Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 15 usuários online :: 0 registrados, 0 invisíveis e 15 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Ajuda na remoção do rogue Anti-virus Security Pro
2 participantes
Página 1 de 1
Ajuda na remoção do rogue Anti-virus Security Pro
por Mr. Micro Sex 29 Nov 2013, 10:15
Olá amigos! Estou enfrentando este grave problema: este malware se instalou sozinho em meu computador e não sai. Ele é mostrado na lista de programas no "Adicionar ou Remover programas", mas pelo modo tradicional de desinstalação de programas não se consegue desinstalá-lo.Tentei iniciar o PC no Modo Seguro para removê-lo, mas não está iniciando neste modo. Pesquisando na internet, vi que a ferramenta Rkill seria boa para bloquear o rogue e assim permitir a sua exclusão. Foi o que fiz, usei o Rkill e logo depois escanei com uma verificação completa com o antivirus Avast que tenho e ele encontrou e removeu estes vírus: Win 32:Rootkit-gen (RTK); Win 32:Dofoil-Ej(Trj); Win 32:Malware-gen; JS: Agent-CFl (Expl) e Other:Malware-gen (Trj). Verifiquei também o PC com o Windows Defender e nada de errado ou perigoso foi detectado desta vez. O Ccleaner removeu mais alguns probleminhas. Em um Full Scan com o Malwarebytes, foi detectado e eliminado um Hijack.security no item
HKCU\ControlPanel\don't load\wscui.cpl.
Depois disto fiz mais um escaneamento com o avast que mandou para sua quarentena estes itens que deixo listados no anexo deste tópico.
Tentei executar o Dr. Web CureIt, mas deu erro e não consegui usá-lo.
Fiz também o escaneamento com o programa Hijackthis, e deixo o relatório dele no arquivo também em anexo neste tópico.
Outro erro que ocorre ao ligar o PC atualmente é este: O Windows não consegue localizar 4152327.exe
Mas embora tenha eliminado estes problemas acima, o falso antivirus ainda está constando na listagem de programas instalados em meu sistema operacional e gostaria de ajuda para sua remoção completa.
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Wings [In Memoriam] Sex 29 Nov 2013, 10:40
Olá Márcio
Este rogue acompanha-se do rootkit ZeroAccess.
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Farbar) e salve-o no Desktop
*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Aceite o contrato, clique [Scan] e ao término clique [OK] > [OK]
*Anexe os relatórios FRST.txt e Addition.txt criados no Desktop
Este rogue acompanha-se do rootkit ZeroAccess.
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Farbar) e salve-o no Desktop*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Aceite o contrato, clique [Scan] e ao término clique [OK] > [OK]
*Anexe os relatórios FRST.txt e Addition.txt criados no Desktop
![Wings [In Memoriam]](https://2img.net/u/1712/29/07/67/avatars/414-76.jpg)
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Mr. Micro Sex 29 Nov 2013, 22:49
Oi wings! Aqui estão os logs pedidos:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Edit: parece que os logs vieram ilegíveis, não é mesmo? Pedi para meu conhecido fazer novamente.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Edit: parece que os logs vieram ilegíveis, não é mesmo? Pedi para meu conhecido fazer novamente.
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Wings [In Memoriam] Sex 29 Nov 2013, 23:19
Baixe o arquivo fixlist.txt e salve-o na mesma pasta onde encontra-se o FRST*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Fix] e anexe o relatório Fixlog.txt criado no Desktop
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Farbar) e salve-o no Desktop (Área de Trabalho)*Execute-o, selecione todas as opções e clique [Scan]
*Anexe o relatório FSS.txt localizado no Desktop
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Mr. Micro Sáb 30 Nov 2013, 23:44
Muito obrigado mesmo, Wings! O famigerado "Antivirus Security Pro" finalmente sumiu da lista de programas instalados no computador do meu conhecido após estes procedimentos que você indicou.Mas ainda aparece esta uma mensagem afirmando que "O Windows não consegue localizar 4152327.exe, certifique-se de que escreveu o nome corretamente e em seguida tente de novo" sempre que ele inicia o sistema operacional.
E em anexo a esta postagem deixo os logs juntos num só arquivo porque eram pequenos os logs.
Fico no aguardo das próximas instruções.
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Wings [In Memoriam] Dom 01 Dez 2013, 12:13
Baixe o arquivo fixlist.txt e salve-o na mesma pasta onde encontra-se o FRST[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Fix] e cole o relatório Fixlog.txt criado no Desktop
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de OldTimer) e salve-o no Desktop (Área de Trabalho)*Clique com o botão direito do mouse no OTL e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Selecione:
Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity
*Clique [Verificar] e aguarde o término
*Anexe os relatórios OTL.txt e Extras.txt criados no Desktop (Área de Trabalho)
Acesse [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]*Clique [Selecionar arquivo...]
