Ir para conteúdo

Foto

Não é possível encontrar o arquivo de script eol.vbs


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
25 respostas neste tópico

#1
Biruta

Biruta

    Novato

  • Membro
  • Pip
  • 13 posts
Olá amigos

Assim como outros usuários, estou tendo o problema descrito no título deste tópico.
Resolvi criar mais este tópico pois notei que, em outras palavras, cada caso é um caso.
Segue abaixo o log gerado pelo HijackThis
Desde já, muito obrigado pela atenção e peço desculpas caso cometa algum erro ao fazer este ou algum outro procedimento dentro do site.
Rodrigo





Logfile of HijackThis v1.99.1
Scan saved at 16:35:13, on 17/01/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

#2
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Olá,

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares

Por favor, observe o seguinte:
  • Não utilize softwares que não foram indicado.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em Seguir este tópico, Imagem Postada,
    para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma Mensagem Privada (MP)
Peço que me envie um novo log do HijackThis.

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#3
Biruta

Biruta

    Novato

  • Membro
  • Pip
  • 13 posts
Olá killer, já estou seguindo suas orientações.
Ao rodar o HijackThis, apareceram duas mensagens (não consegui copiar, mas o início da primeira diz "For some reason your system denied write access to the Hosts file... etc"
e após clicar ok, uma nova mensagem de erro apareceu, segue abaixo (consegui copiar pois foi automático para o clipboard):

An unexpected error has occurred at procedure: modMain_CheckOther1Item()

Error #75 - Path/File access error

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 6.01.3505
MSIE version: 9.0.8112.16421
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.


E então, gerou o seguinte log:

Logfile of HijackThis v1.99.1
Scan saved at 21:41:59, on 18/01/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)



No aguardo de suas instruções
Obrigado

#4
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts

e após clicar ok, uma nova mensagem de erro apareceu, segue abaixo (consegui copiar pois foi automático para o clipboard):

Basta executar o Hijackthis com privilegios de administrador.

Clique com o direito sobre o arquivo, depois clique em Imagem Postada


Baixe OTL by OldTimer, e salve na sua área de trabalho.

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em Imagem Postada


Feche todas as janelas e execute a ferramenta.
Onde diz Saída, marque Padrão
Marque também estas opções:
  • Usar WhiteList para Nomes de Companhias.
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

drives
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
C:\windows\system32\Tasks\*.* /s /64
%windir%\tasks\*.*
CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments



Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do Extras.txt e cole na sua resposta.
Anexe o arquivo OTL.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

:legal:

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#5
Biruta

Biruta

    Novato

  • Membro
  • Pip
  • 13 posts
Não sei se há diferença ao executar o HijackThis com privilégios de administrador, em todo caso, estou reenviando o log, e logo abaixo, os demais procedimentos que solicitou:



Logfile of HijackThis v1.99.1
Scan saved at 19:18:45, on 27/01/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rodrigo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)



CONTEÚDO DO EXTRAS.TXT


OTL Extras logfile created on: 27/01/2013 19:27:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rodrigo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,97 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,62% Memory free
3,94 Gb Paging File | 1,44 Gb Available in Paging File | 36,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 69,65 Gb Free Space | 47,58% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 17,95 Gb Free Space | 12,26% Space Free | Partition Type: NTFS
Drive E: | 172,79 Gb Total Space | 37,62 Gb Free Space | 21,77% Space Free | Partition Type: NTFS

