 04:45 . 2013-01-11 18:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-28 19:20 . 2012-07-24 03:15 977728 ----a-w- c:\windows\PE_File.dll

2012-11-16 07:18 . 2012-11-16 07:18 167936 ----a-w- c:\windows\SysWow64\UAD2DriverClient.dll

2012-11-16 07:18 . 2012-11-16 07:18 1249280 ----a-w- c:\windows\SysWow64\UAD2SDK.dll

2012-11-16 07:18 . 2012-11-16 07:18 1036288 ------w- c:\windows\SysWow64\HypGui.dll

2012-11-16 07:17 . 2012-11-16 07:17 213504 ----a-w- c:\windows\system32\UAD2DriverClient.dll

2012-11-16 07:17 . 2012-11-16 07:17 1730560 ----a-w- c:\windows\system32\UAD2SDK.dll

2012-11-16 07:17 . 2012-11-16 07:17 1384960 ----a-w- c:\windows\system32\HypGui.dll

2012-11-16 07:01 . 2012-11-16 07:12 87552 ----a-w- c:\windows\system32\drivers\UAD2System.sys

2012-11-16 07:01 . 2012-11-16 07:12 46080 ----a-w- c:\windows\system32\drivers\UAD2Pcie.sys

2012-11-14 07:06 . 2012-12-14 16:55 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-14 16:55 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-14 16:55 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-14 16:55 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-14 16:55 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-14 16:55 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-14 16:55 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-14 16:55 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-14 16:55 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-14 16:55 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-14 16:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-14 16:55 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-14 16:55 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-14 16:55 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-14 16:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-14 16:55 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-14 16:55 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-14 16:55 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-14 16:55 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-14 16:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-14 16:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-14 16:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-07-12 15:00 . 2012-07-12 15:00 1490944 ----a-w- c:\program files (x86)\WaveShell-VST 9.1.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 Saffire;Saffire;c:\windows\system32\Drivers\Saffire.sys [2012-03-30 222064]

R3 SaffireAudio;Saffire Audio;c:\windows\system32\drivers\SaffireAudio.sys [2012-03-30 40176]

R3 SaffireMidi;Saffire MIDI;c:\windows\system32\drivers\SaffireMidi.sys [2012-03-30 50800]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]

S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2010-10-06 179752]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-20 283200]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-08 122856]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-08 369640]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]

S3 UAD2Pcie;Universal Audio UAD-2 DSP Accelerator;c:\windows\system32\DRIVERS\UAD2Pcie.sys [2012-11-16 46080]

S3 UAD2System;UAD-2 Global System Service;c:\windows\system32\DRIVERS\UAD2System.sys [2012-11-16 87552]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1571594046-1897512419-1774540078-1000Core.job

- c:\users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 01:35]

.

2013-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1571594046-1897512419-1774540078-1000UA.job

- c:\users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 01:35]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-06 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-06 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-06 439576]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138 192.168.0.1

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-02-07 15:45:13

ComboFix-quarantined-files.txt 2013-02-07 17:45

.

Pré-execução: 64.199.675.904 bytes disponíveis

Pós execução: 64.145.567.744 bytes disponíveis

.

- - End Of File - - 538FF3564893D7646E824B086E5CF958

Log gerado pelo HijackThis (após o ComboFix)

Logfile of HijackThis v1.99.1

Scan saved at 15:49:16, on 07/02/2013

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe

C:\Users\Rodrigo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Tire um print screen da tela com a mensagem e me envie na sua próxima resposta.

Obs: Se você não conseguir anexar a imagem no próprio fórum, utilize o imgur

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde

Segue em anexo a imagem do meu desktop com o aviso que aparece assim que ligo o computador.

post-132676-0-51204000-1360948330_thumb.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do BankerFix:

http://www.linhadefe...rg/dl/bankerfix

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em UAC_icon.png Executar como administrador

Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Dê dois cliques no bankerfix.exe para executá-lo.

Clique em OK na primeira e [CANCELAR] na segunda tela para impedir a execução do BankerFix.

Feito isso, vá em C:\LinhaDefensiva\ e execute o arquivo Iniciar-Bankerfix.vbs. Confirme que deseja atualizar o software e em [OK] para executar o software.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt

Em seguida:

Configure seu windows para mostrar todos os arquivos ocultos

- Acesse o site http://www.virustotal.com e envie o(s) arquivo(s) abaixo para analise.

c:\windows\SysWow64\msvcr71.dll

Informe através da URL( link ) o resultado.

Editado por killer

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá killer, informo que meu programa antivirus (avast) detectou "Cavalo de tróia" ao executar o BankerFix e, portanto, não consegui realizar o procedimento.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Isso é um falso positivo do Avast. Por favor, desative ele e tente rodar o BankerFix novamente.

:legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde, segui as orientações do BankerFix, porém as telas não apareceram como você descreveu. Mesmo continuando com a operação, após executar o programa, ele deixa de responder.

Como tive de desabilitar o antivirus para este procedimento, procurei por alguma outra alternativa na internet, e achei uma solução que inclusive está no site da Microsoft, que até o presente momento, não apareceu mais a mensagem na inicialização do Windows.

A única coisa que fiz foi realizar o descrito abaixo:

Em C:\Windows\System32\Tasks (renomar tasker para tasker.old)

Portanto, por ora digo que o problema no meu pc está solucionado. Volto daqui alguns dias para dizer se foi por definitivo.

Grato pela atenção até aqui.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites
  1. Ok, o log está limpo smile.gif
  2. Vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /Uninstall
    cfuninst.png
    Dê o OK. Aguarde proceder a desinstalação do ComboFix.
  3. Abra o OTL e clique no botão UQC5f.png
    Feche o OTL.
  4. Faça o Download do Ccleaner Slim
    • Instale o programa
    • Clique em Registro > procurar erros > corrigir erros selecionados.
    • Depois, clique em Limpador > analisar > executar limpeza.

Se desejar, leia o tutorial do programa:

http://linhadefensiva.org/forum/index.php?showtopic=12395

[*]AdobeReader.png Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

Remova a versão mais antiga do Adobe Reader e clique aqui para instalar a mais nova versão.

[*]java2.png Versões antigas do Java, têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema. Verifique se o seu sistema tem a última versão instalada:

  • Acesse o site Java.com/Download. Clique na opção Tenho o java?
  • Aguarde o site analisar qual é a sua versão do Java.
  • Se a versão for antiga, será oferecido o download da mais nova versão.
  • Clique em Faça o download do Java agora e instale a nova versão do Java.

[*]Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

[*] Se não há mais nenhum problema relacionado a malwares, clique no botão xQn5I.png e diga que o seu caso foi resolvido

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá. Notei que na última semana (desde que renomeei o arquivo Tasker para Tasker.old) a mensagem não apareceu mais.

Realizei os outros procedimentos de seu último post. Vou deixar o Ccleaner instalado pois acho útil tê-lo no pc.

Caso resolvido. Agradeço a atenção e o serviço prestado no site. Estão de parabéns, obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.