*Localize o relatório OTL.txt criado no Desktop, e clique [Abrir]
*Selecione 4 jours e clique [Créer le lien Cjoint]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Copie e cole o link criado ao lado de Le lien a été créé:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Repita o procedimento para o relatório Extras.txt e cole o link
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Mr. Micro Dom 01 Dez 2013, 21:59
Log do OTL: OTL logfile created on: 01-12-2013 21:40:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rui david\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy
3,48 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 62,67% Memory free
6,95 Gb Paging File | 5,42 Gb Available in Paging File | 77,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,81 Gb Total Space | 338,24 Gb Free Space | 76,73% Space Free | Partition Type: NTFS
Drive D: | 20,79 Gb Total Space | 2,22 Gb Free Space | 10,69% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,23% Space Free | Partition Type: FAT32
Drive G: | 25,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: RUIDAVID007-HP | User Name: rui david | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013-12-01 21:20:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rui david\Desktop\OTL.exe
PRC - [2013-11-18 15:49:50 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2013-11-18 15:49:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-09-03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-06-26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013-06-26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013-02-23 16:45:31 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012-11-29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012-11-11 10:57:18 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Kanguru\Kanguru.exe
PRC - [2012-08-10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012-03-05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012-03-05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011-10-08 02:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011-09-28 15:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011-08-19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010-11-25 18:31:24 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\Sapo Internet Móvel\AssistantServices.exe
PRC - [2010-11-25 18:31:24 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Sapo Internet Móvel\UIExec.exe
PRC - [2010-04-23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010-04-23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010-02-28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2007-10-17 12:06:08 | 003,788,800 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\VMCLite\VMC.exe
PRC - [2007-10-17 12:05:07 | 001,478,656 | R--- | M] (Vodafone) -- G:\PhoneConnectorVMC.exe
PRC - [2007-03-29 14:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
========== Modules (No Company Name) ==========
MOD - [2013-11-18 15:49:53 | 019,336,120 | ---- | M] () -- C:\Programas\AVAST Software\Avast\libcef.dll
MOD - [2013-07-16 17:29:45 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012-11-11 10:57:18 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Kanguru\Kanguru.exe
MOD - [2010-11-25 18:31:24 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\Sapo Internet Móvel\UIExec.exe
MOD - [2010-02-28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009-09-29 11:50:58 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Kanguru\DeviceMgrUIPlugin.dll
MOD - [2009-09-19 11:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Kanguru\NetInfoPlugin.dll
MOD - [2009-08-29 16:18:34 | 000,888,832 | ---- | M] () -- C:\Program Files (x86)\Kanguru\NDISAPI.dll
MOD - [2009-07-30 22:01:08 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Kanguru\DeviceMgrPlugin.dll
MOD - [2009-06-19 15:20:04 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Kanguru\LocaleMgrPlugin.dll
MOD - [2009-06-19 15:18:22 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Kanguru\NotifyServicePlugin.dll
MOD - [2009-06-19 15:16:12 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Kanguru\ConfigFilePlugin.dll
MOD - [2009-06-19 15:09:52 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kanguru\DialUpPlugin.dll
MOD - [2009-05-23 11:02:32 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\Kanguru\XCodec.dll
MOD - [2009-05-23 11:02:30 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\Kanguru\DeviceOperate.dll
MOD - [2009-05-23 11:02:28 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Kanguru\DetectDev.dll
MOD - [2009-05-23 11:02:24 | 000,557,056 | R--- | M] () -- C:\Program Files (x86)\Kanguru\atcomm.dll
MOD - [2007-08-23 16:39:30 | 000,014,848 | R--- | M] () -- C:\Program Files (x86)\Kanguru\isaputrace.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013-11-19 10:51:38 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2011-09-29 02:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-09-28 06:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013-11-26 16:03:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-11-18 15:49:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013-09-11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013-09-05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-09-03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-06-26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013-06-26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012-11-29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012-09-27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012-08-10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012-03-05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011-06-29 01:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011-05-27 19:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programas\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011-03-28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010-11-25 18:31:24 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sapo Internet Móvel\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010-10-12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010-10-11 01:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programas\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010-09-22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010-01-09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013-11-18 15:49:56 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-11-18 15:49:56 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013-11-18 15:49:56 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013-11-18 15:49:56 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013-11-18 15:49:56 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-11-18 15:49:56 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-11-18 15:49:56 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013-11-18 15:49:55 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013-06-26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013-06-26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013-06-26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013-06-26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013-06-08 