como remover Attention required! CloudFlare

por Thais Olino Dom 02 Nov 2014, 17:55

Quando eu tento acessar alguns sites aparece One more step
Please complete the security check to access, como faço para remover ? já tentei varias coisas mas não deu certo Sad

Meu relatório do Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:04:43, on 02/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Thais\Downloads\HijackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] "C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe" -auto -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Serviço do Positivo Experience (AppManagerService) - Positivo Informática S.A. - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Baidu MoboMarket Service (BASSVC) - Baidu, Inc. - C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\bassvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) - Baidu Inc. - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe

--
End of file - 6645 bytes

por **joram** Dom 02 Nov 2014, 18:07

Thais Olino escreveu:Quando eu tento acessar alguns sites aparece One more step
Please complete the security check to access, como faço para remover ? já tentei varias coisas mas não deu certo

Boa Tarde! Thais Olino

> Isso está tornando-se uma praga,pois vários casos já vieram aqui,mas não vejo a postagem em outros Fóruns brasileiros.
A ferramenta Francesa MyHosts,poderia resolver...mas os desenvolvedores bloquearam o download para o nosso país e,somente,disponibilizando para a França.
###
###

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > como https - forumpcbrasil forumeiros com - como remover Attention required! CloudFlare 319226

como https - forumpcbrasil forumeiros com - como remover Attention required! CloudFlare 319226

> Poste o log do HijackThis,segundo a [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

A+

por Thais Olino Dom 02 Nov 2014, 18:18

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:04:43, on 02/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Thais\Downloads\HijackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] "C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe" -auto -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Serviço do Positivo Experience (AppManagerService) - Positivo Informática S.A. - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Baidu MoboMarket Service (BASSVC) - Baidu, Inc. - C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\bassvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) - Baidu Inc. - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe

--
End of file - 6645 bytes

por **joram** Dom 02 Nov 2014, 19:36

Boa Noite! Thais Olino

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Vá a esta página e utilize o Fix it ali proposto.
>
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Adlice Software ) ( 32 bits version )

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Adlice Software ) ( 64 bits version )

> Salve-o no desktop! [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Feche aplicativos que estejam abertos!
> Execute RogueKiller.exe e aceite a Eula,caso solicite!
> Se o "Filtro SmartScreen" bloquear o anti-malware,clique em "Mais informações" >> "Executar de qualquer maneira"

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Aguarde a finalização de seu Pre-scan,que se inicia automáticamente.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Dê início ao diagnóstico,clicando no botão "Verificar".
> Poste o relatório ao concluir: RKreport[1].txt

A+

por Thais Olino Dom 02 Nov 2014, 23:15

RogueKiller V10.0.4.0 [Oct 29 2014] por Adlice Software
mail : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Thais [Administrador]
Modo : Escanear -- Data : 11/02/2014 23:14:39

¤¤¤ Processos : 0 ¤¤¤

¤¤¤ Registro : 3 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msahci (\SystemRoot\system32\drivers\msahci.sys) -> Encontrado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 44 (Driver: Carregado) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x864ae398
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x864ae430
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[19] : Unknown @ 0x864fbea0
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[22] : Unknown @ 0x864884a0
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[43] : Unknown @ 0x86524bf0
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x86524f80
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[86] : Unknown @ 0x865249e8
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x864ecda8
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : Unknown @ 0x86524a90
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[96] : Unknown @ 0x86524c88
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[111] : Unknown @ 0x864eb650
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[131] : Unknown @ 0x864ae920
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[145] : Unknown @ 0x864ae268
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[147] : Unknown @ 0x864ae300
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x86212eb0
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[168] : Unknown @ 0x864ae868
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[177] : Unknown @ 0x86524f08
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[190] : Unknown @ 0x864ecd60
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[191] : Unknown @ 0x864fbf28
[SSDT:Addr(Hook.SSDT)] NtOpenSection[194] : Unknown @ 0x86524dd8
[SSDT:Addr(Hook.SSDT)] NtOpenThread[198] : Unknown @ 0x8653d940
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[215] : Unknown @ 0x86524b48
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[269] : Unknown @ 0x86524940
[SSDT:Addr(Hook.SSDT)] NtQueueApcThreadEx[270] : Unknown @ 0x86524898
[SSDT:Addr(Hook.SSDT)] NtResumeThread[304] : Unknown @ 0x864ae4c8
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x864ae690
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[333] : Unknown @ 0x864ae728
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : Unknown @ 0x86524d20
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[366] : Unknown @ 0x86524e70
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[367] : Unknown @ 0x864ae560
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x86503c28
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x864ae5f8
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[385] : Unknown @ 0x864ae7d0
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : Unknown @ 0x864ae9a8
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[318] : Unknown @ 0x877a4448
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[402] : Unknown @ 0x877af438
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[434] : Unknown @ 0x877be928
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[436] : Unknown @ 0x87729bf8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[448] : Unknown @ 0x877fc7b8
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[490] : Unknown @ 0x877fe320
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[508] : Unknown @ 0x877fe7a0
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[509] : Unknown @ 0x877fe718
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x877c5248
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x86bc36e0

¤¤¤ Navegadores : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] rnr9snkd.default : user_pref("browser.startup.homepage", "google.com"); -> Encontrado

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BC142 ATA Device +++++
--- User ---
[MBR] 6178561f03b753ccde5bd4b5ffb7757a
[BSP] 677b7306694d0d7dacd4dfdf802ff172 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 20482048 | Size: 466938 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] O dispositivo não está pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

por **joram** Seg 03 Nov 2014, 00:07

Boa Noite! Thais Olino

> Abra a ferramenta RogueKiller.
> Na guia Registro,marque as caixinhas e clique Deletar.
> Poste o relatório!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by OldTimer )

> Salve-o no desktop ou C:\.
> Duplo-clique em OTS.exe.
> Ps: Para Windows Vista ou 7,dê clique direito e execute OTS.exe como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Na opção "Additional Scans",clique em "Extras".
> Marque,também,as caixinhas:

[] Reg - NetSvcs
[] File - Lop Check

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Para SO 64 bits,marque a caixinha!