Computer Name: RODRIGO-BOB | User Name: Rodrigo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CF447B9-2287-4D49-82BF-2CB1ED97456E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1D35769B-691E-4B14-AD0C-D7C63E806D43}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2718184B-9343-4E23-B20A-09E552D9595E}" = lport=137 | protocol=17 | dir=in | app=system |
"{28222460-1C6D-4857-AE4A-599BD0526AFE}" = rport=138 | protocol=17 | dir=out | app=system |
"{3DCDA74D-C83A-49FA-9B2B-7FA65B698D25}" = lport=10243 | protocol=6 | dir=in | app=system |
"{46D297ED-74EC-40FC-8F4D-5C909B299F2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{8FB9C968-BB30-4428-9078-31848E74DC7F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9E8BB11A-1546-4095-B3A6-EDF55B6CAB9F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3F66C48-D521-440B-8C9B-4ADE61E38D66}" = rport=139 | protocol=6 | dir=out | app=system |
"{A9B97B87-47E0-4C59-8FB2-30A61F9673F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF617BC4-9A82-4E00-8B35-C06CA63AE03C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4AA6525-FC1B-4EE3-8872-992020240763}" = lport=445 | protocol=6 | dir=in | app=system |
"{B92E614A-2B54-4668-B216-757BBF8B32D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC6BE913-6EDF-4585-BE38-1ED8CDC2C5F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2EE50C1-7817-46A7-A714-7339992CAD34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE520DAC-BB8D-499D-AB7B-457D4BD98672}" = rport=137 | protocol=17 | dir=out | app=system |
"{E28FFFFE-E068-44AB-81D4-1BB424A12E08}" = lport=139 | protocol=6 | dir=in | app=system |
"{F175D446-3A4B-44E6-89D3-55C2846FB2ED}" = rport=445 | protocol=6 | dir=out | app=system |
"{F548350D-3F55-432A-A820-96DFD94C7ADF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F77B9B58-E517-4430-A908-50E4CAED02E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCEF3DC8-A803-4B17-893D-CAF0BA2AA6DC}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0587EA70-4F66-481C-B407-5B6415B5FD49}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F7ECEB0-3A09-48B4-A277-8563CEFC524E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18492CB9-00CB-4C8B-B7E5-05AD841B165B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{27DFEF74-DBD2-4102-884C-563878EE8154}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D688216-CF5A-414B-881A-6667CF2EE004}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{351A0596-05C5-4F50-A203-E2D22D50154D}" = protocol=6 | dir=out | app=system |
"{432FAB29-DBE9-4DA9-B1BE-0F08694DC640}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4406FB3D-D5E2-4D30-A615-43353E43D397}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55BBB57C-6A19-4631-876C-6D34F5D0CD1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{574F8D68-5136-47D7-934C-95B38B9E1616}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62E12091-9A6B-4B46-9222-A78AD26EE334}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{68AA89ED-F950-479F-A880-CBE73A4D0B55}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E6C0D88-E607-4E65-982A-26FD54E7FE31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{700A703A-6B56-43EF-BC40-3220DFFC1196}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8A8F6D86-34ED-4CD8-8F25-5D3CA1C85BC4}" = protocol=6 | dir=in | app=c:\program files (x86)\psafe\psrsync.exe |
"{9A408E80-8BED-4140-8761-3AE914DA14F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F27AD11-26AD-4382-AF76-393304DFB2D1}" = protocol=17 | dir=in | app=c:\program files (x86)\psafe\psrsync.exe |
"{B2FF134D-3521-4D9A-B74D-9C16965FD08C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C1D43718-F092-4CA9-A212-7D379EE2FE77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFF09E2C-B1CB-483A-B138-ACA0B1CC1854}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E64B36F8-9E34-4A2F-85D2-08E32B0B6A6B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE68C740-45A2-49DA-A673-014A9E6E5FF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{27646FD2-132D-4A79-94F1-2E0E5CC5E5F9}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"TCP Query User{DA336D52-D273-4E18-9ED1-52AAB8EBF71E}C:\users\rodrigo\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\rodrigo\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{0604211F-26F5-4F15-9E55-46F0BA5A75E7}C:\users\rodrigo\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\rodrigo\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{D92F5CE8-E19E-43F0-8394-0EDE2FC4E210}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{280867A7-5185-4379-AE9E-5ADAB1211347}" = Native Instruments Passive EQ
"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{53EE2829-E9DB-4913-B3EA-96F10F84E98B}" = Melodyne Runtime 4.1 (x64)
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack
"{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1" = IK Multimedia Authorization Manager version 1.0.5
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9D3BAEFB-5DDD-43D4-8BB2-D9989521F003}" = Native Instruments Razor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver de áudio HD 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.9.1
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFABEF59-581B-482C-A51D-421D48AA69AE}" = Native Instruments Enhanced EQ
"157A0C000E37CBCABDDE054F327E7E179DF71430" = Windows Driver Package - Universal Audio Inc. (UAD2System) UAD2DSP (03/29/2012 6.01.0097)
"57ED3080113BC75BAB67AFD73CCCCEDBFA0ED5EE" = Windows Driver Package - Universal Audio Inc. (UAD2System) UAD2DSP (11/16/2012 6.04.0666)
"7BE5DD05AFC7EA233501CC85DB3E9E78F8E95311" = Windows Driver Package - Universal Audio Inc. (UAD2Pcie) UAD2DSP (03/29/2012 6.01.0097)
"93A78522D057352473D8B29C31AFAAE49803012C" = Windows Driver Package - Universal Audio Inc. (UAD2Pcie) UAD2DSP (11/16/2012 6.04.0666)
"Cyclop_is1" = Sugar Bytes Cyclop 1.0.1
"DF92A8FFFD19B772414727D203D9FAA2D509BBF0" = Windows Driver Package - Universal Audio Inc. (UAD2Fw) UAD2DSP (11/16/2012 6.04.0666)
"Diversion VST_is1" = Diversion VST version 1.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
"MSI Stereo Buss Compressor VST v1.0_is1" = MSI Stereo Buss Compressor VST v1.0
"Saffire PRO 40_is1" = Saffire MixControl 3.0
"Turnado_is1" = Sugar Bytes Turnado 1.5
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C950EE-9D99-408E-91A8-7270A3E64CC6}" = Phoscyon 1.9.0 (32bit)
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{232A756D-E4B4-4779-9232-DFF5374FC334}_is1" = Vyzex MPK49
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3A9F2B3F-9669-4AB2-ACEA-FFE7BBEAAF07}" = Microsoft VC8 CRT for Loomer Applications
"{45AEEC15-1EE4-4CD9-84C2-C0FF1F008EA1}_is1" = W2 Harmonizer v1.0
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5790BB78-C3B6-11E0-AF6D-C6874824019B}" = Waldorf Edition
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82BEEB3F-D0BF-42EE-8739-F4827C4805B7}" = VirtualDJ PRO Full
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CBFDB1C-E36D-4161-84E0-9EFA299232D6}" = Nithonat 1.5.1 (32bit)
"{91000001-C561-4E32-99EB-3C5AD3683A70}" = Waves Complete V9r7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1959D9-82C4-4431-88EE-B5A751FD81BA}" = Mashup
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.9
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Português
"{AFC19F5C-319B-4ECD-8576-8051D2E452F9}" = Drumazon 1.5.1 (32bit)
"{B2F62BBB-C527-4CE7-90D1-5717110677B6}" = Nepheton 1.5.1 (32bit)
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E622ECC4-4310-4D7B-B401-159E0C22516A}" = YAMAHA VST Plugin Final Master Trial
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Analog Factory_is1" = Analog Factory 2.5
"ARP2600 V2_is1" = ARP2600 V2 2.0
"AudioRealism Bass Line 2_is1" = ABL 2.5.0
"avast" = avast! Free Antivirus
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CS-80V2_is1" = CS-80V2 2.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"discoDSP Discovery Pro R5.6_is1" = discoDSP Discovery Pro
"eLicenser Control" = eLicenser Control
"FL Studio 10" = FL Studio 10
"Hematohm VST2" = OhmForce Hematohm VST2
"HijackThis" = HijackThis 1.99.1
"IL Download Manager" = IL Download Manager
"iZotope Alloy 2_is1" = iZotope Alloy 2
"iZotope Trash 2_is1" = iZotope Trash 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Full)
"Lexicon PSP 42 32bit" = Lexicon PSP 42 32bit
"LinPlug CronoX v2.0.1" = LinPlug CronoX v2.0.1
"Live 8.2.1" = Live 8.2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.70.0.1100
"minimoog V2_is1" = minimoog V2 2.0
"minimoogv2_5_is1" = minimoog-v 2.5.0
"Moog Modular V 2_is1" = Moog Modular V 2.5
"mv61xxDriver" = marvell 61xx
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Enhanced EQ" = Native Instruments Enhanced EQ
"Native Instruments FM7 VSTi DXI RTAS v1.1.3.4" = Native Instruments FM7 VSTi DXI RTAS v1.1.3.4
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Passive EQ" = Native Instruments Passive EQ
"Native Instruments Pro-53" = Native Instruments Pro-53
"Native Instruments Razor" = Native Instruments Razor
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reflektor" = Native Instruments Reflektor
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Prophet-V2_is1" = Prophet-V2 2.0
"PSP VintageWarmer2 2.1.4" = PSP VintageWarmer2 2.1.4
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"reFX Vanguard_is1" = reFX Vanguard VSTi RTAS v1.8.0
"Shift" = Loomer Shift
"Sonnoxplugins Oxford Elite Collection Native_is1" = Sonnoxplugins Oxford Elite Collection Native v1.0
"TC Native Bundle v3.1" = TC Native Bundle v3.1
"TerraTec Komplexer_is1" = TerraTec Komplexer VSTi 1.0.3
"Tone2 ElectraX full_is1" = ElectraX full
"Tone2 FilterBank3_is1" = FilterBank v3.3
"Tone2 FireBird_is1" = FireBird plus v1.11.2
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"UAD Powered Plug-Ins" = UAD Powered Plug-Ins v6.4.0
"Wowcoder VST" = Wowcoder VST