16:23:23 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2012-08-23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-08-23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-08-23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-03-01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-23 20:44:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-10-23 20:44:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-10-14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011-09-29 02:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-09-29 01:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-08-18 12:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011-06-17 11:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011-06-17 11:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-05-31 00:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011-05-27 19:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011-03-30 22:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-11-21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-07-28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009-10-29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009-10-29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009-10-29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009-10-29 18:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009-09-10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009-07-24 15:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009-06-10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009-06-10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009-06-10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 20:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE:64bit: - HKLM\..\SearchScopes\{E25B6008-B18C-4BEF-B3A7-BE76DB94D4FD}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\..\SearchScopes\{E25B6008-B18C-4BEF-B3A7-BE76DB94D4FD}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013-02-23 16:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-02-23 16:46:00 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\rui david\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: avast! Online Security = C:\Users\rui david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: RealDownloader = C:\Users\rui david\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Google Wallet = C:\Users\rui david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
O1 HOSTS File: ([2009-06-10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programas\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Programas\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programas\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\7733c6a3-2276-4081-9dad-b6a0b878dcdf.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Sapo Internet Móvel\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found
O4 - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001..\Run: [Mobile Partner] C:\Program Files (x86)\Kanguru\Kanguru.exe ()
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\rui david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55769330.lnk = C:\Users\rui david\AppData\Local\Temp\_uninst_55769330.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD18899-5862-4936-84EC-FEC1A47639A6}: DhcpNameServer = 192.168.3.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programas\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programas\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-10-17 12:03:23 | 000,000,095 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013-12-01 21:23:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rui david\Desktop\OTL.exe
[2013-11-30 13:39:57 | 000,000,000 | ---D | C] -- C:\Users\rui david\Desktop\pasta farbar
[2013-11-29 23:11:13 | 000,000,000 | ---D | C] -- C:\FRST
[2013-11-28 01:32:48 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013-11-28 01:32:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-11-28 01:19:29 | 000,000,000 | ---D | C] -- C:\Users\rui david\Desktop\relatorios braga
[2013-11-27 19:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013-11-27 19:21:37 | 000,000,000 | ---D | C] -- C:\Users\rui david\Desktop\rkill
[2013-11-27 18:47:20 | 000,000,000 | ---D | C] -- C:\Users\rui david\Doctor Web
[2013-11-26 23:39:51 | 000,000,000 | ---D | C] -- C:\Users\rui david\AppData\Roaming\Malwarebytes
[2013-11-26 23:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-11-26 23:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-11-26 23:39:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-11-26 23:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013-11-26 16:03:23 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-11-26 16:03:23 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-11-19 10:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013-11-19 10:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013-11-19 10:04:03 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013-11-19 10:03:55 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-11-19 10:03:55 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-11-19 10:03:55 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-11-19 10:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013-11-19 10:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013-11-18 15:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013-11-18 15:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-11-18 15:50:46 | 000,000,000 | ---D | C] -- C:\Users\rui david\AppData\Roaming\AVAST Software
[2013-11-18 15:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013-11-18 15:50:00 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013-11-18 15:50:00 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013-11-18 15:50:00 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013-11-18 15:50:00 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013-11-18 15:50:00 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013-11-18 15:49:59 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013-11-18 15:49:58 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013-11-18 15:49:54 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-11-18 15:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013-11-18 15:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013-11-07 01:05:31 | 000,000,000 | ---D | C] -- C:\Users\rui david\AppData\Local\{498258D5-F780-4C8F-8847-88869ECEF8D6}
[2013-11-07 01:03:17 | 000,000,000 | R--D | C] -- C:\Users\rui david\Documents\Scanned Documents
[2013-11-07 01:03:17 | 000,000,000 | ---D | C] -- C:\Users\rui david\Documents\Fax
========== Files - Modified Within 30 Days ==========
[2013-12-01 21:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-12-01 21:39:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-12-01 21:20:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rui david\Desktop\OTL.exe