> Em "Basic Scans",marque a caixinha: Skip Microsoft

> Verifique: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] & [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Código:: %systemdrive%\*.* %systemdrive%\drivers\*.exe %systemroot%\system32\drivers\*.* /90 %programfiles%\*.* %localappdata%\*.exe %localappdata%\*.txt %localappdata%\*.ini %localappdata%\*.dll %localappdata%\*.dat %userprofile%\*.exe %userprofile%\*.txt %userprofile%\*.ini %userprofile%\*.dll %userprofile%\*.dat /30 %appdata%\*.* %systemroot%\system32\tasks\*.* %windir%\tasks\*.* HKLM\System\CCS\Services\Tcpip\Parameters HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Copie e cole estas informações que estão no Código,para o campo "Custom Scans".
> À seguir,clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ao concluir,abrir-se-á o Bloco de Notas,com o relatório. ( OTS.txt )
> Poste-o em sua resposta!
> Acesse para isso! ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )

Abs!

por Thais Olino Seg 03 Nov 2014, 02:15

RogueKiller V10.0.4.0 [Oct 29 2014] por Adlice Software
mail : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Thais [Administrador]
Modo : Deletar -- Data : 11/03/2014 02:14:21

¤¤¤ Processos : 0 ¤¤¤

¤¤¤ Registro : 0 ¤¤¤

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 12 (Driver: Carregado) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[22] : Unknown @ 0x86460510
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x861f5178
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[318] : Unknown @ 0x8766dad0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[402] : Unknown @ 0x87654668
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[434] : Unknown @ 0x8765dc08
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[436] : Unknown @ 0x84c51d68
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[448] : Unknown @ 0x86ba8130
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[490] : Unknown @ 0x875f7898
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[508] : Unknown @ 0x8761f548
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[509] : Unknown @ 0x86251230
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x864821d8
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x876947b8

¤¤¤ Navegadores : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] rnr9snkd.default : user_pref("browser.startup.homepage", "google.com"); -> Não selecionado

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 6178561f03b753ccde5bd4b5ffb7757a
[BSP] 677b7306694d0d7dacd4dfdf802ff172 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 20482048 | Size: 466938 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] O dispositivo não está pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

============================================
RKreport_DEL_11032014_014922.log - RKreport_DEL_11032014_014943.log - RKreport_SCN_11022014_231439.log - RKreport_SCN_11032014_014847.log
RKreport_SCN_11032014_021331.log

por Thais Olino Seg 03 Nov 2014, 02:42

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

/!\ Vai aqui o relatório hospedado em Cjoint.com /!\

Grato!

por **joram** Seg 03 Nov 2014, 08:32

Bom Dia! Thais Olino

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Desinstale: < Baidu PC Faster >
> Caso tenha instalado o Baidu PC Faster,vá em: C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Uninstal <<
> Clique "Uninstal".
> Confirme seu desejo de desinstalar o PC Faster.
>
> Abra a ferramenta OTS.

Código:: [Unregister Dlls] [Processes - Safe List] YY -> pcfastersvc.exe -> C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe YY -> cleanerenginesvc.exe -> C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe YY -> bassvc.exe -> C:\Arquivos de Programas\Baidu Security\MoboMarket\1.2.8.3351\bassvc.exe YY -> bas_helper.exe -> C:\Arquivos de Programas\Baidu Security\MoboMarket\1.2.8.3351\bas_helper.exe YY -> pcftray.exe -> C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe [Modules - No Company Name] YY -> skiax.dll -> C:\Arquivos de Programas\Baidu Security\MoboMarket\1.2.8.3351\skiax.dll [Win32 Services - Safe List] YY -> (PCFasterSvc_{PCFaster_4.0.0.0}) Baidu PC Faster Service 4.0.0.0 [Auto | Running] -> C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe YY -> (BASSVC) Baidu MoboMarket Service [Auto | Running] -> C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\bassvc.exe YY -> (AdobeARMservice) Adobe Acrobat Update Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [Driver Services - Safe List] YY -> (BprotectEx) Baidu ProtectEx [Kernel | System | Running] -> C:\Windows\System32\drivers\BprotectEx.sys YY -> (PCFApiUtil) PCFApiUtil [Kernel | On_Demand | Running] -> C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys YY -> (Bhbase) Baidu Hook Base [Kernel | Boot | Running] -> C:\Windows\System32\drivers\Bhbase.sys [Registry - Safe List] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YY -> "Baidu PC Faster 4.0.0.0" -> C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe ["C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe" -auto -start] < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2380202607-3760370192-3880593022-1000] > -> HKEY_USERS\S-1-5-21-2380202607-3760370192-3880593022-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer YN -> \\"NoLowDiskSpaceChecks" -> [1] < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet YN -> /pagefile -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] [Registry - Additional Scans - Safe List] < Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center YN -> \Svc\\"VistaSp1" -> Reg Error: Unknown registry data type [Reg Error: Unknown registry data type] < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ YN -> Baidu PC Faster 4.0.0.0 -> Baidu PC Faster YN -> ZHPDiag_is1 -> ZHPDiag 2014 [Files/Folders - Created Within 30 Days] NY -> ZHP -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP NY -> ZHPDiag -> C:\ZHPDiag NY -> ZHP -> C:\Users\Thais\AppData\Roaming\ZHP NY -> Baidu -> C:\ProgramData\Baidu NY -> Baidu -> C:\Users\Public\Documents\Baidu NY -> Bhbase.sys -> C:\Windows\System32\drivers\Bhbase.sys NY -> BprotectEx.sys -> C:\Windows\System32\drivers\BprotectEx.sys NY -> Baidu PC Faster -> C:\Users\Thais\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster NY -> Baidu PC Faster -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster NY -> Baidu Security -> C:\Users\Thais\AppData\Roaming\Baidu Security NY -> Baidu Security -> C:\Users\Public\Documents\Baidu Security NY -> Baidu Security -> C:\ProgramData\Baidu Security NY -> Baidu Security -> C:\Program Files\Baidu Security NY -> 6 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp NY -> 1 C:\Users\Thais\Documents\*.tmp files -> C:\Users\Thais\Documents\*.tmp [Files/Folders - Modified Within 30 Days] NY -> ZHPFix.lnk -> C:\Users\Thais\Desktop\ZHPFix.lnk NY -> ZHPDiag.lnk -> C:\Users\Thais\Desktop\ZHPDiag.lnk NY -> Baidu WiFi Hotspot.lnk -> C:\Users\Thais\Desktop\Baidu WiFi Hotspot.lnk NY -> 6 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp NY -> 1 C:\Users\Thais\Documents\*.tmp files -> C:\Users\Thais\Documents\*.tmp [Files - No Company Name] NY -> ZHPFix.lnk -> C:\Users\Thais\Desktop\ZHPFix.lnk NY -> ZHPDiag.lnk -> C:\Users\Thais\Desktop\ZHPDiag.lnk NY -> Baidu WiFi Hotspot.lnk -> C:\Users\Thais\Desktop\Baidu WiFi Hotspot.lnk [Custom Scans] NY -> Baidu PC Faster Service -> C:\Windows\system32\tasks\Baidu PC Faster Service NY -> Baidu PC Faster Update -> C:\Windows\system32\tasks\Baidu PC Faster Update [Custom Items] [reboot] [Empty Temp Folders] [CreateRestorePoint]