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octopus" = Octopus

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24/01/2013 22:32:25 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\GTR
3.5.exe". Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",
na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade
do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
A
definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Use
o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 24/01/2013 22:32:26 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\wlc.exe".
Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",
na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade
do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
A
definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Use
o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 25/01/2013 15:00:18 | Computer Name = Rodrigo-BOB | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: CamtasiaStudio.exe, versão: 7.1.1.1785,
carimbo de hora: 0x4d2f69f8 Nome do módulo de falhas: tsccvid.dll, versão: 3.0.0.0,
carimbo de hora: 0x4c44a89a Código de exceção: 0xc0000005 Deslocamento com falha:
0x0003c830 Identificação do processo com falha: 0x3f8 Hora de início do aplicativo
com falha: 0x01cdfb27d348400c Caminho do aplicativo com falha: C:\Program Files
(x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe FCaminho do módulo de falhas:
C:\Windows\SysWOW64\tsccvid.dll Identificação do Relatório: 7544e235-6721-11e2-ac4b-f46d04735e9d

Error - 25/01/2013 15:02:03 | Computer Name = Rodrigo-BOB | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: CamtasiaStudio.exe, versão: 7.1.1.1785,
carimbo de hora: 0x4d2f69f8 Nome do módulo de falhas: tsccvid.dll, versão: 3.0.0.0,
carimbo de hora: 0x4c44a89a Código de exceção: 0xc0000005 Deslocamento com falha:
0x00002c75 Identificação do processo com falha: 0x108c Hora de início do aplicativo
com falha: 0x01cdfb2e40d84639 Caminho do aplicativo com falha: C:\Program Files
(x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe FCaminho do módulo de falhas:
C:\Windows\SysWOW64\tsccvid.dll Identificação do Relatório: b4170a90-6721-11e2-ac4b-f46d04735e9d

Error - 26/01/2013 12:49:29 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842815
Description = Falha na geração de contexto de ativação para "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Erro no arquivo de manifesto ou de
diretiva c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",
na linha 3. O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
do atributo version no elemento assemblyIdentity é inválido.

Error - 26/01/2013 12:50:27 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\GTR
3.5.exe". Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",
na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade
do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
A
definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Use
o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 26/01/2013 12:50:27 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\wlc.exe".
Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",
na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade
do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
A
definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Use
o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 27/01/2013 16:08:36 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842815
Description = Falha na geração de contexto de ativação para "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Erro no arquivo de manifesto ou de
diretiva c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",
na linha 3. O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
do atributo version no elemento assemblyIdentity é inválido.

Error - 27/01/2013 16:09:31 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\GTR
3.5.exe". Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",
na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade
do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
A
definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Use
o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error - 27/01/2013 16:09:31 | Computer Name = Rodrigo-BOB | Source = SideBySide | ID = 16842787
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Waves\applications\wlc.exe".
Erro no arquivo de manifesto ou de diretiva c:\program files (x86)\Waves\applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST",
na linha 8. Identidade do componente localizado no manifesto não corresponde à identidade
do componente solicitado. A referência é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
A
definição é WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Use
o arquivo sxstrace.exe para obter um dignóstico detalhado.

[ System Events ]
Error - 20/01/2013 19:25:32 | Computer Name = Rodrigo-BOB | Source = DCOM | ID = 10010
Description =

Error - 27/01/2013 14:18:03 | Computer Name = Rodrigo-BOB | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 16:15:43 às ?27/?01/?2013 não
era esperado.

Error - 27/01/2013 14:18:05 | Computer Name = RODRIGO-BOB | Source = BugCheck | ID = 1001
Description =


< End of report >


OTL.TXT em anexo



No aguardo das suas instruções
Obrigado

Arquivo(s) anexado(s)

  • Arquivo anexado  OTL.Txt   135,57K   3 Downloads


#6
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Configure seu windows para mostrar todos os arquivos ocultos

- Acesse o site http://www.virustotal.com e envie o(s) arquivo(s) abaixo para analise.

C:\Users\Rodrigo\AppData\Roaming\msregsvv.dll


Informe através da URL( link ) o resultado.

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#7
Biruta

Biruta

    Novato

  • Membro
  • Pip
  • 13 posts
Ok, segue a url do resultado da análise

https://www.virustot...sis/1359516237/

#8
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Isso ainda acontece?

Não é possível encontrar o arquivo de script eol.vbs


- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#9
Biruta

Biruta

    Novato

  • Membro
  • Pip
  • 13 posts
Sim. Ao ligar o computador, a primeira mensagem que aparece no windows é essa. Clico em "ok" e ela se fecha.

#10
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Abra o Hijackthis.
  • Clique em Open the Misc Tools Section.
  • Em seguida, clique em Generated StartupList Log. Certifique-se de ambas as caixas estejam marcadas
  • Clique em Sim/Yes.
  • Um bloco de notas será aberto, copie e cole o conteúdo desse bloco de notas na sua proxima resposta.
    OBS: Uma copia desse resultado é salvo na mesma pasta do Hijackthis.