[2013-12-01 21:14:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-12-01 13:11:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-12-01 13:11:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-12-01 13:05:06 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-12-01 13:04:31 | 2800,803,840 | -HS- | M] () -- C:\hiberfil.sys
[2013-12-01 00:42:06 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForrui david.job
[2013-11-30 10:37:38 | 001,657,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-11-30 10:37:38 | 000,721,598 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013-11-30 10:37:38 | 000,654,916 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-11-30 10:37:38 | 000,153,292 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013-11-30 10:37:38 | 000,122,530 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-11-28 01:35:21 | 001,623,626 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-11-28 01:07:53 | 000,001,304 | ---- | M] () -- C:\Users\rui david\Desktop\Notepad.lnk
[2013-11-27 19:38:33 | 000,001,020 | ---- | M] () -- C:\Users\rui david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55769330.lnk
[2013-11-27 19:37:30 | 133,312,888 | ---- | M] () -- C:\Users\rui david\Desktop\braga.com
[2013-11-26 23:39:25 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-11-26 23:28:26 | 000,000,590 | ---- | M] () -- C:\Users\rui david\Documents\cc_20131126_232757.reg
[2013-11-26 16:03:23 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-11-26 16:03:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-11-25 22:47:13 | 002,146,213 | ---- | M] () -- C:\Users\rui david\Desktop\MANUAL instrucoes AVAST.pdf
[2013-11-21 20:16:45 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013-11-19 10:51:42 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-11-19 10:51:39 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013-11-19 10:03:49 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-11-19 10:03:46 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013-11-19 10:03:46 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-11-19 10:03:45 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-11-18 16:58:30 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013-11-18 15:57:32 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-11-18 15:50:25 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-11-18 15:49:56 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013-11-18 15:49:56 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013-11-18 15:49:56 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013-11-18 15:49:56 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-11-18 15:49:56 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013-11-18 15:49:56 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-11-18 15:49:56 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013-11-18 15:49:56 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013-11-18 15:49:55 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013-11-18 15:49:54 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-11-16 10:45:39 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ==========
[2013-11-28 01:07:53 | 000,001,304 | ---- | C] () -- C:\Users\rui david\Desktop\Notepad.lnk
[2013-11-27 19:38:33 | 000,001,020 | ---- | C] () -- C:\Users\rui david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55769330.lnk
[2013-11-27 19:31:54 | 133,312,888 | ---- | C] () -- C:\Users\rui david\Desktop\braga.com
[2013-11-26 23:39:25 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-11-26 23:28:07 | 000,000,590 | ---- | C] () -- C:\Users\rui david\Documents\cc_20131126_232757.reg
[2013-11-26 16:03:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-11-25 22:47:12 | 002,146,213 | ---- | C] () -- C:\Users\rui david\Desktop\MANUAL instrucoes AVAST.pdf
[2013-11-19 10:51:42 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-11-19 10:51:39 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013-11-18 15:57:32 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-11-18 15:50:25 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-11-18 15:50:00 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-11-18 15:50:00 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-01-20 20:11:06 | 000,013,209 | ---- | C] () -- C:\Users\rui david\leva-me pela mao.wlmp
[2013-01-20 18:28:26 | 000,019,609 | ---- | C] () -- C:\Users\rui david\entardecer imagens menos.wlmp
[2013-01-20 02:36:38 | 000,027,933 | ---- | C] () -- C:\Users\rui david\entardecer imagens.wlmp
[2013-01-19 01:43:44 | 000,015,465 | ---- | C] () -- C:\Users\rui david\piano e palavra EDIT2.wlmp
[2013-01-18 22:57:22 | 016,617,429 | ---- | C] () -- C:\Users\rui david\o piano e a palavra.wmv
[2013-01-18 14:14:26 | 006,054,209 | ---- | C] () -- C:\Users\rui david\yourprezi.pdf
[2013-01-10 18:23:18 | 003,766,634 | ---- | C] () -- C:\Users\rui david\livro-ebook-antologia-de-poesia-crista-em-lingua-portuguesa.pdf
[2012-12-13 15:54:55 | 000,880,709 | ---- | C] () -- C:\Users\rui david\certificado habilitacoes.JPG
[2012-10-14 22:59:14 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012-10-14 22:59:14 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012-01-20 01:06:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-01-20 01:03:41 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012-01-20 00:59:01 | 001,623,626 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-01-20 00:47:55 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
========== ZeroAccess Check ==========
[2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013-11-18 15:50:46 | 000,000,000 | ---D | M] -- C:\Users\rui david\AppData\Roaming\AVAST Software
[2013-11-18 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\rui david\AppData\Roaming\SoftGrid Client
[2012-08-31 15:50:13 | 000,000,000 | ---D | M] -- C:\Users\rui david\AppData\Roaming\Synaptics
[2012-09-05 14:43:38 | 000,000,000 | ---D | M] -- C:\Users\rui david\AppData\Roaming\TP
[2012-11-17 19:01:46 | 000,000,000 | ---D | M] -- C:\Users\rui david\AppData\Roaming\Windows Live Writer
[2012-11-14 21:44:08 | 000,000,000 | ---D | M] -- C:\Users\rui david\AppData\Roaming\_MDLogs
========== Purity Check ==========
< End of report >
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Mr. Micro Dom 01 Dez 2013, 22:00
Extras do OTL:OTL Extras logfile created on: 01-12-2013 21:40:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rui david\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy
3,48 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 62,67% Memory free
6,95 Gb Paging File | 5,42 Gb Available in Paging File | 77,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440,81 Gb Total Space | 338,24 Gb Free Space | 76,73% Space Free | Partition Type: NTFS
Drive D: | 20,79 Gb Total Space | 2,22 Gb Free Space | 10,69% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,23% Space Free | Partition Type: FAT32
Drive G: | 25,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: RUIDAVID007-HP | User Name: rui david | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1732156681-2872885034-3628010698-1001\SOFTWARE\Classes\