> Cole estas informações que estão no Código,para o campo: "Paste Fix Here"

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Clique em Run Fix >> Aguarde!
> Terminando,poste o relatório: C:\_OTS\MovedFiles\OTS.txt

A+

por Thais Olino Seg 03 Nov 2014, 11:44

All Processes Killed
[Processes - Safe List]
No active process named pcfastersvc.exe was found!
File C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe not found.
No active process named cleanerenginesvc.exe was found!
C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe moved successfully.
Process bassvc.exe killed successfully!
C:\Arquivos de Programas\Baidu Security\MoboMarket\1.2.8.3351\bassvc.exe moved successfully.
No active process named bas_helper.exe was found!
C:\Arquivos de Programas\Baidu Security\MoboMarket\1.2.8.3351\bas_helper.exe moved successfully.
No active process named pcftray.exe was found!
File C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe not found.
[Modules - No Company Name]
[Win32 Services - Safe List]
Error: No service named PCFasterSvc_{PCFaster_4.0.0.0} was found to stop!
Service\Driver key PCFasterSvc_{PCFaster_4.0.0.0} not found.
File C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe not found.
Service BASSVC stopped successfully!
Service BASSVC deleted successfully!
File C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\bassvc.exe not found.
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe moved successfully.
[Driver Services - Safe List]
Error: Unable to stop service BprotectEx!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully.
File C:\Windows\System32\drivers\BprotectEx.sys not found.
Service PCFApiUtil stopped successfully!
Service PCFApiUtil deleted successfully!
File C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys not found.
Error: Unable to stop service Bhbase!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully.
C:\Windows\System32\drivers\Bhbase.sys moved successfully.
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Baidu PC Faster 4.0.0.0 not found.
File C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe not found.
Registry value HKEY_USERS\S-1-5-21-2380202607-3760370192-3880593022-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
[Registry - Additional Scans - Safe List]
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
[Files/Folders - Created Within 30 Days]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP folder moved successfully.
C:\ZHPDiag\ZHPFix\Quarantine folder moved successfully.
C:\ZHPDiag\ZHPFix folder moved successfully.
C:\ZHPDiag folder moved successfully.
C:\Users\Thais\AppData\Roaming\ZHP\Quarantine folder moved successfully.
C:\Users\Thais\AppData\Roaming\ZHP folder moved successfully.
C:\ProgramData\Baidu\AndroidStoreI18N\Driver folder moved successfully.
C:\ProgramData\Baidu\AndroidStoreI18N\DeviceCache folder moved successfully.
C:\ProgramData\Baidu\AndroidStoreI18N folder moved successfully.
C:\ProgramData\Baidu folder moved successfully.
C:\Users\Public\Documents\Baidu\Common\I18N folder moved successfully.
C:\Users\Public\Documents\Baidu\Common folder moved successfully.
C:\Users\Public\Documents\Baidu folder moved successfully.
File C:\Windows\System32\drivers\Bhbase.sys not found!
File C:\Windows\System32\drivers\BprotectEx.sys not found!
File C:\Users\Thais\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster not found!
File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster not found!
C:\Users\Thais\AppData\Roaming\Baidu Security\Android Store\1.2.8.3351 folder moved successfully.
C:\Users\Thais\AppData\Roaming\Baidu Security\Android Store folder moved successfully.
C:\Users\Thais\AppData\Roaming\Baidu Security folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Bav\Dump\5.0.4.90711 folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Bav\Dump\5.0.4.89009 folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Bav\Dump\4.1.1.80737 folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Bav\Dump folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Bav folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Android Store\1.2.8.3351\Dump folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Android Store\1.2.8.3351 folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Android Store folder moved successfully.
C:\Users\Public\Documents\Baidu Security folder moved successfully.
C:\ProgramData\Baidu Security\RpData folder moved successfully.
C:\ProgramData\Baidu Security\MoboMarket\RpData folder moved successfully.
C:\ProgramData\Baidu Security\MoboMarket folder moved successfully.
C:\ProgramData\Baidu Security folder moved successfully.
C:\Program Files\Baidu Security\PC Faster\4.0.0.0 folder moved successfully.
C:\Program Files\Baidu Security\PC Faster folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\UsbDriver\universal_adb_x86\i386 folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\UsbDriver\universal_adb_x86 folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\UsbDriver folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\update folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\skin\bas_helper\skin\mainframe folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\skin\bas_helper\skin folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\skin\bas_helper folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\skin folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\I18N\Font folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\I18N\1057\skin folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\I18N\1057 folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\I18N\1046\skin folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\I18N\1046 folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\I18N\1033\skin folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\I18N\1033 folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\I18N folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\Data\Temp folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\Data folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351 folder moved successfully.
C:\Program Files\Baidu Security\MoboMarket folder moved successfully.
C:\Program Files\Baidu Security\Baidu Antivirus folder moved successfully.
C:\Program Files\Baidu Security folder moved successfully.
C:\Program Files\GUM3ED4.tmp\GoogleCrashHandler.exe deleted successfully.
C:\Program Files\GUM3ED4.tmp\GoogleCrashHandler64.exe deleted successfully.
C:\Program Files\GUM3ED4.tmp\GoogleUpdateBroker.exe deleted successfully.
C:\Program Files\GUM3ED4.tmp\GoogleUpdateComRegisterShell64.exe deleted successfully.
C:\Program Files\GUM3ED4.tmp\GoogleUpdateHelper.msi deleted successfully.
C:\Program Files\GUM3ED4.tmp\GoogleUpdateOnDemand.exe deleted successfully.
C:\Program Files\GUM3ED4.tmp\GoogleUpdateSetup.exe deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdate.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_am.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_ar.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_bg.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_bn.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_ca.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_cs.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_da.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_de.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_el.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_en-GB.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_en.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_es-419.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_es.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_et.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_fa.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_fi.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_fil.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_fr.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_gu.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_hi.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_hr.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_hu.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_id.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_is.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_it.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_iw.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_ja.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_kn.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_ko.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_lt.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_lv.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_ml.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_mr.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_ms.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_nl.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_no.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_pl.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_pt-BR.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_pt-PT.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_ro.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_ru.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_sk.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_sl.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_sr.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_sv.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_sw.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_ta.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_te.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_th.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_tr.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_uk.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_ur.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_vi.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_zh-CN.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\goopdateres_zh-TW.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\npGoogleUpdate3.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\psmachine.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\psmachine_64.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\psuser.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp\psuser_64.dll deleted successfully.