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#11
Biruta

Biruta

    Novato

  • Membro
  • Pip
  • 13 posts
Ok, segue abaixo o resultado do bloco de notas:



StartupList report, 02/02/2013, 17:29:53
StartupList version: 1.52.2
Started from : C:\Users\Rodrigo\Desktop\HijackThis.EXE
Detected: Unknown Windows (WinNT 6.01.3505 SP1)
Detected: Internet Explorer v9.00 (9.00.8112.16457)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\Rodrigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BCU = "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Google Update = "C:\Users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = %SystemRoot%\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Editor do Registro'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskUserS-1-5-21-1571594046-1897512419-1774540078-1000Core.job
GoogleUpdateTaskUserS-1-5-21-1571594046-1897512419-1774540078-1000UA.job

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #5: C:\Windows\System32\mswsock.dll
NameSpace #6: C:\Windows\System32\winrnr.dll
Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

1394 OHCI Compliant Host Controller: system32\DRIVERS\1394ohci.sys (manual start)
Microsoft ACPI Driver: system32\drivers\ACPI.sys (system)
ACPI Power Meter Driver: \SystemRoot\system32\drivers\acpipmi.sys (manual start)
Adobe Acrobat Update Service: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" (autostart)
adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (manual start)
adpahci: \SystemRoot\system32\drivers\adpahci.sys (manual start)
adpu320: \SystemRoot\system32\drivers\adpu320.sys (manual start)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\drivers\afd.sys,-1000: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
ASUS Charger Plus Driver: system32\DRIVERS\AiChargerPlus.sys (system)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (manual start)
amdide: \SystemRoot\system32\drivers\amdide.sys (manual start)
AMD K8 Processor Driver: \SystemRoot\system32\drivers\amdk8.sys (manual start)
AMD Processor Driver: \SystemRoot\system32\drivers\amdppm.sys (manual start)
amdsata: \SystemRoot\system32\drivers\amdsata.sys (manual start)
amdsbs: \SystemRoot\system32\drivers\amdsbs.sys (manual start)
amdxata: system32\drivers\amdxata.sys (system)
@%systemroot%\system32\appidsvc.dll,-102: \SystemRoot\system32\drivers\appid.sys (manual start)
@%systemroot%\system32\appidsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@appmgmts.dll,-3250: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\drivers\arc.sys (manual start)
arcsas: \SystemRoot\system32\drivers\arcsas.sys (manual start)
ASUS Com Service: C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe (autostart)
ASUS HM Com Service: C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe (autostart)
AsIO: SysWow64\drivers\AsIO.sys (system)
ASMedia USB3 Hub Service: system32\DRIVERS\asmthub3.sys (manual start)
ASMEDIA XHCI Service: system32\DRIVERS\asmtxhci.sys (manual start)
Serviço de estado do ASP.NET: %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (manual start)
ASUS System Control Service: C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe (autostart)
AsUpIO: SysWow64\drivers\AsUpIO.sys (system)
aswMonFlt: \??\C:\Windows\system32\drivers\aswMonFlt.sys (autostart)
aswRdr: \SystemRoot\System32\Drivers\aswrdr2.sys (system)
@%systemroot%\system32\rascfg.dll,-32000: system32\DRIVERS\asyncmac.sys (manual start)
Canal de IDE: system32\drivers\atapi.sys (system)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
avast! Antivirus: "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" (autostart)
@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)
Broadcom NetXtreme II VBD: \SystemRoot\system32\drivers\bxvbda.sys (manual start)
Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0: system32\DRIVERS\b57nd60a.sys (manual start)
Browser Configuration Utility Service: C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (autostart)
@%SystemRoot%\system32\bdesvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
blbdrive: system32\DRIVERS\blbdrive.sys (system)
@%systemroot%\system32\browser.dll,-102: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\BrFiltLo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\BrFiltUp.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\System32\Drivers\Brserid.sys (manual start)
Brother WDM Serial driver: \SystemRoot\System32\Drivers\BrSerWdm.sys (manual start)
Brother MFC USB Fax Only Modem: \SystemRoot\System32\Drivers\BrUsbMdm.sys (manual start)
Brother MFC USB Serial WDM Driver: \SystemRoot\System32\Drivers\BrUsbSer.sys (manual start)
Bluetooth Serial Communications Driver: \SystemRoot\system32\drivers\bthmodem.sys (manual start)
@%SystemRoot%\System32\bthserv.dll,-101: %SystemRoot%\system32\svchost.exe -k bthsvcs (manual start)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
Driver de CD-ROM: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (manual start)
@%SystemRoot%\system32\clfs.sys,-100: System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v2.0.50727_X64: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v4.0.30319_X86: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
Microsoft .NET Framework NGEN v4.0.30319_X64: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (autostart)
Microsoft ACPI Control Method Battery Driver: \SystemRoot\system32\drivers\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (manual start)
: System32\Drivers\cng.sys (system)
Compbatt: \SystemRoot\system32\drivers\compbatt.sys (manual start)
Driver Enumerador de Barramento de Composição: system32\DRIVERS\CompositeBus.sys (manual start)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Intel® Content Protection HECI Service: %SystemRoot%\SysWow64\IntelCpHeciSvc.exe (manual start)
Crcdisk Filter Driver: \SystemRoot\system32\drivers\crcdisk.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\cscsvc.dll,-202: system32\drivers\csc.sys (system)
@%systemroot%\system32\cscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\defragsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k defragsvc (manual start)
@%systemroot%\system32\drivers\dfsc.sys,-101: System32\Drivers\dfsc.sys (system)
@%SystemRoot%\system32\dhcpcore.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\drivers\discache.sys,-102: System32\drivers\discache.sys (system)
Driver de disco: system32\drivers\disk.sys (system)
dmvsc: \SystemRoot\system32\drivers\dmvsc.sys (manual start)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Drivers de Áudio Confiáveis da Microsoft: system32\drivers\drmkaud.sys (manual start)
DAEMON Tools Virtual Bus Driver: system32\DRIVERS\dtsoftbus01.sys (system)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Broadcom NetXtreme II 10 GigE VBD: \SystemRoot\system32\drivers\evbda.sys (manual start)
@%SystemRoot%\system32\efssvc.dll,-100: %SystemRoot%\System32\lsass.exe (manual start)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
elxstor: \SystemRoot\system32\drivers\elxstor.sys (manual start)
Microsoft Hardware Error Device Driver: \SystemRoot\system32\drivers\errdev.sys (manual start)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%systemroot%\system32\fxsresm.dll,-118: %systemroot%\system32\fxssvc.exe (manual start)
Floppy Disk Controller Driver: \SystemRoot\system32\drivers\fdc.sys (manual start)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\fileinfo.sys,-100: system32\drivers\fileinfo.sys (system)
@%SystemRoot%\system32\drivers\filetrace.sys,-10001: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: \SystemRoot\system32\drivers\flpydisk.sys (manual start)
@%SystemRoot%\system32\drivers\fltmgr.sys,-10001: system32\drivers\fltmgr.sys (system)
@%systemroot%\system32\FntCache.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (autostart)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (manual start)