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FDA21C-35AE-4F79-A886-F30B27370A3E}" = lport=137 | protocol=17 | dir=in | app=system |
"{271820FE-B877-43B5-8458-F1D3CAFEAC65}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{54DA599E-401F-448B-A4A5-DAF60572E6C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{5AC8F7A9-5A08-44EF-93D6-C4BFBE7158D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E1385A8-C28C-4721-A225-7D11C28E3D71}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{72AE6A65-D35F-415D-9AF9-644C6EE40B50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8ACCF582-2908-4597-A9D3-0A9B57AC19E2}" = rport=445 | protocol=6 | dir=out | app=system |
"{B125A330-58CF-410E-B362-534B5B67731F}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF99FB0D-332F-4B5A-9C64-006533B6673E}" = rport=137 | protocol=17 | dir=out | app=system |
"{CA259BD2-22EB-4658-BDD5-B3479C21DBB1}" = rport=138 | protocol=17 | dir=out | app=system |
"{CCA656C1-E4A1-4E7E-8E06-88F09C6430D3}" = lport=139 | protocol=6 | dir=in | app=system |
"{EBDA274C-BB0E-43E7-AA11-3C5A913F5D82}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE434FA3-8CAF-4D9F-BC7D-3706EFEE6BD7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F6FC90E8-0860-4297-8515-02CD3F10A0ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A866FF9-97A3-44C0-94E6-9D51FF2CD31A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2149A3D6-1A5F-4868-A7C8-C57618719607}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{24FE6B38-53CE-4A2F-B872-F3F175ACCEF7}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{4E114782-BD60-474A-8D65-ABE6439521F1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7042158B-B8E1-460D-AEC2-5D142392DD6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79E1D28E-22ED-4A7D-9FD2-2F2EAFE035F8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7C66D3AF-4DF0-4D78-9E32-448D3FF42CBA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9C534F8B-FF83-4990-929E-EA991580D0A9}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{9E91CB05-3008-4EFE-BA1E-ABDDEEE0880F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ABD9F9E7-B25F-4937-89BA-FC59385E687E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AF6BE49D-4A2A-437A-8D54-81212826F7EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA82184E-9DC7-4C15-852B-A44660CF0DE9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DA260127-9166-47CB-887F-FB039F90628A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E3EC93B0-7F4A-4332-B8F8-1A7636421B50}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E93A226E-5C82-48BC-8A8E-5A23D7885458}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2CE4E02-C53F-4094-AB49-98E5901A0630}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{F7F59BBC-6512-46F9-916F-48C60F3F2C02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{E7FB8CDF-D89F-45CB-AC04-5EA9C199449C}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{8DEEC23C-48F2-4775-B7F4-6BF38ED4DDD8}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2FD3DC87-EC8D-78D2-1D3A-F4D6E7531BAF}" = AMD Fuel
"{45726347-6D97-4613-9F89-A9635ACBD34D}" = AMD Media Foundation Decoders
"{45E3D837-4855-7F41-A22E-D1D0AEA71EF8}" = AMD Steady Video Plug-In
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0816-1000-0000000FF1CE}" = Microsoft Office Clique-e-Use 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{ACD449FA-9DF3-779D-DA68-11D486963225}" = AMD Catalyst Install Manager
"{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box
"{BF92729B-1505-55D8-DAD4-4727CDB02FF6}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0535D679-6FFB-2CAB-F7FF-7B05D6D6CAB5}" = CCC Help Chinese Standard
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{16F1B95A-F813-7600-EFA5-A97CB11222BC}" = CCC Help French
"{17A5CB1F-712A-41D2-FBBB-4A881EBA9B17}" = CCC Help Polish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20DBF540-DF10-0A5C-7443-F139A84CC1F5}" = CCC Help Dutch
"{21CC6030-B1EA-3E53-DF36-38054A1596B4}" = CCC Help Turkish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29819186-C15B-D50E-AB2E-8C24E2619273}" = CCC Help Portuguese
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{314F8264-25FB-C833-1017-3A0E0846112C}" = CCC Help Hungarian
"{3167966F-9811-30EF-6093-B7B95E2F19B7}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{346DAD45-38D4-B63C-C372-1E2BC136DE69}" = CCC Help Finnish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3A83B36C-17B9-4832-445A-7A9DF377BB12}" = CCC Help Swedish
"{3D5C7E0E-AEC0-40EB-99D3-C40469738040}" = HP Documentation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype
6.9"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58A2F6F8-6009-CC35-2A83-DB5F922003DE}" = CCC Help Czech
"{5E21F3A1-9E84-DC22-1C62-0DB056EC7344}" = CCC Help Japanese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}" = AMD System Monitor
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{81C9D048-B677-3CDD-7E20-3AF8DBFC4A0A}" = Catalyst Control Center Localization All
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{870163D1-4D3A-198C-5414-889F1F4347AE}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0816-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Português
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93335AAC-9F8B-54DF-7DB5-2C98D0DC2111}" = CCC Help Chinese Traditional
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Sapo Internet Móvel
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.
MUI"{AD0AAA4D-9A81-8B10-EB28-3C1372987DE7}" = CCC Help Italian
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B4941A47-F4B7-4782-BADB-76C5D39D9026}" = HP Software Framework
"{B4F17D6A-12A3-5403-6050-32A5B4A31F31}" = Catalyst Control Center InstallProxy
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C55C2A19-BAD2-287A-1D7A-9D5FF5FD526E}" = AMD VISION Engine Control Center
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46914D5-CA39-1A40-3CEC-9368E9C28568}" = CCC Help Greek
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEA477E5-F916-973D-E1AB-3CDC735FDB58}" = CCC Help Norwegian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA0E4DD2-7CD7-9583-0BE6-AFF3DF09E3E4}" = CCC Help Thai
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0A76517-2D1D-8DE3-F3B7-121B6A1990E8}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F35C5FE9-57EC-9936-5738-D7EB3EA73B28}" = CCC Help Spanish
"{F4708461-A1E0-0657-1FC6-FACFEEA55CBE}" = CCC Help Russian
"{F4EB5AE1-0065-0752-FF11-1E45ABCD443A}" = CCC Help Danish
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{FC2150C5-A1AF-6238-9632-E5BB8739C0BC}" = CCC Help German
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avast" = avast! Free Antivirus
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Kanguru" = Kanguru
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Clique-e-Use 2010
"RealPlayer 16.0" = RealPlayer
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WTA-028d8d5f-7bb7-46bc-9587-db384d123dfd" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-0434c681-7b0f-4656-9fd5-54e4f728c282" = Zuma's Revenge
"WTA-17fd9ac7-49f8-4c01-a2ab-55f40c2eeef7" = John Deere Drive Green
"WTA-20252042-706a-423e-bd88-6cf29dbded04" = Penguins!