C:\Program Files\GUM3ED4.tmp folder deleted successfully.
C:\Program Files\GUMB894.tmp\GoogleCrashHandler.exe deleted successfully.
C:\Program Files\GUMB894.tmp\GoogleCrashHandler64.exe deleted successfully.
C:\Program Files\GUMB894.tmp\GoogleUpdate.exe deleted successfully.
C:\Program Files\GUMB894.tmp\GoogleUpdateBroker.exe deleted successfully.
C:\Program Files\GUMB894.tmp\GoogleUpdateHelper.msi deleted successfully.
C:\Program Files\GUMB894.tmp\GoogleUpdateOnDemand.exe deleted successfully.
C:\Program Files\GUMB894.tmp\GoogleUpdateSetup.exe deleted successfully.
C:\Program Files\GUMB894.tmp\goopdate.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_am.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_ar.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_bg.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_bn.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_ca.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_cs.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_da.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_de.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_el.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_en-GB.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_en.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_es-419.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_es.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_et.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_fa.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_fi.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_fil.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_fr.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_gu.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_hi.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_hr.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_hu.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_id.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_is.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_it.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_iw.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_ja.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_kn.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_ko.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_lt.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_lv.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_ml.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_mr.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_ms.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_nl.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_no.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_pl.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_pt-BR.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_pt-PT.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_ro.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_ru.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_sk.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_sl.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_sr.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_sv.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_sw.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_ta.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_te.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_th.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_tr.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_uk.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_ur.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_vi.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_zh-CN.dll deleted successfully.
C:\Program Files\GUMB894.tmp\goopdateres_zh-TW.dll deleted successfully.
C:\Program Files\GUMB894.tmp\npGoogleUpdate3.dll deleted successfully.
C:\Program Files\GUMB894.tmp\psmachine.dll deleted successfully.
C:\Program Files\GUMB894.tmp\psuser.dll deleted successfully.
C:\Program Files\GUMB894.tmp folder deleted successfully.
C:\Program Files\GUMF112.tmp\GoogleCrashHandler.exe deleted successfully.
C:\Program Files\GUMF112.tmp\GoogleCrashHandler64.exe deleted successfully.
C:\Program Files\GUMF112.tmp\GoogleUpdate.exe deleted successfully.
C:\Program Files\GUMF112.tmp\GoogleUpdateBroker.exe deleted successfully.
C:\Program Files\GUMF112.tmp\GoogleUpdateComRegisterShell64.exe deleted successfully.
C:\Program Files\GUMF112.tmp\GoogleUpdateHelper.msi deleted successfully.
C:\Program Files\GUMF112.tmp\GoogleUpdateOnDemand.exe deleted successfully.
C:\Program Files\GUMF112.tmp\GoogleUpdateSetup.exe deleted successfully.
C:\Program Files\GUMF112.tmp\goopdate.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_am.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_ar.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_bg.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_bn.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_ca.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_cs.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_da.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_de.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_el.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_en-GB.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_en.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_es-419.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_es.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_et.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_fa.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_fi.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_fil.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_fr.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_gu.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_hi.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_hr.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_hu.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_id.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_is.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_it.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_iw.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_ja.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_kn.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_ko.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_lt.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_lv.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_ml.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_mr.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_ms.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_nl.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_no.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_pl.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_pt-BR.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_pt-PT.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_ro.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_ru.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_sk.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_sl.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_sr.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_sv.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_sw.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_ta.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_te.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_th.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_tr.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_uk.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_ur.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_vi.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_zh-CN.dll deleted successfully.
C:\Program Files\GUMF112.tmp\goopdateres_zh-TW.dll deleted successfully.
C:\Program Files\GUMF112.tmp\npGoogleUpdate3.dll deleted successfully.
C:\Program Files\GUMF112.tmp\psmachine.dll deleted successfully.
C:\Program Files\GUMF112.tmp\psmachine_64.dll deleted successfully.
C:\Program Files\GUMF112.tmp\psuser.dll deleted successfully.
C:\Program Files\GUMF112.tmp\psuser_64.dll deleted successfully.
C:\Program Files\GUMF112.tmp folder deleted successfully.
C:\Program Files\GUT3ED5.tmp deleted successfully.
C:\Program Files\GUTB895.tmp deleted successfully.
C:\Program Files\GUTF161.tmp deleted successfully.
C:\Users\Thais\Documents\0824172144.tmp deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Users\Thais\Desktop\ZHPFix.lnk moved successfully.
C:\Users\Thais\Desktop\ZHPDiag.lnk moved successfully.
File C:\Users\Thais\Desktop\Baidu WiFi Hotspot.lnk not found!
[Files - No Company Name]
File C:\Users\Thais\Desktop\ZHPFix.lnk not found!
File C:\Users\Thais\Desktop\ZHPDiag.lnk not found!
File C:\Users\Thais\Desktop\Baidu WiFi Hotspot.lnk not found!
[Custom Scans]
File/Folder C:\Windows\system32\tasks\Baidu PC Faster Service not found.
File/Folder C:\Windows\system32\tasks\Baidu PC Faster Update not found.
Cannot create restore point. Unable to start RPC service!
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 11032014_113506