@%SystemRoot%\system32\drivers\fsdepends.sys,-10001: System32\drivers\FsDepends.sys (manual start)
@%SystemRoot%\system32\drivers\fvevol.sys,-100: System32\DRIVERS\fvevol.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Hauppauge Consumer Infrared Receiver: \SystemRoot\system32\drivers\hcw85cir.sys (manual start)
Driver de Função Microsoft 1.1 UAA para Serviço de High Definition Audio: system32\drivers\HdAudio.sys (manual start)
Driver de Barramento Microsoft UAA para High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
HID UPS Battery Driver: \SystemRoot\system32\drivers\HidBatt.sys (manual start)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\drivers\hidbth.sys (manual start)
Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (manual start)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Driver de classe HID da Microsoft: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\ListSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\provsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
HpSAMD: \SystemRoot\system32\drivers\HpSAMD.sys (manual start)
@%SystemRoot%\system32\drivers\http.sys,-1: system32\drivers\HTTP.sys (manual start)
@%systemroot%\system32\drivers\hwpolicy.sys,-101: System32\drivers\hwpolicy.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (manual start)
Intel RAID Controller Windows 7: \SystemRoot\system32\drivers\iaStorV.sys (manual start)
@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
igfx: system32\DRIVERS\igdkmd64.sys (manual start)
iirsp: \SystemRoot\system32\drivers\iirsp.sys (manual start)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
Service for Realtek HD Audio (WDM): system32\drivers\RTKVHD64.sys (manual start)
Áudio do vídeo Intel®: system32\DRIVERS\IntcDAud.sys (manual start)
intelide: \SystemRoot\system32\drivers\intelide.sys (manual start)
Driver de Processador Intel: system32\DRIVERS\intelppm.sys (manual start)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\rascfg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-500: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IPMIDRV: \SystemRoot\system32\drivers\IPMIDrv.sys (manual start)
IP Network Address Translator: System32\drivers\ipnat.sys (manual start)
@%SystemRoot%\system32\drivers\irenum.sys,-100: system32\drivers\irenum.sys (manual start)
isapnp: \SystemRoot\system32\drivers\isapnp.sys (manual start)
iScsiPort Driver: \SystemRoot\system32\drivers\msiscsi.sys (manual start)
Driver de Classe de Teclado: system32\DRIVERS\kbdclass.sys (manual start)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (manual start)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
: System32\Drivers\ksecdd.sys (system)
: System32\Drivers\ksecpkg.sys (system)
Kernel Streaming Thunks: \SystemRoot\system32\drivers\ksthunk.sys (manual start)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation (manual start)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Intel® Management and Security Application Local Management Service: C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (autostart)
LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (manual start)
LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (manual start)
LSI_SAS2: \SystemRoot\system32\drivers\lsi_sas2.sys (manual start)
LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (manual start)
@%systemroot%\system32\drivers\luafv.sys,-100: \SystemRoot\system32\drivers\luafv.sys (autostart)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
megasas: \SystemRoot\system32\drivers\megasas.sys (manual start)
MegaSR: \SystemRoot\system32\drivers\MegaSR.sys (manual start)
Intel® Management Engine Interface: system32\DRIVERS\HECIx64.sys (manual start)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (manual start)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
@%SystemRoot%\system32\drivers\mountmgr.sys,-100: System32\drivers\mountmgr.sys (system)
mpio: \SystemRoot\system32\drivers\mpio.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%systemroot%\system32\webclnt.dll,-104: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1002: system32\DRIVERS\mrxsmb.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1004: system32\DRIVERS\mrxsmb10.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1006: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\drivers\msahci.sys (manual start)
msdsm: \SystemRoot\system32\drivers\msdsm.sys (manual start)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100: \SystemRoot\System32\drivers\mshidkmdf.sys (manual start)
msisadrv: system32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec.exe /V (manual start)
Proxy de serviço de streaming Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy do relógio de streaming Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy de gerenciador de qualidade de streaming Microsoft: system32\drivers\MSPQM.sys (manual start)
Driver de BIOS de Gerenciamento de Sistema Microsoft: system32\DRIVERS\mssmbios.sys (system)
Conversor em T entre Coletores de streaming Microsoft: system32\drivers\MSTEE.sys (manual start)
Microsoft Input Configuration Driver: \SystemRoot\system32\drivers\MTConfig.sys (manual start)
@%systemroot%\system32\drivers\mup.sys,-101: System32\Drivers\mup.sys (system)
mv61xx: system32\DRIVERS\mv61xx.sys (system)
@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
@%SystemRoot%\system32\drivers\ndis.sys,-200: system32\drivers\ndis.sys (system)
NDIS Capture LightWeight Filter: system32\DRIVERS\ndiscap.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32001: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32002: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
@%SystemRoot%\system32\drivers\netbt.sys,-2: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %systemroot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator (disabled)
@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)
@%SystemRoot%\system32\netprofm.dll,-202: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)
@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8201: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)
nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (manual start)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\drivers\nsiproxy.sys,-2: system32\drivers\nsiproxy.sys (system)
Service for NVIDIA High Definition Audio Driver: system32\drivers\nvhda64v.sys (manual start)
nvlddmkm: system32\DRIVERS\nvlddmkm.sys (manual start)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (manual start)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (manual start)
NVIDIA Display Driver Service: C:\Windows\system32\nvvsvc.exe (autostart)
NVIDIA Update Service Daemon: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (autostart)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
1394 OHCI Compliant Host Controller (Legacy): \SystemRoot\system32\drivers\ohci1394.sys (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
Parallel port driver: \SystemRoot\system32\drivers\parport.sys (manual start)
@%SystemRoot%\system32\drivers\partmgr.sys,-100: System32\drivers\partmgr.sys (system)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
PCI Bus Driver: system32\drivers\pci.sys (system)
pciide: system32\drivers\pciide.sys (system)
pcmcia: \SystemRoot\system32\drivers\pcmcia.sys (manual start)
Performance Counters for Windows Driver: System32\drivers\pcw.sys (system)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%SystemRoot%\system32\peerdistsvc.dll,-9000: %SystemRoot%\System32\svchost.exe -k PeerDist (manual start)
@%systemroot%\sysWow64\perfhost.exe,-2: %SystemRoot%\SysWow64\perfhost.exe (manual start)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\pnrpauto.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\umpo.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%systemroot%\system32\rascfg.dll,-32006: system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\drivers\processr.sys (manual start)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
ql2300: \SystemRoot\system32\drivers\ql2300.sys (manual start)
ql40xx: \SystemRoot\system32\drivers\ql40xx.sys (manual start)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (manual start)
WAN Miniport (IKEv2): system32\DRIVERS\AgileVpn.sys (manual start)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32005: system32\DRIVERS\rasl2tp.sys (manual start)
@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32007: system32\DRIVERS\raspppoe.sys (manual start)
@%systemroot%\system32\sstpsvc.dll,-202: system32\DRIVERS\rassstp.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1000: system32\DRIVERS\rdbss.sys (system)
Remote Desktop Device Redirector Bus Driver: system32\DRIVERS\rdpbus.sys (manual start)
@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\drivers\rdpdr.sys (manual start)
@%systemroot%\system32\drivers\RDPENCDD.sys,-101: system32\drivers\rdpencdd.sys (system)
@%systemroot%\system32\drivers\RdpRefMp.sys,-101: system32\drivers\rdprefmp.sys (system)
Remote Desktop Video Miniport Driver: System32\drivers\rdpvideominiport.sys (manual start)
ReadyBoost: System32\drivers\rdyboost.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
@%windir%\system32\RpcEpMap.dll,-1001: %SystemRoot%\system32\svchost.exe -k RPCSS (autostart)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
Realtek 8167 NT Driver: system32\DRIVERS\Rt64win7.sys (manual start)
s3cap: \SystemRoot\system32\drivers\vms3cap.sys (manual start)
Saffire: System32\Drivers\Saffire.sys (manual start)
Saffire Audio: system32\drivers\SaffireAudio.sys (manual start)
Saffire MIDI: system32\drivers\SaffireMidi.sys (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
sbp2port: \SystemRoot\system32\drivers\sbp2port.sys (manual start)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\System32\drivers\scfilter.sys,-11: System32\DRIVERS\scfilter.sys (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\sensrsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (manual start)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (manual start)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\drivers\sfloppy.sys (manual start)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiSRaid2: \SystemRoot\system32\drivers\SiSRaid2.sys (manual start)
SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (manual start)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
@%SystemRoot%\system32\sppsvc.exe,-101: %SystemRoot%\system32\sppsvc.exe (autostart)
@%SystemRoot%\system32\sppuinotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\srvsvc.dll,-102: System32\DRIVERS\srv.sys (manual start)
@%systemroot%\system32\srvsvc.dll,-104: System32\DRIVERS\srv2.sys (manual start)
: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\sstpsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
NVIDIA Stereoscopic 3D Driver Service: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (autostart)
stexstor: \SystemRoot\system32\drivers\stexstor.sys (manual start)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
@%SystemRoot%\system32\vmstorfltres.dll,-1000: system32\drivers\vmstorfl.sys (system)
storvsc: \SystemRoot\system32\drivers\storvsc.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
: System32\drivers\synth3dvsc.sys (manual start)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Driver de dispositivo de terminal: system32\DRIVERS\termdd.sys (system)
Microsoft Remote Desktop Input Driver: \SystemRoot\system32\drivers\terminpt.sys (manual start)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\themeservice.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101: System32\DRIVERS\tssecsrv.sys (manual start)
: system32\drivers\tsusbflt.sys (manual start)
Remote Desktop Generic USB Device: \SystemRoot\system32\drivers\TsUsbGD.sys (manual start)
@%SystemRoot%\system32\drivers\tsusbhub.sys,-1: system32\drivers\tsusbhub.sys (manual start)
Driver do Adaptador de Miniporta de Túnel da Microsoft: system32\DRIVERS\tunnel.sys (manual start)
Universal Audio UAD-2 DSP Accelerator: system32\DRIVERS\UAD2Pcie.sys (manual start)
UAD-2 Global System Service: system32\DRIVERS\UAD2System.sys (manual start)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
Driver de Enumerador UMBus: system32\DRIVERS\umbus.sys (manual start)
Microsoft UMPass Driver: \SystemRoot\system32\drivers\umpass.sys (manual start)
@%SystemRoot%\system32\umrdp.dll,-1000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Intel® Management and Security Application User Notification Service: "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" (autostart)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Driver de áudio USB (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbohci.sys (manual start)
Microsoft USB PRINTER Class: \SystemRoot\system32\drivers\usbprint.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbuhci.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vaultsvc.dll,-1003: %SystemRoot%\system32\lsass.exe (manual start)
Driver de enumerador da unidade virtual Microsoft: system32\drivers\vdrvroot.sys (system)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
: \SystemRoot\System32\drivers\vga.sys (system)
: System32\drivers\rdvgkmd.sys (manual start)
vhdmp: \SystemRoot\system32\drivers\vhdmp.sys (manual start)
viaide: \SystemRoot\system32\drivers\viaide.sys (manual start)
vmbus: \SystemRoot\system32\drivers\vmbus.sys (manual start)
VMBusHID: \SystemRoot\system32\drivers\VMBusHID.sys (manual start)
Volume Manager Driver: system32\drivers\volmgr.sys (system)
@%SystemRoot%\system32\drivers\volmgrx.sys,-100: System32\drivers\volmgrx.sys (system)
Volumes de armazenamento: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (manual start)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
@%SystemRoot%\System32\drivers\vwifibus.sys,-257: \SystemRoot\System32\drivers\vwifibus.sys (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32011: system32\DRIVERS\wanarp.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32012: system32\DRIVERS\wanarp.sys (system)
@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)
@%systemroot%\system32\wbiosrvc.dll,-100: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup (manual start)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Wd: \SystemRoot\system32\drivers\wd.sys (manual start)
Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (manual start)
WFP Lightweight Filter: system32\DRIVERS\wfplwf.sys (system)
WIMMount: system32\drivers\wimmount.sys (manual start)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (manual start)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" (autostart)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\System32\drivers\ws2ifsl.sys,-1000: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
Windows Update: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
User Mode Driver Frameworks Platform Driver: system32\drivers\WudfPf.sys (manual start)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\System32\wwansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 53.887 bytes
Report generated in 1,124 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#12
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Execute o MalwareBytes' Anti-Malware.
  • Vá na aba Atualização e clique em Baixar Atualizações. Se houver alguma atualização do software, permita que ele seja atualizado.
  • Volte a aba Verificação e clique em Verificação completa.
  • Aguarde ate o scan terminar.
  • O log é automaticamente gravado e pode ser consultado clicando em Logs do menu principal do programa.
  • Copie e cole o conteúdo desse log na sua próxima resposta.

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#13
Biruta

Biruta

    Novato

  • Membro
  • Pip
  • 13 posts
Segue o log gerado pelo programa:





Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Versão da Base de Dados: v2013.02.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rodrigo :: RODRIGO-BOB [administrador]

04/02/2013 16:17:48
mbam-log-2013-02-04 (16-17-48).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|F:\|H:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 759355
Tempo decorrido: 1 hora(s), 23 minuto(s), 22 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

#14
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Baixe o ComboFix e salve no desktop.

Nota: Por favor, Não utilize o ComboFix por conta própria. O uso incorreto poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Analistas de remoção de malware.

  • Feche todas as janelas e programas e desabilite seu programa antivirus e antispyware.
  • Dê um duplo-clique no ComboFix.exe
  • Se você usa Windows XP, será solicitada a instalação do Console de Recuperação, clique em Sim para iniciar o download.
  • Siga normalmente as instruções do programa.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:
Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#15
Biruta

Biruta

    Novato

  • Membro
  • Pip
  • 13 posts
Log gerado pelo ComboFix




ComboFix 13-02-07.01 - Rodrigo 07/02/2013 15:38:30.1.8 - x64
Executando de: c:\users\Rodrigo\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rodrigo\AppData\Roaming\msregsvv.dll
c:\windows\msvcr71.dll
c:\windows\SysWow64\hookdll.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-01-07 to 2013-02-07 ))))))))))))))))))))))))))))
.
.
2013-02-07 17:43 . 2013-02-07 17:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-07 17:43 . 2013-02-07 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-05 14:23 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F01E4622-3963-4B89-B58A-2F6D5A596CD1}\mpengine.dll
2013-01-29 15:21 . 2013-01-29 15:21 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2013-01-29 15:21 . 2013-01-29 15:21 -------- d-----w- c:\program files (x86)\Common Files\Propellerhead Software
2013-01-29 15:21 . 2006-11-06 14:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-29 15:21 . 2006-11-06 14:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-29 15:21 . 2005-12-15 22:30 1060864 ----a-w- c:\windows\SysWow64\MFC71.dll
2013-01-29 15:21 . 2013-01-29 15:32 -------- d-----w- c:\program files (x86)\Waves
2013-01-24 21:31 . 2013-01-24 21:31 -------- d-----w- C:\Temp
2013-01-24 21:28 . 2013-01-24 21:33 -------- d-----w- c:\program files (x86)\coolpro2
2013-01-19 23:11 . 2013-01-19 23:11 -------- dc-h--w- c:\programdata\{E8674DB2-4487-4238-A191-4DD8B190B0BC}
2013-01-17 18:17 . 2013-01-17 18:17 -------- d-----w- c:\windows\ERUNT
2013-01-17 18:16 . 2013-01-17 18:16 -------- d-----w- C:\JRT
2013-01-17 01:08 . 2013-01-17 01:08 -------- d-----w- C:\_OTS
2013-01-16 21:14 . 2013-01-16 21:15 -------- d-----w- C:\LinhaDefensiva
2013-01-16 21:14 . 2013-01-16 21:14 -------- d-----w- c:\users\Rodrigo\AppData\Roaming\Malwarebytes
2013-01-16 21:14 . 2013-01-16 21:14 -------- d-----w- c:\programdata\Malwarebytes
2013-01-16 21:14 . 2013-01-16 21:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-16 21:14 . 2012-12-14 18:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-16 21:13 . 2013-01-16 21:13 -------- d-----w- c:\users\Rodrigo\AppData\Local\Programs
2013-01-16 16:06 . 2013-01-16 16:06 -------- d-----w- c:\users\Rodrigo\AppData\Local\ElevatedDiagnostics
2013-01-15 19:29 . 2013-01-15 19:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-01-11 18:38 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-11 18:38 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-11 18:38 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-11 18:38 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-11 18:38 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-11 18:38 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-11 18:36 . 2012-11-30 05:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 03:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-11 19:37 . 2012-07-24 21:53 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-29 10:34 . 2013-01-07 18:22 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2013-01-07 18:22 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2013-01-07 18:22 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2013-01-07 18:22 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 10:34 . 2013-01-07 18:22 7565240 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:34 . 2013-01-07 18:22 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-29 10:34 . 2013-01-07 18:22 2904504 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:34 . 2013-01-07 18:22 26931128 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-29 10:34 . 2013-01-07 18:22 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-07 18:22 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-29 10:34 . 2013-01-07 18:22 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-29 10:34 . 2013-01-07 18:22 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:34 . 2013-01-07 18:22 9389888 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:34 . 2013-01-07 18:22 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-29 10:34 . 2013-01-07 18:22 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2013-01-07 18:22 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-29 10:34 . 2013-01-07 18:22 25256376 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:34 . 2013-01-07 18:22 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2013-01-07 18:22 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-07 18:22 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2013-01-07 18:22 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 08:40 . 2013-01-07 18:23 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2013-01-07 18:23 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2013-01-07 18:23 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2013-01-07 18:23 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2013-01-07 18:23 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2013-01-07 18:23 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 04:54 . 2012-12-29 04:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-20 22:46 . 2012-12-20 22:46 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-12-16 17:11 . 2012-12-20 22:02 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-20 22:02 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 22:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-20 22:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 16:50 . 2012-07-24 01:32 912192 ----a-w- c:\windows\PE_Rom.dll