"WTA-255faf3d-1c07-471a-8fec-1b405354c6e5" = RollerCoaster Tycoon 3: Platinum
"WTA-2ead2fba-95c7-46d1-af6f-c99ce9da8d13" = Torchlight
"WTA-3e0d8f93-043e-4617-b469-6297ec7d0307" = Mah Jong Medley
"WTA-43c25e9e-c7d1-42d3-95c4-cf38f952119a" = Luxor HD
"WTA-49f6d603-c6a7-425f-b87f-6235f42e52b1" = Cradle of Rome 2
"WTA-4c3ca5d1-88a9-4298-a97b-b8e55916d632" = FATE
"WTA-4d072103-c335-4c42-a127-60e7a7b477c1" = Virtual Villagers 4 - The Tree of Life
"WTA-5ac7f5bd-0102-4455-a1f4-650f767db5ad" = Polar Bowler
"WTA-5c261c15-c7bf-445e-b25c-c866f9544d95" = Bejeweled 3
"WTA-614e074c-28f6-49ec-8d67-898701b29899" = Hoyle Card Games
"WTA-78982157-9057-41ea-b147-48e9a9995163" = Farm Frenzy
"WTA-82903408-47e5-4f63-9b66-ea6cf138ac8c" = Dora's World Adventure
"WTA-98a1f13d-5f30-47a9-9723-6393350b4581" = Farmscapes
"WTA-b5bd7491-a400-4135-a025-e2141a4ee841" = Plants vs. Zombies - Game of the Year
"WTA-cb9379af-cbd0-41f2-ba92-a1836b355a4c" = Jewel Match 3
"WTA-ccda56b7-a66b-4d5b-8c0a-ca1b5572ec84" = Polar Golfer
"WTA-d0f1b254-3251-42d4-bd4e-6d08a33fee7b" = Poker Superstars III
"WTA-debc8ff9-feaf-42ff-9f43-9b59f3a6664c" = Blackhawk Striker 2
"WTA-ed34177c-af02-441c-9f47-cbba8b0d16f8" = The Treasures of Mystery Island: The Ghost Ship
"WTA-ee3e06cb-3a73-4544-89cd-dafa33faacdc" = Letters from Nowhere 2
"WTA-f2028140-6f23-43b7-b816-79e518610e6b" = Chuzzle Deluxe
"WTA-f6086d0b-b83b-47d6-9610-c693e4e925d5" = Final Drive Fury
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1732156681-2872885034-3628010698-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26-04-2013 12:56:11 | Computer Name = ruidavid007-HP | Source = WinMgmt | ID = 10
Description =
Error - 27-04-2013 06:55:53 | Computer Name = ruidavid007-HP | Source = WinMgmt | ID = 10
Description =
Error - 27-04-2013 07:19:55 | Computer Name = ruidavid007-HP | Source = CVHSVC | ID = 100
Description = Apenas informações. (Patch task for {90140011-0066-0816-0000-0000000FF1CE}):
DownloadLatest Failed: O tempo limite da operação foi excedido
Error - 28-04-2013 06:18:07 | Computer Name = ruidavid007-HP | Source = WinMgmt | ID = 10
Description =
Error - 28-04-2013 07:16:55 | Computer Name = ruidavid007-HP | Source = Application Hang | ID = 1002
Description = O programa IEXPLORE.EXE versão 10.0.9200.16537 deixou de interagir
com o Windows e foi fechado. Para verificar se existem mais informações disponíveis
sobre o problema, consulte o histórico de problemas no painel de controlo do Centro
de Acção. ID do Processo: 518 Hora de Início: 01ce43ff2a994687 Hora de Fim: 92 Caminho
da Aplicação: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ID do Relatório:
Error - 28-04-2013 07:59:25 | Computer Name = ruidavid007-HP | Source = Application Error | ID = 1000
Description = Nome da aplicação com falha: IEXPLORE.EXE, versão: 10.0.9200.16537,
carimbo de data/hora: 0x512347f7 Nome do módulo com falha: Flash32_11_5_502_146.ocx,
versão: 11.5.502.146, carimbo de data/hora: 0x50cfc10e Código de excepção: 0xc0000005
Desvio
de falha: 0x0068ad8c ID do processo com falha: 0xa2c Data/hora de início da aplicação
com falha: 0x01ce4401eb3863bc Caminho da aplicação com falha: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Caminho do módulo com falha: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_146.ocx
ID
do Relatório: 118846cf-affb-11e2-9553-80c16e4d0fea
Error - 28-04-2013 08:27:53 | Computer Name = ruidavid007-HP | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Não
foi possível localizar a Assemblagem Dependente rpshellextension.1.0,language="*",type="win32",version="1.0.0.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
Error - 29-04-2013 06:31:40 | Computer Name = ruidavid007-HP | Source = WinMgmt | ID = 10
Description =
Error - 29-04-2013 06:33:56 | Computer Name = ruidavid007-HP | Source = RasClient | ID = 20227
Description =
Error - 30-04-2013 05:11:04 | Computer Name = ruidavid007-HP | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 27-10-2012 09:44:32 | Computer Name = ruidavid007-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
em HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
em HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
O objecto '/97fee848_76ee_4acc_bba4_9c7866dd7750/d0z2eeatiilf_zoullzb8+_y_5.rem'
foi desligado ou não existe no servidor. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
pt-PT RAM: 3561 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)
Error - 03-11-2012 13:35:35 | Computer Name = ruidavid007-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
em HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
em HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
O objecto '/445e7eb9_895a_403a_8525_ce4097b6864d/kucwb7eaifgocwrticrxi4kq_5.rem'
foi desligado ou não existe no servidor. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
pt-PT RAM: 3561 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)
Error - 10-11-2012 13:06:30 | Computer Name = ruidavid007-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
em HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) em HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
em HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