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0\ not found.

por **joram** Seg 03 Nov 2014, 12:24

Boa Tarde! Thais Olino

> Abra a ferramenta OTS,e clique "CleanUp".
> Aguarde a desinstalação!
>
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by OldTimer Tools )

> Clique em Salvar!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Salve-o no desktop!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Duplo clique em OTL.exe

> Clique Executar.

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Execute a OTL,em seu rápido escaneamento. ( Verificação rápida )
> Ps: Para Windows 7,clique direito e execute-o como "Administrador".
> Copie e poste o relatório. ( C:\_OTL\MovedFiles\xxxx2014_xxxxxx.log )
> Poste,também,o relatório "Extras".

A+

por Thais Olino Seg 03 Nov 2014, 12:49

OTL logfile created on: 03/11/2014 12:40:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thais\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,93 Gb Total Physical Memory | 0,45 Gb Available Physical Memory | 23,18% Memory free
3,87 Gb Paging File | 2,27 Gb Available in Paging File | 58,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 356,46 Gb Free Space | 78,17% Space Free | Partition Type: NTFS

Computer Name: THAIS-PC | User Name: Thais | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/11/03 12:38:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thais\Desktop\OTL.exe
PRC - [2014/11/02 17:34:25 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Update\1.3.25.5\GoogleCrashHandler.exe
PRC - [2014/10/31 17:36:20 | 005,223,016 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\avastui.exe
PRC - [2014/10/23 11:31:27 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/10/23 11:31:20 | 003,192,344 | ---- | M] (Avast Software) -- C:\Arquivos de Programas\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
PRC - [2014/10/22 02:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Chrome\Application\chrome.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/06/17 23:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
PRC - [2012/11/23 00:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/10/05 09:41:16 | 000,046,592 | ---- | M] (Positivo Informática S.A.) -- C:\Arquivos de Programas\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe
PRC - [2011/09/24 16:16:54 | 005,861,376 | ---- | M] (Positivo Informática S.A.) -- C:\Arquivos de Programas\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe
PRC - [2011/07/07 12:29:24 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/04/16 22:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Arquivos de Programas\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/12/06 23:13:14 | 000,397,312 | ---- | M] () -- C:\Arquivos de Programas\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2009/10/30 16:48:42 | 000,348,160 | ---- | M] (AVerMedia) -- C:\Arquivos de Programas\Common Files\AVerMedia\Service\AVerRemote.exe

========== Modules (No Company Name) ==========

MOD - [2014/10/23 11:31:28 | 038,561,576 | ---- | M] () -- C:\Arquivos de Programas\AVAST Software\Avast\libcef.dll
MOD - [2014/10/22 02:04:57 | 008,910,664 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/22 02:04:51 | 001,042,760 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/22 02:04:49 | 000,211,272 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/22 02:04:48 | 001,681,224 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014/10/15 19:42:35 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3063abda312516739bc808360071bad9\System.Xml.Linq.ni.dll
MOD - [2014/10/15 19:41:42 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\e3641fa3359f37ad12c84183ce765093\System.Core.ni.dll
MOD - [2014/10/15 19:41:39 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MOD - [2014/10/15 19:38:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll
MOD - [2014/10/15 19:37:47 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll
MOD - [2014/10/15 19:37:34 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/15 19:37:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/15 19:37:21 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/15 19:37:16 | 012,236,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll
MOD - [2014/10/15 19:37:07 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/15 19:37:05 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/12 01:48:17 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2011/04/12 02:46:55 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_pt-BR_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/11/12 21:34:31 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

========== Services (SafeList) ==========

SRV - [2014/11/01 21:42:28 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/10/23 11:31:27 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/10/23 11:31:20 | 003,192,344 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2014/10/11 10:53:22 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/18 22:50:15 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/05/27 02:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/05 13:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Arquivos de Programas\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/10/05 09:41:16 | 000,046,592 | ---- | M] (Positivo Informática S.A.) [Auto | Running] -- C:\Arquivos de Programas\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe -- (AppManagerService)
SRV - [2011/04/16 22:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/02/15 01:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/20 19:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009/12/06 23:13:14 | 000,397,312 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009/10/30 16:48:42 | 000,348,160 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Arquivos de Programas\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\stwrt.sys -- (STHDA)
DRV - [2014/11/03 12:37:56 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/10/31 17:36:24 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/10/31 17:36:24 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/10/23 11:31:31 | 000,422,760 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/10/23 11:31:31 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/10/23 11:31:31 | 000,091,496 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2014/10/23 11:31:31 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/10/23 11:31:30 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/10/23 11:31:30 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/10/23 11:31:20 | 000,218,192 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2014/10/03 17:19:32 | 001,138,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20141024.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/10/01 11:11:24 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/10/01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/09/26 13:26:26 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20141102.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/09/26 13:26:26 | 000,378,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Arquivos de Programas\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/09/26 13:26:26 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20141102.024\NAVENG.SYS -- (NAVENG)
DRV - [2014/09/10 16:36:44 | 000,111,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/09/09 16:39:32 | 000,476,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20141101.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/08/15 08:15:49 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/03 16:21:54 | 000,052,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pad.sys -- (PositivoAudioDriverWdm)
DRV - [2011/04/20 23:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys -- (SymNetS)
DRV - [2011/03/31 01:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 01:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/15 00:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 04:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 03:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/20 19:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 19:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/12/30 11:00:50 | 000,093,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JME.sys -- (JME)
DRV - [2009/11/18 06:50:12 | 001,171,328 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerA706.sys -- (AVerA706)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\..\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} : "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\..\SearchScopes\{D35DD44D-BACF-48B5-A8A0-6EB69BE0116D}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\..\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} : "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0
FF - prefs.js..browser.startup.homepage: "google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2014/11/03 12:37:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/10/23 11:31:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/10/24 18:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thais\AppData\Roaming\mozilla\Extensions
[2014/10/24 18:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
[2014/10/24 18:35:08 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\internal-nacl-plugin
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll
CHR - plugin: Windows LiveÂ™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: No name found = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\epadnjldocmkadjbopkanclaamocokoo\2.0_0\
CHR - Extension: No name found = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2.2_0\
CHR - Extension: No name found = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcnlagjgkjmegedpgileogohfdlpngdl\1.2_0\
CHR - Extension: No name found = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2204.148_0\
CHR - Extension: No name found = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmmglgcgipmpfmablliiooebiiollim\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfneahoibjkdlonilmnkkncopeiomoc\1.0.0_0\
CHR - Extension: No name found = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/03 17:19:52 | 000,000,833 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de Programas\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Arquivos de Programas\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de Programas\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de Programas\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartUpManagerPositivo] C:\Arquivos de Programas\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A373037-9F84-4C14-AA33-030A98DAEAFB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/11/03 12:39:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thais\Desktop\OTL.exe
[2014/11/03 02:22:41 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Users\Thais\Desktop\OTS (2).exe
[2014/11/02 23:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/11/02 17:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/11/02 12:25:07 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/11/02 12:10:12 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/02 12:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/02 12:09:55 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/02 12:09:55 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/11/02 12:09:55 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/11/02 12:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/11/02 12:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/01 21:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/11/01 21:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/11/01 21:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/11/01 21:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/11/01 21:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/11/01 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/11/01 21:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/11/01 06:37:02 | 000,000,000 | ---D | C] -- C:\Users\Thais\.android
[2014/10/30 15:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/10/30 14:42:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/10/26 13:48:07 | 000,000,000 | ---D | C] -- C:\Users\Thais\AppData\Roaming\WinRAR
[2014/10/26 13:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/10/26 13:47:37 | 000,000,000 | ---D | C] -- C:\Users\Thais\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/10/26 13:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2014/10/24 18:37:12 | 000,000,000 | ---D | C] -- C:\Users\Thais\AppData\Roaming\Mozilla
[2014/10/24 18:37:12 | 000,000,000 | ---D | C] -- C:\Users\Thais\AppData\Local\Mozilla
[2014/10/24 18:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/10/24 18:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/10/24 18:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/10/24 18:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\AdvanceElite
[2014/10/23 14:43:44 | 000,000,000 | -H-D | C] -- C:\Users\Thais\AppData\Roaming\GoldenGate
[2014/10/23 11:33:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\vbox
[2014/10/23 11:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014/10/23 11:31:55 | 000,091,496 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014/10/23 11:31:50 | 000,422,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/10/23 11:31:48 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswmonflt.sys
[2014/10/23 11:31:45 | 000,081,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/10/23 11:31:41 | 000,787,800 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/10/23 11:31:35 | 000,291,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/10/23 11:31:30 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/10/23 11:24:18 | 005,004,328 | ---- | C] (AVAST Software) -- C:\Users\Thais\Desktop\avast_free_antivirus_setup_online.exe
[2014/10/21 14:13:19 | 000,000,000 | ---D | C] -- C:\Users\Thais\AppData\Roaming\QuickScan
[2014/10/21 10:14:45 | 000,000,000 | -HSD | C] -- C:\Users\Thais\AppData\Local\EmieUserList
[2014/10/21 10:14:44 | 000,000,000 | -HSD | C] -- C:\Users\Thais\AppData\Local\EmieSiteList
[2014/10/09 17:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/10/09 17:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