2012-12-04 18:26 . 2013-01-01 20:29 4249197 ----a-w- c:\windows\SysWow64\WIN Installer Authorization Manager (Ver. 1.0.9 RC4).exe
2012-11-30 21:43 . 2013-01-01 20:29 8600667 ----a-w- c:\windows\SysWow64\CustomShopInstallerTR4.exe
2012-11-30 04:45 . 2013-01-11 18:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 19:20 . 2012-07-24 03:15 977728 ----a-w- c:\windows\PE_File.dll
2012-11-16 07:18 . 2012-11-16 07:18 167936 ----a-w- c:\windows\SysWow64\UAD2DriverClient.dll
2012-11-16 07:18 . 2012-11-16 07:18 1249280 ----a-w- c:\windows\SysWow64\UAD2SDK.dll
2012-11-16 07:18 . 2012-11-16 07:18 1036288 ------w- c:\windows\SysWow64\HypGui.dll
2012-11-16 07:17 . 2012-11-16 07:17 213504 ----a-w- c:\windows\system32\UAD2DriverClient.dll
2012-11-16 07:17 . 2012-11-16 07:17 1730560 ----a-w- c:\windows\system32\UAD2SDK.dll
2012-11-16 07:17 . 2012-11-16 07:17 1384960 ----a-w- c:\windows\system32\HypGui.dll
2012-11-16 07:01 . 2012-11-16 07:12 87552 ----a-w- c:\windows\system32\drivers\UAD2System.sys
2012-11-16 07:01 . 2012-11-16 07:12 46080 ----a-w- c:\windows\system32\drivers\UAD2Pcie.sys
2012-11-14 07:06 . 2012-12-14 16:55 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 16:55 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 16:55 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 16:55 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 16:55 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 16:55 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 16:55 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 16:55 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 16:55 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 16:55 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 16:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 16:55 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 16:55 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 16:55 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 16:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 16:55 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 16:55 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 16:55 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 16:55 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 16:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 16:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 16:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-12 15:00 . 2012-07-12 15:00 1490944 ----a-w- c:\program files (x86)\WaveShell-VST 9.1.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Saffire;Saffire;c:\windows\system32\Drivers\Saffire.sys [2012-03-30 222064]
R3 SaffireAudio;Saffire Audio;c:\windows\system32\drivers\SaffireAudio.sys [2012-03-30 40176]
R3 SaffireMidi;Saffire MIDI;c:\windows\system32\drivers\SaffireMidi.sys [2012-03-30 50800]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2010-10-06 179752]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-20 283200]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-08 122856]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-08 369640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 UAD2Pcie;Universal Audio UAD-2 DSP Accelerator;c:\windows\system32\DRIVERS\UAD2Pcie.sys [2012-11-16 46080]
S3 UAD2System;UAD-2 Global System Service;c:\windows\system32\DRIVERS\UAD2System.sys [2012-11-16 87552]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1571594046-1897512419-1774540078-1000Core.job
- c:\users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 01:35]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1571594046-1897512419-1774540078-1000UA.job
- c:\users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 01:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-06 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-06 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-06 439576]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 200.204.0.10 200.204.0.138 192.168.0.1
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-02-07 15:45:13
ComboFix-quarantined-files.txt 2013-02-07 17:45
.
Pré-execução: 64.199.675.904 bytes disponíveis
Pós execução: 64.145.567.744 bytes disponíveis
.
- - End Of File - - 538FF3564893D7646E824B086E5CF958




Log gerado pelo HijackThis (após o ComboFix)




Logfile of HijackThis v1.99.1
Scan saved at 15:49:16, on 07/02/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\old_chrome.exe
C:\Users\Rodrigo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

#16
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Olá,

Como está o computador?

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#17
Biruta

Biruta

    Novato

  • Membro
  • Pip
  • 13 posts
Olá
A mensagem ainda aparece ao ligá-lo.

#18
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Olá,

Tire um print screen da tela com a mensagem e me envie na sua próxima resposta.

Obs: Se você não conseguir anexar a imagem no próprio fórum, utilize o imgur

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#19
Biruta

Biruta

    Novato

  • Membro
  • Pip
  • 13 posts
Boa tarde
Segue em anexo a imagem do meu desktop com o aviso que aparece assim que ligo o computador.

Arquivo(s) anexado(s)



#20
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Faça o download do BankerFix:
http://www.linhadefe...rg/dl/bankerfix

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em Imagem Postada Executar como administrador


Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Dê dois cliques no bankerfix.exe para executá-lo.

Clique em OK na primeira e [CANCELAR] na segunda tela para impedir a execução do BankerFix.

Feito isso, vá em C:\LinhaDefensiva\ e execute o arquivo Iniciar-Bankerfix.vbs. Confirme que deseja atualizar o software e em [OK] para executar o software.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt

Em seguida:

Configure seu windows para mostrar todos os arquivos ocultos

- Acesse o site http://www.virustotal.com e envie o(s) arquivo(s) abaixo para analise.

c:\windows\SysWow64\msvcr71.dll


Informe através da URL( link ) o resultado.

Editado por killer, 16 fevereiro 2013 - 14:38.

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!