O objecto '/740d751f_8e35_47bd_a6d6_ee49d775c01e/f668sn+81iy_newbp7blix5h_5.rem'
foi desligado ou não existe no servidor. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
pt-PT RAM: 3561 Ram Utilization: TargetSite: Void UpdateDetail(System.String)
Error - 17-11-2012 10:53:12 | Computer Name = ruidavid007-HP | Source = HPSF.exe | ID = 4000
Description =
[ HP Software Framework Events ]
Error - 31-08-2012 11:46:13 | Computer Name = ruidavid007-HP | Source = CaslWmi | ID = 5
Description = 2012-08-31 16:46:13.390|00000B14|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 31-08-2012 11:50:23 | Computer Name = ruidavid007-HP | Source = CaslWmi | ID = 5
Description = 2012-08-31 16:50:23.757|00000F58|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 02-09-2012 15:14:29 | Computer Name = ruidavid007-HP | Source = CaslWmi | ID = 5
Description = 2012-09-02 20:14:29.346|000012BC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 02-09-2012 15:15:41 | Computer Name = ruidavid007-HP | Source = CaslWmi | ID = 5
Description = 2012-09-02 20:15:41.833|000011FC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 02-09-2012 15:15:44 | Computer Name = ruidavid007-HP | Source = CaslWmi | ID = 5
Description = 2012-09-02 20:15:44.929|000001C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 05-09-2012 12:47:07 | Computer Name = ruidavid007-HP | Source = CaslWmi | ID = 5
Description = 2012-09-05 17:47:07.596|000012B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 07-09-2012 10:22:42 | Computer Name = ruidavid007-HP | Source = CaslWmi | ID = 5
Description = 2012-09-07 15:22:42.187|000000C0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 08-09-2012 10:50:26 | Computer Name = ruidavid007-HP | Source = CaslWmi | ID = 5
Description = 2012-09-08 15:50:26.925|00000DDC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 08-09-2012 10:52:01 | Computer Name = ruidavid007-HP | Source = CaslWmi | ID = 5
Description = 2012-09-08 15:52:01.616|000014C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 08-09-2012 10:52:06 | Computer Name = ruidavid007-HP | Source = CaslWmi | ID = 5
Description = 2012-09-08 15:52:06.039|00001638|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ Media Center Events ]
Error - 30-03-2013 07:52:56 | Computer Name = ruidavid007-HP | Source = MCUpdate | ID = 0
Description = 11:52:56 - Erro ao ligar à Internet. 11:52:56 - Não é possível
contactar o servidor..
Error - 30-03-2013 10:36:11 | Computer Name = ruidavid007-HP | Source = MCUpdate | ID = 0
Description = 14:36:10 - Erro ao ligar à Internet. 14:36:10 - Não é possível
contactar o servidor..
Error - 06-11-2013 21:09:43 | Computer Name = ruidavid007-HP | Source = MCUpdate | ID = 0
Description = 01:09:43 - Erro ao ligar à Internet. 01:09:43 - Não é possível
contactar o servidor..
Error - 06-11-2013 21:09:50 | Computer Name = ruidavid007-HP | Source = MCUpdate | ID = 0
Description = 01:09:48 - Erro ao ligar à Internet. 01:09:48 - Não é possível
contactar o servidor..
Error - 07-11-2013 05:03:36 | Computer Name = ruidavid007-HP | Source = MCUpdate | ID = 0
Description = 09:03:36 - Erro ao ligar à Internet. 09:03:36 - Não é possível
contactar o servidor..
Error - 07-11-2013 06:03:41 | Computer Name = ruidavid007-HP | Source = MCUpdate | ID = 0
Description = 10:03:41 - Erro ao ligar à Internet. 10:03:41 - Não é possível
contactar o servidor..
Error - 27-11-2013 07:48:53 | Computer Name = ruidavid007-HP | Source = MCUpdate | ID = 0
Description = 11:48:53 - Erro ao ligar à Internet. 11:48:53 - Não é possível
contactar o servidor..
Error - 27-11-2013 08:48:58 | Computer Name = ruidavid007-HP | Source = MCUpdate | ID = 0
Description = 12:48:58 - Erro ao ligar à Internet. 12:48:58 - Não é possível
contactar o servidor..
Error - 27-11-2013 10:32:50 | Computer Name = ruidavid007-HP | Source = MCUpdate | ID = 0
Description = 14:32:50 - Erro ao ligar à Internet. 14:32:50 - Não é possível
contactar o servidor..
Error - 27-11-2013 11:32:56 | Computer Name = ruidavid007-HP | Source = MCUpdate | ID = 0
Description = 15:32:56 - Erro ao ligar à Internet. 15:32:56 - Não é possível
contactar o servidor..
[ System Events ]
Error - 29-11-2013 14:54:47 | Computer Name = ruidavid007-HP | Source = Schannel | ID = 36888
Description = Foi gerado o seguinte alerta fatal: 40. O estado de erro interno é
252.
Error - 29-11-2013 20:41:08 | Computer Name = ruidavid007-HP | Source = volsnap | ID = 393252
Description = As cópias sombra do volume C: foram abortadas porque não foi possível
aumentar o armazenamento de cópias sombra devido a um limite imposto pelo utilizador.
Error - 30-11-2013 06:31:24 | Computer Name = ruidavid007-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Falha ao iniciar do Módulo de Extensibilidade WLAN. Caminho do Módulo:
C:\Windows\system32\Rtlihvs.dll Código de Erro: 126
Error - 30-11-2013 06:35:37 | Computer Name = ruidavid007-HP | Source = Server | ID = 2505
Description = O servidor não conseguiu efectuar o enlace ao transporte \Device\NetBT_Tcpip_{BBB6F566-4E8D-4652-AB4B-0A3F6C975651}
porque existe outro computador na rede com o mesmo nome. O servidor não pode ser
iniciado.