========== Files - Modified Within 30 Days ==========

[2014/11/03 12:39:01 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/03 12:38:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thais\Desktop\OTL.exe
[2014/11/03 12:37:56 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/03 12:37:50 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/03 12:36:51 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/11/03 12:36:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/03 12:36:35 | 1558,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/03 11:49:04 | 000,016,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/03 11:49:04 | 000,016,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/03 02:22:10 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Users\Thais\Desktop\OTS (2).exe
[2014/11/03 02:02:44 | 000,034,808 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/11/02 22:52:26 | 017,526,360 | ---- | M] () -- C:\Users\Thais\Desktop\RogueKillerX64.exe
[2014/11/02 22:35:48 | 000,991,232 | ---- | M] () -- C:\Users\Thais\Desktop\MicrosoftFixit50267.msi
[2014/11/02 17:41:51 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/02 12:57:20 | 000,000,020 | ---- | M] () -- C:\ProgramData\bc.ini
[2014/11/02 12:10:01 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/02 08:41:25 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/01 21:42:57 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/11/01 06:36:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2014/10/31 17:36:24 | 000,787,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/10/31 17:36:24 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswmonflt.sys
[2014/10/30 15:08:06 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/10/28 21:33:39 | 000,943,836 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2014/10/28 21:33:39 | 000,892,404 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/10/28 21:33:39 | 000,375,678 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2014/10/28 21:33:39 | 000,350,392 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/10/26 13:47:37 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/10/26 13:46:46 | 004,448,336 | ---- | M] () -- C:\Users\Thais\Desktop\345-wrar511br.exe
[2014/10/24 19:31:08 | 000,000,045 | ---- | M] () -- C:\Users\Thais\AppData\Roaming\WB.CFG
[2014/10/24 19:02:51 | 000,000,017 | ---- | M] () -- C:\Users\Thais\AppData\Local\resmon.resmoncfg
[2014/10/24 18:35:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/10/24 18:30:58 | 000,000,268 | ---- | M] () -- C:\Users\Thais\Desktop\Cut the Rope.url
[2014/10/23 12:59:40 | 000,014,304 | ---- | M] () -- C:\ProgramData\Duplicaterecord.js
[2014/10/23 11:32:32 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/10/23 11:31:31 | 000,422,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/10/23 11:31:31 | 000,206,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/10/23 11:31:31 | 000,091,496 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014/10/23 11:31:31 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/10/23 11:31:30 | 000,291,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/10/23 11:31:30 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/10/23 11:31:30 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/10/23 11:31:30 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/10/23 11:24:32 | 005,004,328 | ---- | M] (AVAST Software) -- C:\Users\Thais\Desktop\avast_free_antivirus_setup_online.exe
[2014/10/19 20:09:21 | 000,000,993 | ---- | M] () -- C:\Users\Thais\Desktop\PhotoScape.lnk
[2014/10/15 19:35:57 | 000,274,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/10/10 01:26:01 | 000,000,297 | ---- | M] () -- C:\Users\Thais\Documents\uoih.rtf

========== Files Created - No Company Name ==========

[2014/11/02 23:05:36 | 000,034,808 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/11/02 22:57:23 | 000,991,232 | ---- | C] () -- C:\Users\Thais\Desktop\MicrosoftFixit50267.msi
[2014/11/02 22:53:21 | 017,526,360 | ---- | C] () -- C:\Users\Thais\Desktop\RogueKillerX64.exe
[2014/11/02 17:41:51 | 000,002,203 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/02 17:34:32 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/02 17:34:30 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/02 12:57:20 | 000,000,020 | ---- | C] () -- C:\ProgramData\bc.ini
[2014/11/02 12:10:01 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/01 21:42:57 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/11/01 06:36:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2014/10/30 15:08:05 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/10/30 15:08:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2014/10/26 13:47:36 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/10/26 13:46:33 | 004,448,336 | ---- | C] () -- C:\Users\Thais\Desktop\345-wrar511br.exe
[2014/10/24 19:31:08 | 000,000,045 | ---- | C] () -- C:\Users\Thais\AppData\Roaming\WB.CFG
[2014/10/24 19:02:51 | 000,000,017 | ---- | C] () -- C:\Users\Thais\AppData\Local\resmon.resmoncfg
[2014/10/24 18:35:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/10/24 18:35:42 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/10/24 18:30:57 | 000,000,268 | ---- | C] () -- C:\Users\Thais\Desktop\Cut the Rope.url
[2014/10/24 16:57:00 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/23 14:43:21 | 000,000,171 | ---- | C] () -- C:\Users\Thais\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[2014/10/23 12:59:40 | 000,014,304 | ---- | C] () -- C:\ProgramData\Duplicaterecord.js
[2014/10/23 11:32:31 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/10/23 11:31:52 | 000,206,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/10/23 11:31:49 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/10/23 11:31:46 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/09/10 07:57:29 | 000,000,000 | ---- | C] () -- C:\Users\Thais\AppData\Local\{282EF7BC-F4B2-4499-9E7C-615EDA9CCB6A}
[2014/02/20 11:25:58 | 000,055,840 | ---- | C] () -- C:\Windows\System32\USBCoInstaller.dll

========== ZeroAccess Check ==========

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 23:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/09/13 00:34:54 | 000,000,000 | ---D | M] -- C:\Users\Thais\AppData\Roaming\AVAST Software
[2014/08/31 01:08:07 | 000,000,000 | ---D | M] -- C:\Users\Thais\AppData\Roaming\AVG
[2014/08/16 14:50:36 | 000,000,000 | ---D | M] -- C:\Users\Thais\AppData\Roaming\GamesCafe
[2014/10/23 14:43:58 | 000,000,000 | -H-D | M] -- C:\Users\Thais\AppData\Roaming\GoldenGate
[2014/10/15 16:45:34 | 000,000,000 | ---D | M] -- C:\Users\Thais\AppData\Roaming\PhotoScape
[2014/08/14 21:07:59 | 000,000,000 | ---D | M] -- C:\Users\Thais\AppData\Roaming\Positivo Backup
[2014/10/21 14:13:22 | 000,000,000 | ---D | M] -- C:\Users\Thais\AppData\Roaming\QuickScan
[2014/08/15 08:34:19 | 000,000,000 | ---D | M] -- C:\Users\Thais\AppData\Roaming\Tific
[2014/08/31 00:21:58 | 000,000,000 | ---D | M] -- C:\Users\Thais\AppData\Roaming\TuneUp Software

========== Purity Check ==========

< End of report >

por Thais Olino Seg 03 Nov 2014, 12:49

OTL Extras logfile created on: 03/11/2014 12:40:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thais\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,93 Gb Total Physical Memory | 0,45 Gb Available Physical Memory | 23,18% Memory free
3,87 Gb Paging File | 2,27 Gb Available in Paging File | 58,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 356,46 Gb Free Space | 78,17% Space Free | Partition Type: NTFS

Computer Name: THAIS-PC | User Name: Thais | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{121D40C1-C097-4E8A-A49B-722957E6FFD6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{94172D4E-51A3-4366-B3BB-A06550CCAB1A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9A0D171E-5D55-49FC-A3B8-C46704EDD5A1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6AE21071-2E38-4DFD-87AC-57F8AFFC0F40}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{850F4B22-65FA-44B0-8AF2-74BCDDCB792E}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{8B8C4B5D-1069-447F-A4AD-2CF0BC5F6F6B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{A8F96470-85A6-4F0A-A1B2-3AE51025AA9E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D5C0D0C4-2F16-4EEE-8ECC-B3686B6BCE15}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1C86726E-4A85-4322-8A1C-56EDE170FAB5}_is1" = Tutorial 1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{387B3DFA-BB12-45E6-B431-4A7BF2EBD985}_is1" = Positivo Backup
"{41B72CAF-036B-4E0A-8D22-F5DF7C970434}" = Windows Live Remote Client Resources
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A33ECF3-6AC6-4A9B-932C-4E81625423C7}_is1" = Software de Cadastro Positivo 6.0
"{5400FA29-4A55-4EB9-AD27-AF20DBD334E1}_is1" = Positivo NIS 2011 License Activator
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{674e54ef-d593-4d80-8be2-35d0d8192a23}}_is1" = Aplicação da Promoção Vivo® Banda Larga
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DA3261A-DCEB-401A-ABE0-A367C252B86C}_is1" = Positivo Sincronize
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A828537C-87AF-4E9D-9C54-11D34B8E2FBA}_is1" = Faces 1.03.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAB13E97-449B-4D5B-BDE2-AB47B938B722}_is1" = Positivo Experience
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4B5A5D4-B793-425C-BBF1-0D3D46BAA73F}_is1" = Mural dos Amigos
"{BBF502F8-11A6-4401-8F2F-714ADA01B61A}_is1" = Positivo Notícias
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D00FA097-5115-400D-84AD-4ADEF3EBDB5E}_is1" = Positivo Áudio
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = PCTV
"{E365D4D7-BD51-4A7F-8ECA-0B6C0C42D3CF}_is1" = Gerenciador de Inicialização Positivo
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6617B44-D556-49AC-B2A3-01451E115043}" = Windows Live Remote Service Resources
"{F0839DB3-FBB8-4D14-936F-1D457A088224}" = Bing Bar
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Avast" = Avast Free Antivirus
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = PCTV
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versão 2.0.3.1025
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 33.0 (x86 pt-BR)" = Mozilla Firefox 33.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"PhotoScape" = PhotoScape
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.11 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Java Packages" = Java Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/11/2014 06:42:36 | Computer Name = Thais-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/11/2014 09:56:57 | Computer Name = Thais-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/11/2014 10:30:37 | Computer Name = Thais-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/11/2014 10:38:14 | Computer Name = Thais-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/11/2014 10:42:56 | Computer Name = Thais-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/11/2014 10:45:14 | Computer Name = Thais-PC | Source = VSS | ID = 8193
Description =

Error - 02/11/2014 10:45:14 | Computer Name = Thais-PC | Source = VSS | ID = 13
Description =

Error - 02/11/2014 10:45:14 | Computer Name = Thais-PC | Source = VSS | ID = 8193
Description =

Error - 02/11/2014 10:46:41 | Computer Name = Thais-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/11/2014 10:56:21 | Computer Name = Thais-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 15/10/2014 13:53:47 | Computer Name = Thais-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 14:51:49 às ?15/?10/?2014 não
era esperado.

Error - 15/10/2014 17:39:21 | Computer Name = Thais-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Falha na Instalação: o Windows não pôde instalar a seguinte atualização
com o erro 0x80242016: Atualização do Windows 7 (KB2952664).

Error - 16/10/2014 16:55:36 | Computer Name = Thais-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 17:54:41 às ?16/?10/?2014 não
era esperado.

Error - 16/10/2014 16:55:39 | Computer Name = THAIS-PC | Source = BugCheck | ID = 1001
Description =

Error - 16/10/2014 21:14:35 | Computer Name = Thais-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 22:12:24 às ?16/?10/?2014 não
era esperado.

Error - 18/10/2014 06:52:29 | Computer Name = Thais-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 07:50:06 às ?18/?10/?2014 não
era esperado.

Error - 18/10/2014 15:26:46 | Computer Name = Thais-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 16:25:31 às ?18/?10/?2014 não
era esperado.

Error - 19/10/2014 08:28:11 | Computer Name = Thais-PC | Source = DCOM | ID = 10005
Description =

Error - 19/10/2014 08:28:11 | Computer Name = Thais-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Windows Search.

Error - 19/10/2014 08:28:11 | Computer Name = Thais-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Windows Search devido ao seguinte
erro: %%1053

< End of report >

por **joram** Seg 03 Nov 2014, 13:19

Boa Tarde! Thais Olino

> Execute o OTL.exe.
> Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

:OTL
IE - HKLM\..\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\..\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - user.js - File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A373037-9F84-4C14-AA33-030A98DAEAFB}: DhcpNameServer = 192.168.0.1

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"Gopher"="gopher://"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:Files
ipconfig /renew /c

:Commands
[CREATERESTOREPOINT]
[resethosts]
[emptytemp]
[Reboot]

> Clique no botão Consertar >> Aguarde a conclusão!
> O computador vai reiniciar!
> Ao surgir,novamente,clique "Executar".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.
> Poste o relatório: C:\_OTL\MovedFiles\*.log

A+

por Thais Olino Seg 03 Nov 2014, 13:37

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABCD0123-1234-5678-ABCD-0123456789AB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABCD0123-1234-5678-ABCD-0123456789AB}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A373037-9F84-4C14-AA33-030A98DAEAFB}\\DhcpNameServer| /E : value set successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== FILES ==========
< ipconfig /renew /c >
Configura‡Æo de IP do Windows
Adaptador Ethernet ConexÆo local:
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Endere‡o IPv6 de link local . . . . . . . . : fe80::9c37:1b5b:47af:59a8%11
Endere‡o IPv4. . . . . . . . . . . . . . . : 192.168.0.100
M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
Gateway PadrÆo. . . . . . . . . . . . . . . : 192.168.0.1
Adaptador de t£nel isatap.{9A373037-9F84-4C14-AA33-030A98DAEAFB}:
Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Adaptador de t£nel ConexÆo Local* 2:
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Endere‡o IPv6 . . . . . . . . . . . . . . . : 2001:0:5ef5:79fb:242d:2022:3f57:ff9b
Endere‡o IPv6 de link local . . . . . . . . : fe80::242d:2022:3f57:ff9b%12
Gateway PadrÆo. . . . . . . . . . . . . . . : ::
Adaptador de t£nel isatap.{ECBBB88E-2470-4D1B-AF34-FDB40B89431C}:
Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
C:\Users\Thais\Desktop\cmd.bat deleted successfully.
C:\Users\Thais\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Thais
->Temp folder emptied: 4030820 bytes
->Temporary Internet Files folder emptied: 5571948 bytes
->Java cache emptied: 1048 bytes
->FireFox cache emptied: 24375891 bytes
->Google Chrome cache emptied: 384327345 bytes
->Flash cache emptied: 682 bytes

User: Todos os Usuários

User: user

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1370 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 27804368 bytes
RecycleBin emptied: 3367253 bytes

Total Files Cleaned = 429,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11032014_132938

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

por **joram** Seg 03 Nov 2014, 13:50

Boa Tarde! Thais Olino

> Abra o OTL.exe >> Clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Confirme essa solicitação!
> Aceite o reboot!
> A requisição CloudFlare,ainda permanece?

A+

por Thais Olino Seg 03 Nov 2014, 14:33

sim, permanece !

por **joram** Seg 03 Nov 2014, 16:04

Boa Tarde! Thais Olino

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Descompacte-o ao utilizar!
> Faça uma verificação,ao arquivo Hosts,e coloque-o no padrão Microsoft.
> No Windows XP,verifique: C:\WINDOWS\System32\Drivers\etc <<
> Abra essa pasta,e localize o arquivo Hosts.
> Ps: Abra-o com o Bloco de Notas!

Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost

> No Hosts,padronizado,não poderemos ter informações,abaixo de 127.0.0.1 localhost,que indiquem sites confiáveis.
> Tendo dúvidas,baixe e execute o HostsXpert,que gerenciará seu arquivo Hosts.
> Ela colocará o Hosts no padrão Windows,dentre outras opções incluídas no gerenciamento:

- Append File - Allows selection of a file to be appended to your current hosts file.
- Replace File - Allows selection of a file to replace your hosts file.
- Merge File - Allows selection of a file to be merged with your current hosts file.
- Create Backup - Creates a Backup of you current hosts file. Backup file will be placed where ever HostsXpert.exe resides on your Hard drive.
- Restore Backup - Restores the backup hosts file.
- Restore MS Hosts File << Padroniza o Hosts!
- Add to Hosts Files - Adds the line item into your hosts file.
- Delete Line - Deletes highlighted line from hosts file.
- Comments - Insert # / Remove# - Insert or Remove "#" (comment marker).
- Sort File - Sorts the current hosts file in alphanumeric order, removes all comment lines.
- Swap Localhost - Swaps the current hosts file between 127.0.0.1 and 0.0.0.0
- Remove Block Items - Removes all blocking lines in the current hosts file.
- Copy to Clipboard - Copies the current hosts file to the clipboard.
- Make Hosts read-only/writable toggle <-
- Search - Enter text to be searched for, click Previous or Next.
- Open in Memopad - Opens the Memopad built-in to HostsXpert.
- Save Hosts
- Saves the Hosts file from Memopad.
- Save As - Allows you to save the hosts file as a file other than "Hosts".
- Save Hosts Exit Memopad - Saves the Hosts file from Memopad, and returns you to normal view.
- Exit Memopad - Does not save changes.

> Salve-a no desktop!
> Descompacte-a para o desktop!
> Feche todas as janelas e o navegador!
> Execute o HostsXpert.exe,que não se instalará no computador.
> Clique em "Restore MS Hosts File" >> Ok.
> Essa opção,recuperará ou colocará o Hosts,em seu padrão original. ( Microsoft )
> Ocorrendo algum erro,em sua execução,clique em Make Writable e repita o procedimento.
> Finalize e/ou salve essas mudanças,e reinicie o computador!
> Informe!

A+

por Thais Olino Seg 03 Nov 2014, 16:53

Permaneci.

por **joram** Seg 03 Nov 2014, 17:29

Boa Tarde! Thais Olino

> Edite o Hosts com o gerenciador HostsXpert.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Abra a ferramenta e clique em "Tools" >> "MemoPad..." >> "Open in MemoPad".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> No campo à direita,remova esta linha.

127.0.0.1 localhost

> Esta aqui,deve ocupar seu lugar: ::1 localhost

> Ao concluir,clique em "MemoPad..." >> "Save" >> "Save Hosts - Exit MemoPad".
> Reinicie o computador!
> Informe!

A+

por Thais Olino Seg 03 Nov 2014, 17:45

Permaneci.

por Thais Olino Seg 03 Nov 2014, 17:46

Se eu formatar o computador, resolveria esse problema ?

por **joram** Seg 03 Nov 2014, 17:54

Thais Olino escreveu:Se eu formatar o computador, resolveria esse problema ?

Boa Tarde! Thais Olino

> Se o Modem não estiver comprometido...vc já o resetou?

A+

por Thais Olino Seg 03 Nov 2014, 17:58

eu uso roteador e pode ser que seja algo com ele, pois esse problema aconteceu depois que eu comecei usar roteador.

por **joram** Seg 03 Nov 2014, 20:07

Thais Olino escreveu:eu uso roteador e pode ser que seja algo com ele, pois esse problema aconteceu depois que eu comecei usar roteador.

Boa Noite! Thais Olino

> Contate um Técnico para que configure seu Roteador e depois, retorne aqui com os resultados.

A+

por Conteúdo patrocinado

como remover Attention required! CloudFlare

como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Re: como remover Attention required! CloudFlare

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30