Error - 30-11-2013 20:42:05 | Computer Name = ruidavid007-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Falha ao iniciar do Módulo de Extensibilidade WLAN. Caminho do Módulo:
C:\Windows\system32\Rtlihvs.dll Código de Erro: 126
Error - 30-11-2013 20:48:19 | Computer Name = ruidavid007-HP | Source = Server | ID = 2505
Description = O servidor não conseguiu efectuar o enlace ao transporte \Device\NetBT_Tcpip_{BBB6F566-4E8D-4652-AB4B-0A3F6C975651}
porque existe outro computador na rede com o mesmo nome. O servidor não pode ser
iniciado.
Error - 01-12-2013 06:46:32 | Computer Name = ruidavid007-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Falha ao iniciar do Módulo de Extensibilidade WLAN. Caminho do Módulo:
C:\Windows\system32\Rtlihvs.dll Código de Erro: 126
Error - 01-12-2013 06:47:29 | Computer Name = ruidavid007-HP | Source = Service Control Manager | ID = 7011
Description = Foi atingido o tempo limite (30000 milissegundos) ao aguardar por
uma resposta de transacção por parte do serviço HPWMISVC.
Error - 01-12-2013 06:50:50 | Computer Name = ruidavid007-HP | Source = Server | ID = 2505
Description = O servidor não conseguiu efectuar o enlace ao transporte \Device\NetBT_Tcpip_{BBB6F566-4E8D-4652-AB4B-0A3F6C975651}
porque existe outro computador na rede com o mesmo nome. O servidor não pode ser
iniciado.
Error - 01-12-2013 09:04:45 | Computer Name = ruidavid007-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Falha ao iniciar do Módulo de Extensibilidade WLAN. Caminho do Módulo:
C:\Windows\system32\Rtlihvs.dll Código de Erro: 126
< End of report >
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Wings [In Memoriam] Dom 01 Dez 2013, 22:15
Execute o OTL, copie e cole as linhas em marrom no espaço abaixo de Exames Personalizados/Correções:OTL
O4 - HKU\S-1-5-21-1732156681-2872885034-3628010698-1001..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found
O4 - Startup: C:\Users\rui david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55769330.lnk = C:\Users\rui david\AppData\Local\Temp\_uninst_55769330.bat ()
[2013-11-27 19:38:33 | 000,001,020 | ---- | M] () -- C:\Users\rui david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55769330.lnk
:Commands
[emptytemp]
*Clique [Consertar]
*Clique [OK] para reiniciar o PC
*Ao reiniciar, caso o UAC esteja ativado, surgirá uma janela de Aviso de Segurança do Windows perguntando se deseja executar o OTL. Clique [Executar]
*Cole o relatório C:\_OTL\MovedFiles\mêsdiaano_horaminutossegundos.log
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Mr. Micro Seg 02 Dez 2013, 22:44
Oi Wings! Aqui está o log que você pediu:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Obrigado!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Obrigado!
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Wings [In Memoriam] Seg 02 Dez 2013, 22:53
Como está o PC?
Caso esteja tudo OK...
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)
*Execute-o, deixe selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Run] e feche o relatório apresentado
Delete o DelFix e o arquivo C:\DelFix.txt
Caso esteja tudo OK...
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)*Execute-o, deixe selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Run] e feche o relatório apresentado
Delete o DelFix e o arquivo C:\DelFix.txt
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Mr. Micro Qua 04 Dez 2013, 10:21
O PC ficou ótimo agora, o problema foi resolvido. Muito obrigado mesmo!
Aqui está o log do DelFix:# DelFix v10.6 - Logfile created 03/12/2013 at 22:22:14
# Updated 11/11/2013 by Xplode
# Username : rui david - RUIDAVID007-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\Users\rui david\Desktop\rkill
Deleted : C:\Users\rui david\Desktop\Fixlog.txt
Deleted : C:\Users\rui david\Desktop\FSS.txt
Deleted : C:\Users\rui david\Desktop\OTL.exe
Deleted : C:\Users\rui david\Desktop\Rkill.txt
Deleted : C:\Users\rui david\Downloads\Addition.txt
Deleted : C:\Users\rui david\Downloads\Fixlog.txt
Deleted : C:\Users\rui david\Downloads\FRST.txt
Deleted : C:\Users\rui david\Downloads\FSS.exe
Deleted : C:\Users\rui david\Downloads\FSS.txt
Deleted : C:\Users\rui david\Downloads\HijackThis.exe
Deleted : C:\Users\rui david\Downloads\hijackthis.log
Deleted : C:\Users\rui david\Downloads\OTL.exe
Deleted : C:\Users\rui david\Downloads\rkill (1).com
Deleted : C:\Users\rui david\Downloads\rkill.com
Deleted : HKLM\SOFTWARE\OldTimer Tools
~ Cleaning system restore ...
Deleted : RP #157 [Cópia de Segurança do Windows | 11/30/2013 19:00:08]
Deleted : RP #158 [Windows Update | 12/03/2013 10:57:35]
New restore point created !
########## - EOF - ##########
Mr. Micro- Membro
- Mensagens : 56
Reputação : 2
Data de inscrição : 31/08/2013
Re: Ajuda na remoção do rogue Anti-virus Security Pro
por Wings [In Memoriam] Qua 04 Dez 2013, 10:52
CASO RESOLVIDO
Caso o(a) autor(a) do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o(a) autor(a) do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Tópicos semelhantes» Ajuda para a remoção de vírus
» Teste seu Anti-virus, Anti-spyware & Firewall
» Anti-vírus
» Anti virus
» Rising anti-vírus
» Teste seu Anti-virus, Anti-spyware & Firewall
» Anti-vírus
» Anti virus
» Rising anti-vírus
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos