Ir ao conteúdo
  • Cadastre-se
nando97

RESOLVIDO Porblemas com a Internet

Recommended Posts

De uns dias pra cá a minha internet vem caindo muito e o wi fi só funciona no computador, se tentar entrar pelo celular ou por um notebook entra, mas na hora que entra no google chrome não carrega e também o sinal tá caindo muito, então eu acho que é algum malware que está fazendo isso acontecer.

 

Attach:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 13/12/2011 09:14:57
System Uptime: 29/06/2014 20:29:19 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5LD2-X/1333
Processor: Intel® Core2 Duo CPU     E7200  @ 2.53GHz | LGA 775 | 2527/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 74,949 GiB free.
D: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\ATK0110\1010110
Manufacturer: 
Name: 
PNP Device ID: ACPI\ATK0110\1010110
Service: 
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador de Túnel Teredo da Microsoft
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP163: 17/06/2014 09:29:15 - Ponto de Verificação Agendado
RP164: 24/06/2014 17:06:45 - Ponto de Verificação Agendado
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.07) - Português
Adobe Shockwave Player 12.0
Age of Empires II HD 2.6
Age of Empires II: HD Edition
Any Video Converter 5.0.9
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
µTorrent
Auslogics DiskDefrag
Baidu Antivirus
Baidu PC Faster
CCleaner
Cities XL 2012
D3DX10
DAEMON Tools Lite
Dota 2
DVDFab 8.0.0.5 (25/08/2010)
EA Sports™ FIFA World
FM Genie Scout 13 version 1.0 13.3.3
FMB Update versão 1.5
Football Manager 2013
Football Manager 2013 Editor
Football Manager 2014
Football Manager 2014 Editor
Game Dev Tycoon v1.3.9
Google Chrome
Google Update Helper
High-Definition Video Playback 10
Internet Updater
Java Auto Updater
Java 6 Update 31
JDownloader 2
Junk Mail filter update
K-Lite Codec Pack 10.2.0 Full
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft Application Error Reporting
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft WSE 3.0 Runtime
MotioninJoy Gamepad tool 0.7.1001
Mozilla Firefox 23.0.1 (x86 pt-BR)
Mozilla Maintenance Service
MSVCRT
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Norton Security Scan
NVIDIA Install Application
Origin
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
Painel de controle da NVIDIA 320.49
PCSX2 - Playstation 2 Emulator
Picasa 3
PowerDVD
Pro Evolution Soccer 2009
Realtek High Definition Audio Driver
Sid Meier's Civilization IV
Sid Meier's Civilization V
Skype™ 6.14
Steam
swMSM
System Requirements Lab CYRI
TEW2005
The Sims™ 3
Updater
USB Disk Security
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== End Of File ===========================
 
 
 
DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 1.6.0_31
Run by usuario at 21:58:56 on 2014-06-29
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.2047.676 [GMT -3:00]
.
AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Baidu Antivirus *Enabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
C:\Program Files\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Users\usuario\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
C:\Program Files\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe
C:\Program Files\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PluginRemoverSvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "c:\users\usuario\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
mRun: [uSB Security] c:\program files\usb disk security\USBGuard.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtHDVCpl.exe" -s
mRun: [baidu Antivirus] "c:\program files\baidu security\baidu antivirus\BavTray.exe" -auto
mRun: [baidu PC Faster 4.0.0.0] "c:\program files\baidu security\pc faster\4.0.0.0\PCFaster.exe" -auto -start
StartupFolder: c:\users\usuario\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4FA3F88A-DC53-4560-B6C9-2A15AAD45EAD} : DHCPNameServer = 200.165.132.155 200.165.132.148
TCP: Interfaces\{540A17FC-8AD2-4C7D-82FD-298AA36D3526} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{540A17FC-8AD2-4C7D-82FD-298AA36D3526} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{58E2182C-F1E6-4076-9458-F365FC8AA110} : DHCPNameServer = 200.165.132.155 200.165.132.148
TCP: Interfaces\{F226FB42-3848-4B5D-902C-3F962F8BB611} : DHCPNameServer = 200.165.132.155 200.165.132.148
TCP: Interfaces\{F7E33999-1C4F-4264-89D1-BBEC036CACF8} : DHCPNameServer = 200.165.132.155 200.165.132.148
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [2013-12-11 94976]
R1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\system32\drivers\Bfilter.sys [2014-5-8 48448]
R1 Bfmon;Baidu FS Monitor Driver;c:\windows\system32\drivers\Bfmon.sys [2014-5-8 29504]
R1 Bnbase;Bnbase;c:\windows\system32\drivers\Bnbasex.sys [2014-5-8 70496]
R1 Bndef;Baidu NetDefense;c:\windows\system32\drivers\Bndef.sys [2014-5-8 51584]
R1 Bprotect;Baidu Protect;c:\windows\system32\drivers\Bprotect.sys [2014-5-8 157504]
R1 BprotectEx;Baidu ProtectEx;c:\windows\system32\drivers\BprotectEx.sys [2014-6-17 103744]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-5-29 242240]
R2 BAVSvc;Baidu Antivirus Service;c:\program files\baidu security\baidu antivirus\BAVSvc.exe [2014-6-15 2038248]
R2 BHipsSvc;Baidu Hips Service;c:\program files\baidu security\baidu antivirus\BHipsSvc.exe [2014-6-15 481432]
R2 PCFasterSvc_{PCFaster_4.0.0.0};Baidu PC Faster Service 4.0.0.0;c:\program files\baidu security\pc faster\4.0.0.0\PCFasterSvc.exe [2014-6-5 699376]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2009-6-10 29184]
R3 PCFApiUtil;PCFApiUtil;c:\program files\baidu security\pc faster\4.0.0.0\PCFApiUtil.sys [2014-3-11 119168]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-10-21 68208]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2014-4-3 99400]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 Spring;Spring;c:\program files\baidu security\pc faster\4.0.0.0\Spring.sys [2014-6-17 96608]
.
=============== Created Last 30 ================
.
2014-06-21 23:46:14 -------- d-----w- c:\programdata\Baidu
2014-06-17 12:35:40 103744 ----a-w- c:\windows\system32\drivers\BprotectEx.sys
.
==================== Find3M  ====================
.
2014-06-13 10:03:37 157504 ----a-w- c:\windows\system32\drivers\Bprotect.sys
2014-05-27 06:19:38 70496 ----a-w- c:\windows\system32\drivers\Bnbasex.sys
2014-05-27 06:19:38 58752 ----a-w- c:\windows\system32\drivers\Bnbase.sys
2014-05-27 06:19:38 51584 ----a-w- c:\windows\system32\drivers\Bndef.sys
2014-05-27 06:19:38 48448 ----a-w- c:\windows\system32\drivers\Bfilter.sys
2014-05-27 06:19:38 29504 ----a-w- c:\windows\system32\drivers\Bfmon.sys
2014-05-10 15:30:17 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-05-07 04:09:20 94976 ----a-w- c:\windows\system32\drivers\Bhbase.sys
2014-04-03 22:23:09 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
.
============= FINISH: 21:59:40,72 ===============

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

 

Desculpe a demora :)

 

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

 

Olá
 
Desculpe a demora :)
 
Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico
 
ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!
ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!
ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!
ATENÇÃO 4: Não anexe os logs, obrigado!
 
Abraços :D

 

Ok, obrigado.

Quando eu tiver tempo eu mando os dois logs mais o GMER.

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 1.6.0_31

Run by usuario at 18:46:58 on 2014-07-05

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.2047.556 [GMT -3:00]

.

AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Baidu Antivirus *Enabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe

C:\Program Files\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\USB Disk Security\USBGuard.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe

C:\Users\usuario\AppData\Roaming\uTorrent\uTorrent.exe

C:\Program Files\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe

C:\Program Files\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PluginRemoverSvc.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearch Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.google.com

mDefault_Search_URL = hxxp://www.google.com

mSearchAssistant = hxxp://www.google.com

mCustomizeSearch = hxxp://www.google.com

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [uTorrent] "c:\users\usuario\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED

mRun: [uSB Security] c:\program files\usb disk security\USBGuard.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtHDVCpl.exe" -s

mRun: [baidu Antivirus] "c:\program files\baidu security\baidu antivirus\BavTray.exe" -auto

mRun: [baidu PC Faster 4.0.0.0] "c:\program files\baidu security\pc faster\4.0.0.0\PCFaster.exe" -auto -start

StartupFolder: c:\users\usuario\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:189

mPolicies-Explorer: NoDriveTypeAutoRun = dword:189

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{4FA3F88A-DC53-4560-B6C9-2A15AAD45EAD} : DHCPNameServer = 200.165.132.155 200.165.132.148

TCP: Interfaces\{540A17FC-8AD2-4C7D-82FD-298AA36D3526} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{540A17FC-8AD2-4C7D-82FD-298AA36D3526} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{58E2182C-F1E6-4076-9458-F365FC8AA110} : DHCPNameServer = 200.165.132.155 200.165.132.148

TCP: Interfaces\{F226FB42-3848-4B5D-902C-3F962F8BB611} : DHCPNameServer = 200.165.132.155 200.165.132.148

TCP: Interfaces\{F7E33999-1C4F-4264-89D1-BBEC036CACF8} : DHCPNameServer = 200.165.132.155 200.165.132.148

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs=  

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - 

.

============= SERVICES / DRIVERS ===============

.

R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [2013-12-11 94976]

R1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\system32\drivers\Bfilter.sys [2014-5-8 48448]

R1 Bfmon;Baidu FS Monitor Driver;c:\windows\system32\drivers\Bfmon.sys [2014-5-8 29504]

R1 Bnbase;Bnbase;c:\windows\system32\drivers\Bnbasex.sys [2014-5-8 70496]

R1 Bndef;Baidu NetDefense;c:\windows\system32\drivers\Bndef.sys [2014-5-8 51584]

R1 Bprotect;Baidu Protect;c:\windows\system32\drivers\Bprotect.sys [2014-5-8 157504]

R1 BprotectEx;Baidu ProtectEx;c:\windows\system32\drivers\BprotectEx.sys [2014-6-17 103744]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-5-29 242240]

R2 BAVSvc;Baidu Antivirus Service;c:\program files\baidu security\baidu antivirus\BAVSvc.exe [2014-6-15 2038248]

R2 BHipsSvc;Baidu Hips Service;c:\program files\baidu security\baidu antivirus\BHipsSvc.exe [2014-6-15 481432]

R2 PCFasterSvc_{PCFaster_4.0.0.0};Baidu PC Faster Service 4.0.0.0;c:\program files\baidu security\pc faster\4.0.0.0\PCFasterSvc.exe [2014-6-5 699376]

R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2009-6-10 29184]

R3 PCFApiUtil;PCFApiUtil;c:\program files\baidu security\pc faster\4.0.0.0\PCFApiUtil.sys [2014-3-11 119168]

R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-10-21 68208]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2014-4-3 99400]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S3 Spring;Spring;c:\program files\baidu security\pc faster\4.0.0.0\Spring.sys [2014-6-17 96608]

.

=============== Created Last 30 ================

.

2014-07-05 20:06:28 104960 ----a-w- C:\uxldypob.sys

2014-07-05 20:06:28 104960 ----a-w- \uxldypob.sys

2014-06-21 23:46:14 -------- d-----w- c:\programdata\Baidu

2014-06-17 12:35:40 103744 ----a-w- c:\windows\system32\drivers\BprotectEx.sys

.

==================== Find3M  ====================

.

2014-06-13 10:03:37 157504 ----a-w- c:\windows\system32\drivers\Bprotect.sys

2014-05-27 06:19:38 70496 ----a-w- c:\windows\system32\drivers\Bnbasex.sys

2014-05-27 06:19:38 58752 ----a-w- c:\windows\system32\drivers\Bnbase.sys

2014-05-27 06:19:38 51584 ----a-w- c:\windows\system32\drivers\Bndef.sys

2014-05-27 06:19:38 48448 ----a-w- c:\windows\system32\drivers\Bfilter.sys

2014-05-27 06:19:38 29504 ----a-w- c:\windows\system32\drivers\Bfmon.sys

2014-05-10 15:30:17 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2014-05-07 04:09:20 94976 ----a-w- c:\windows\system32\drivers\Bhbase.sys

.

============= FINISH: 18:47:41,70 ===============

 

 

Attach:

 


DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate 

Boot Device: \Device\HarddiskVolume1

Install Date: 13/12/2011 09:14:57

System Uptime: 05/07/2014 17:21:48 (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. |  | P5LD2-X/1333

Processor: Intel® Core2 Duo CPU     E7200  @ 2.53GHz | LGA 775 | 1592/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 70,801 GiB free.

D: is CDROM (CDFS)

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: 

Description: 

Device ID: ACPI\ATK0110\1010110

Manufacturer: 

Name: 

PNP Device ID: ACPI\ATK0110\1010110

Service: 

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Adaptador de Túnel Teredo da Microsoft

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

==== System Restore Points ===================

.

RP165: 02/07/2014 07:58:56 - Ponto de Verificação Agendado

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.07) - Português

Adobe Shockwave Player 12.0

Age of Empires II HD 2.6

Age of Empires II: HD Edition

Any Video Converter 5.0.9

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

µTorrent

Auslogics DiskDefrag

Baidu Antivirus

Baidu PC Faster

CCleaner

Cities XL 2012

D3DX10

DAEMON Tools Lite

Dota 2

DVDFab 8.0.0.5 (25/08/2010)

EA Sports™ FIFA World

FM Genie Scout 13 version 1.0 13.3.3

FMB Update versão 1.5

Football Manager 2013

Football Manager 2013 Editor

Football Manager 2014

Football Manager 2014 Editor

Game Dev Tycoon v1.3.9

Google Chrome

Google Update Helper

High-Definition Video Playback 10

Internet Updater

Java Auto Updater

Java 6 Update 31

JDownloader 2

Junk Mail filter update

K-Lite Codec Pack 10.2.0 Full

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610

Microsoft WSE 3.0 Runtime

MotioninJoy Gamepad tool 0.7.1001

Mozilla Firefox 23.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero BackItUp 10 Help (CHM)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscCopy Gadget 10

Nero DiscCopyGadget 10 Help (CHM)

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10 Help (CHM)

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero RescueAgent 10 Help (CHM)

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

Norton Security Scan

NVIDIA Install Application

Origin

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Painel de controle da NVIDIA 320.49

PCSX2 - Playstation 2 Emulator

Picasa 3

PowerDVD

Pro Evolution Soccer 2009

Realtek High Definition Audio Driver

Sid Meier's Civilization IV

Sid Meier's Civilization V

Skype™ 6.16

Steam

swMSM

System Requirements Lab CYRI

TEW2005

The Sims™ 3

Updater

USB Disk Security

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

.

==== End Of File ===========================

 

 

 


 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro nando97

 

Quanto a dificuldade na postagem, o motivo era que nossos servidores estavam passando por uma manutenção. Agora, vamos nos concentrar neste tópico. ;)

 

Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Não é praxe nossa recomendar antivírus, isso é um gosto, ou teste, que deixamos para o usuário decidir, mas no seu caso recomendo fortemente que desinstale seu antivírus, e instale um outro.
 
Este link pode lhe ajudar na escolha: http://www.av-comparatives.org/
 
Me avise por qual trocou.
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro nando97

 

Não use o botão CITAR, somente se for extremamente necessário. ;)

 

Faça o donwload do OTL by OldTimer e salve em seu Desktop.
  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Deixe a tela principal configurada conforme figura abaixo:

5369448421_6bf795eb1a_b.jpg

  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg
netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sys/md5stop
  • Clique no botão 5370056362_e3d07d5d8a_m.jpg
Não interrompa o scan em hipótese alguma;
Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
Poste os dois logs em sua próxima resposta.
Não exclua o OTL

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTL:

 

OTL logfile created on: 10/07/2014 13:05:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\usuario\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,59% Memory free
4,00 Gb Paging File | 2,66 Gb Available in Paging File | 66,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 68,62 Gb Free Space | 29,48% Space Free | Partition Type: NTFS
Drive D: | 2,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MICRO | User Name: usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/10 13:04:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\usuario\Downloads\OTL.exe
PRC - [2014/06/30 18:46:50 | 001,753,280 | ---- | M] (Valve Corporation) -- C:\Arquivos de Programas\Steam\Steam.exe
PRC - [2014/06/13 07:56:22 | 001,704,296 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BavTray.exe
PRC - [2014/06/13 07:56:17 | 000,481,432 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe
PRC - [2014/06/13 07:56:10 | 002,038,248 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BAVSvc.exe
PRC - [2014/06/05 04:05:04 | 002,582,208 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFPopups.exe
PRC - [2014/06/05 04:04:58 | 000,699,376 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe
PRC - [2014/06/05 04:04:58 | 000,699,376 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PluginRemoverSvc.exe
PRC - [2014/06/05 04:04:58 | 000,699,376 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
PRC - [2014/06/05 04:04:58 | 000,699,376 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe
PRC - [2014/06/05 04:04:58 | 000,699,376 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe
PRC - [2014/06/04 22:45:58 | 001,355,456 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
PRC - [2014/04/29 11:11:28 | 001,270,352 | ---- | M] (BitTorrent Inc.) -- C:\Users\usuario\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/03 23:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Chrome\Application\chrome.exe
PRC - [2013/09/28 17:53:39 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2013/06/21 06:52:52 | 000,875,296 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/01/31 17:52:28 | 000,623,520 | ---- | M] (Zbshareware Lab) -- C:\Arquivos de Programas\USB Disk Security\USBGuard.exe
PRC - [2010/09/21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/13 22:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2006/10/26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Common Files\microsoft shared\VS7DEBUG\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/30 18:47:12 | 002,139,328 | ---- | M] () -- C:\Arquivos de Programas\Steam\video.dll
MOD - [2014/06/30 18:46:52 | 001,116,864 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\chromehtml.dll
MOD - [2014/06/26 19:40:28 | 000,764,416 | ---- | M] () -- C:\Arquivos de Programas\Steam\SDL2.dll
MOD - [2014/05/30 22:27:20 | 001,116,672 | ---- | M] () -- C:\Arquivos de Programas\Steam\libavcodec-55.dll
MOD - [2014/05/30 22:27:20 | 000,438,784 | ---- | M] () -- C:\Arquivos de Programas\Steam\libavutil-53.dll
MOD - [2014/05/30 22:27:20 | 000,399,360 | ---- | M] () -- C:\Arquivos de Programas\Steam\libavformat-55.dll
MOD - [2014/05/30 22:27:20 | 000,331,264 | ---- | M] () -- C:\Arquivos de Programas\Steam\libavresample-1.dll
MOD - [2014/05/01 20:35:22 | 020,628,160 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\libcef.dll
MOD - [2014/04/28 21:37:22 | 000,519,168 | ---- | M] () -- C:\Arquivos de Programas\Steam\libswscale-2.dll
MOD - [2013/12/03 23:47:11 | 000,702,416 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 23:47:11 | 000,099,792 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/06/14 20:49:12 | 001,100,800 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 20:49:12 | 000,192,000 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\avformat-53.dll
MOD - [2013/06/14 20:49:12 | 000,124,416 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\avutil-51.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/06/13 07:56:17 | 000,481,432 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe -- (BHipsSvc)
SRV - [2014/06/13 07:56:10 | 002,038,248 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BAVSvc.exe -- (BAVSvc)
SRV - [2014/06/05 04:04:58 | 000,699,376 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe -- (PCFasterSvc_{PCFaster_4.0.0.0})
SRV - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/07 09:26:06 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 22:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\usuario\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\BHipsEx.sys -- (BHipsEx)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a4ol1otd)
DRV - [2014/06/17 09:35:42 | 000,096,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\Spring.sys -- (Spring)
DRV - [2014/06/15 11:32:06 | 000,377,648 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Arquivos de Programas\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/06/13 07:03:37 | 000,157,504 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bprotect.sys -- (Bprotect)
DRV - [2014/05/29 07:09:46 | 000,103,744 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\BprotectEx.sys -- (BprotectEx)
DRV - [2014/05/27 03:19:38 | 000,070,496 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bnbasex.sys -- (Bnbase)
DRV - [2014/05/27 03:19:38 | 000,051,584 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bndef.sys -- (Bndef)
DRV - [2014/05/27 03:19:38 | 000,048,448 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfilter.sys -- (Bfilter)
DRV - [2014/05/27 03:19:38 | 000,029,504 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfmon.sys -- (Bfmon)
DRV - [2014/05/27 03:19:38 | 000,021,152 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BdCameraProtect.sys -- (BdCameraProtect)
DRV - [2014/05/07 01:09:26 | 000,121,184 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BdApiUtil.sys -- (BdApiUtil)
DRV - [2014/04/03 19:23:09 | 000,099,400 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2014/03/11 00:14:02 | 000,119,168 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys -- (PCFApiUtil)
DRV - [2014/03/11 00:14:02 | 000,047,456 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Bhbase.sys -- (Bhbase)
DRV - [2013/11/22 15:54:13 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/09/28 18:10:12 | 009,069,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/05/29 16:14:44 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/10/21 13:57:18 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:02:53 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009/07/13 19:02:47 | 000,029,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l260x86.sys -- (Atc002)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1366B34F-DFEC-E73F-486B-3CAAF29DB2BF}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 7E C4 F1 61 56 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/09/07 09:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
[2013/09/07 09:26:07 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Wallet = \Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2013/12/11 17:29:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4 - HKLM..\Run: [baidu Antivirus] C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe (Baidu, Inc.)
O4 - HKLM..\Run: [baidu PC Faster 4.0.0.0] C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe (Baidu Inc.)
O4 - HKLM..\Run: [uSB Security] C:\Arquivos de Programas\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [uTorrent] C:\Users\usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FA3F88A-DC53-4560-B6C9-2A15AAD45EAD}: DhcpNameServer = 200.165.132.155 200.165.132.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{540A17FC-8AD2-4C7D-82FD-298AA36D3526}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{540A17FC-8AD2-4C7D-82FD-298AA36D3526}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58E2182C-F1E6-4076-9458-F365FC8AA110}: DhcpNameServer = 200.165.132.155 200.165.132.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F226FB42-3848-4B5D-902C-3F962F8BB611}: DhcpNameServer = 200.165.132.155 200.165.132.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7E33999-1C4F-4264-89D1-BBEC036CACF8}: DhcpNameServer = 200.165.132.155 200.165.132.148
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/20 23:17:02 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: BavSvc - C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BAVSvc.exe (Baidu, Inc.)
SafeBootMin: Boot Bus estender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus estender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: BavSvc - C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BAVSvc.exe (Baidu, Inc.)
SafeBootNet: Boot Bus estender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus estender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {49C187D7-91E1-459E-9759-2925384BD397} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.iac2 - C:\\Windows\\system32\\iac25_32.ax ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msaudio1 - msaud32.acm File not found
Drivers32: msacm.msg723 - msg723.acm File not found
Drivers32: msacm.sl_anet - sl_anet.acm File not found
Drivers32: msacm.trspch - tssoft32.acm File not found
Drivers32: msacm.voxacm160 - vct3216.acm File not found
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll File not found
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: VIDC.I420 - i420vfw.dll File not found
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.M261 - msh261.drv File not found
Drivers32: vidc.M263 - msh263.drv File not found
Drivers32: vidc.mp42 - MPG4C32.dll File not found
Drivers32: VIDC.MSUD - msulvc05.dll File not found
Drivers32: VIDC.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: vidc.X264 - x264vfw.dll File not found
Drivers32: VIDC.YV12 - yv12vfw.dll File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/08 21:06:23 | 000,000,000 | ---D | C] -- C:\FLTK
[2014/07/08 21:06:23 | 000,000,000 | ---D | C] -- \FLTK
[2014/07/08 20:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2014/07/08 20:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2014/07/08 20:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2014/07/08 20:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TEA
[2014/07/08 20:25:04 | 000,000,000 | ---D | C] -- C:\TEA
[2014/07/08 20:25:04 | 000,000,000 | ---D | C] -- \TEA
[2014/07/05 17:06:28 | 000,104,960 | ---- | C] (GMER) -- C:\uxldypob.sys
[2014/06/29 23:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/06/21 20:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2014/06/21 20:45:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu
[2014/06/17 09:35:40 | 000,103,744 | ---- | C] (Baidu, Inc.) -- C:\Windows\System32\drivers\BprotectEx.sys
[2014/06/17 09:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
[2013/10/22 09:25:04 | 000,170,344 | ---- | C] (Baidu, Inc.) -- C:\ProgramData\FileSplitUpLoad.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/10 13:00:02 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/10 11:34:41 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/10 11:34:41 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/10 11:27:19 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/10 11:27:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/10 11:27:00 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/05 17:06:28 | 000,104,960 | ---- | M] (GMER) -- C:\uxldypob.sys
[2014/06/30 10:12:26 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for usuario.job
[2014/06/25 14:35:26 | 159,792,719 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/13 07:03:37 | 000,157,504 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\Bprotect.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/05 17:06:28 | 000,104,960 | ---- | C] () -- \uxldypob.sys
[2013/12/11 17:13:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/11 17:13:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/11 17:13:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/11 17:13:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/11 17:13:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/03 19:56:39 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2013/11/03 19:56:38 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2013/11/03 19:56:38 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2013/11/03 19:56:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2013/09/29 19:48:14 | 000,000,000 | ---- | C] () -- \asc_rdflag
[2013/09/28 18:48:08 | 005,479,244 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2013/09/28 18:48:06 | 000,576,929 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/09/28 17:46:17 | 000,268,968 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2013/09/04 13:09:59 | 000,000,029 | ---- | C] () -- C:\Windows\System32\config.ini
[2013/09/02 13:52:27 | 000,000,468 | RHS- | C] () -- C:\Users\usuario\ntuser.pol
[2013/08/11 20:11:47 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2013/08/11 20:11:47 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2011/12/13 08:10:28 | 1610,014,720 | -HS- | C] () -- \hiberfil.sys
[2009/07/13 23:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/13 23:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 22:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\erdnt\cache\netlogon.dll
[2009/07/13 22:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 22:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 22:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 22:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 22:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 22:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\erdnt\cache\scecli.dll
[2009/07/13 22:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 22:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< End of report >

Extras:

OTL Extras logfile created on: 10/07/2014 13:05:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\usuario\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,59% Memory free
4,00 Gb Paging File | 2,66 Gb Available in Paging File | 66,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 68,62 Gb Free Space | 29,48% Space Free | Partition Type: NTFS
Drive D: | 2,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MICRO | User Name: usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mega] -- "C:\Program Files\Megacubo\megacubo.exe" "%1"
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17DB6A13-5FEB-412D-A07D-0122275590AB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1887E862-C0A3-4BB1-8AE8-F24A80DF41D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19C81CCF-EDD5-42AD-AEBF-F245E739883B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{284B9D39-577D-4D73-82A1-3D064D623569}" = lport=139 | protocol=6 | dir=in | app=system | 
"{28735700-9BDD-47C0-A5BC-B94B7539C09E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4082676C-3904-41A1-9EB0-60B013CA856D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{458C760C-F70B-4ED7-A4D0-B5889297C27B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{488BA103-CCCE-40BF-B1ED-EA3DD2D5A24A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4DE48B65-51F8-4E49-9FB6-F4183AE0980D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{52A088D4-63FF-4783-AFDA-6F8587779EDD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5372BD2B-E086-4AA6-A8A3-2E190B95AF86}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{54435F4F-E064-43C4-B3DC-886C43C537E0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5996588F-F48C-40F8-84DA-740C1F203064}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{66CAF98F-BE80-4681-B173-9DC47A7DF4CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{778A2EF2-A5EA-43A8-96BA-4626122593A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{85D2A1D6-3482-423A-97DC-4C264AAEAC4D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8838CA3E-E367-4F95-AD09-15DA59C55E86}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{89BAE80F-0816-4108-AC7D-2D6019B4C71E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8FAF8868-02DD-4223-9088-82231CEFE56D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9FB25BB0-021F-4200-A168-86C75055E924}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B40D4C5E-6BE5-4D4B-955C-E206992C695F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{B421BFBF-C185-4462-8173-79312E3B4E94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9D3FFDB-9B8B-4164-B549-C6E69ED0C683}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DACDFC53-C1A3-4576-AA38-209DA256BAF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0484B98F-C48C-4537-BAAB-6C16DCDC7345}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2014 editor\editor.exe | 
"{05A6910B-B9C3-414F-9B17-247BF08E3CFF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2013 editor\editor.exe | 
"{0C19B749-75D4-4ED8-AED5-87EE4BDD3B90}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{1C01ECC9-A049-4600-AF71-0E1A47F95544}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{206F76BD-5002-4828-A033-760351862CAB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | 
"{28059001-24B2-406D-B8D4-865275E02881}" = protocol=6 | dir=in | app=c:\users\usuario\appdata\roaming\utorrent\utorrent.exe | 
"{2FC656FD-4762-4FA9-9DD7-02DD6244BD71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3181106D-78FF-4A48-A9B4-0704F6B394A6}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa world\fifaworld.exe | 
"{346E630B-93A1-4537-9810-94BADA4F2F56}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{3D4ACF66-8E10-4F63-97F1-88B3DD2F51E1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{46699EDD-EE8E-4F39-A13A-8EA1135AADA6}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa world\fifaworld.exe | 
"{4E20F463-04B8-4437-9586-E8FEDBE5EF54}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2013 editor\editor.exe | 
"{51F3AA86-B9B1-41C2-BA73-4325C42A341D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe | 
"{5667F0AE-E4C8-4239-859F-44907C35A8B5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5ACB7B7F-C65F-40D2-824B-B018585EC054}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{604548E7-4ED1-4B2F-8271-C0F51B9394B5}" = protocol=17 | dir=in | app=c:\users\usuario\desktop\pes 2009\pes2009.exe | 
"{66956678-DD37-4CDF-BD7D-5167CE5F41DE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{68370841-93D1-4440-9A9F-3D99C9866BDF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{686B2957-9897-4E55-8879-1E353120ACC5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | 
"{6921B534-0000-4684-9FAF-E524FF724A82}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2014\fm.exe | 
"{6DB38C83-B56A-49A6-A550-5DAC2A1DF8CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2014 editor\editor.exe | 
"{750574B8-5397-4D0A-81C7-D45B148250DA}" = protocol=17 | dir=in | app=c:\users\usuario\appdata\roaming\utorrent\utorrent.exe | 
"{761DFEBD-6C21-4C5B-BAE5-6069B2B578D7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{76CD01B3-45EE-43F3-A945-59AADC7D6BAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{806AD124-878A-4684-ADB8-8BB7128D87A6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{817863AD-2C31-42BB-80AD-33A52A27CAD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{877A1709-5C29-420F-84A3-E41546F57B61}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{8CBE0B36-908E-4B99-BCB6-92F368F8787E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D213767-3E2B-4345-95A7-2DD82524D0BE}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"{912E20C3-14C7-484C-A0F5-40E6F2BC5313}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\dvd9\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"{92277E57-4DFD-4716-BA96-7F524F2B9505}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{971578EC-B52C-480A-A0EE-A233E83429F0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{9788BCAD-BE49-4005-AAAB-383D772ED302}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"{99C2BA52-2CC4-4E5D-A716-B615CFFABB15}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe | 
"{9CFA73ED-C58D-434D-A1B3-1AB8642671F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F6AA9C0-7696-4B9D-8161-604CDBA2FBB5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2013\fm.exe | 
"{A0082B07-4990-492B-9E55-299E77A03483}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A3158D3D-F902-424F-8B04-0B753A434EDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3A46465-56CE-4A21-AAFB-7B6646827B2D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{A5EAEC41-64B8-48E1-8DB3-123BCA4EF818}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{A8C72021-3CA7-4E9E-BBDC-66929A2F9117}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B1855755-677E-4F93-B4BA-55DB59E21848}" = protocol=17 | dir=in | app=c:\users\usuario\appdata\roaming\utorrent\utorrent.exe | 
"{B2C76720-1A3B-4225-8910-FE0B1868B976}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B6BC5FBA-B94F-4F8B-ACA7-53EC7FC65DF8}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\dvd9\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"{BF6C67FF-22EC-4E76-A772-F99AD3A49F3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0B97975-D197-40C3-892C-98F1C708A072}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C67063BA-274D-4896-8E89-5B46D271877B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe | 
"{C737CC4C-1D46-4AC7-96B0-4788180BF9BB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C739762F-D186-4436-BBBA-117E352EA8F6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2013\fm.exe | 
"{CC7ED2D7-A6BA-4503-8093-09600359E0DB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D73B3F33-E051-49A5-A3E5-DDBDE08B4606}" = protocol=6 | dir=in | app=c:\users\usuario\desktop\pes 2009\pes2009.exe | 
"{DA2BA630-1106-4087-B294-4F2707DAD18F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DC3CC270-4026-499F-BCB4-591B647C6298}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E2151181-125C-4485-9564-C73231A55855}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E7947574-5EBC-4B58-ABD9-2E5D2A261A23}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{E82E0C03-6DE8-4F61-B78E-BE653DE133A8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E8F1EF50-758C-4196-8238-470789284BAC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe | 
"{ED9D2B11-A9F9-445E-B958-E77AE6A2A2A7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{EEE70A4D-143A-43EC-93ED-B8CADD36A17F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{EF92ADB6-D26A-416D-A05F-F1C4B56E911F}" = protocol=6 | dir=in | app=c:\users\usuario\appdata\roaming\utorrent\utorrent.exe | 
"{F11E3434-ED0B-42F1-8632-8226FCF5010C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5331453-EF35-4025-B1B6-E20F1217F2A0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2014\fm.exe | 
"{FA44C105-B671-445D-9968-B9A078D81E9E}" = protocol=6 | dir=out | app=system | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}" = EA Sports™ FIFA World
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Português
"{AC99E18E-9237-4D7C-8FC2-472A46B84B20}_is1" = FMB Update versão 1.5
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Age of Empires II HD 2.6" = Age of Empires II HD 2.6
"Any Video Converter_is1" = Any Video Converter 5.0.9
"Baidu Antivirus" = Baidu Antivirus
"Baidu PC Faster 4.0.0.0" = Baidu PC Faster
"CCleaner" = CCleaner
"Cities XL 2012" = Cities XL 2012
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVDFab 8_is1" = DVDFab 8.0.0.5 (25/08/2010)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FM Genie Scout 13_is1" = FM Genie Scout 13 version 1.0 13.3.3
"Game Dev Tycoon v1.3.91.3.9" = Game Dev Tycoon v1.3.9
"Google Chrome" = Google Chrome
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"InternetUpdater" = Internet Updater
"jdownloader2" = JDownloader 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.2.0 Full
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Mozilla Firefox 23.0.1 (x86 pt-BR)" = Mozilla Firefox 23.0.1 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"Origin" = Origin
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"Picasa 3" = Picasa 3
"Steam App 207890" = Football Manager 2013
"Steam App 220600" = Football Manager 2013 Editor
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 231670" = Football Manager 2014
"Steam App 242460" = Football Manager 2014 Editor
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 570" = Dota 2
"Steam App 8930" = Sid Meier's Civilization V
"TEW2005" = TEW2005
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06/07/2014 21:31:08 | Computer Name = micro | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 06/07/2014 21:36:59 | Computer Name = micro | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 06/07/2014 21:45:23 | Computer Name = micro | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 07/07/2014 08:56:29 | Computer Name = micro | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = O Windows não pode carregar o arquivo de Registro de classes.   DETALHE
 - O sistema não pode encontrar o arquivo especificado.  
 
Error - 08/07/2014 06:11:44 | Computer Name = micro | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = O Windows não pode carregar o arquivo de Registro de classes.   DETALHE
 - O sistema não pode encontrar o arquivo especificado.  
 
Error - 08/07/2014 17:50:45 | Computer Name = micro | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = O Windows não pode carregar o arquivo de Registro de classes.   DETALHE
 - O sistema não pode encontrar o arquivo especificado.  
 
Error - 09/07/2014 11:47:51 | Computer Name = micro | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = O Windows não pode carregar o arquivo de Registro de classes.   DETALHE
 - O sistema não pode encontrar o arquivo especificado.  
 
Error - 09/07/2014 16:12:01 | Computer Name = micro | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "c:\program files\baidu
 security\baidu antivirus\CrashReport64.exe".   Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 não pôde ser localizado.  Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.
 
Error - 09/07/2014 19:22:42 | Computer Name = micro | Source = Application Hang | ID = 1002
Description = O programa fm.exe versão 14.3.1.28944 parou de interagir com o Windows
 e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
 o histórico de problemas no painel de controle da Central de Ações.    ID de Processo:
 1550    Hora de Início: 01cf9bc8dbde7120    Hora de Término: 573    Caminho do Aplicativo: 
C:\Program Files\Steam\steamapps\common\Football Manager 2014\fm.exe    Id do Relatório:
 e6ebad81-07bf-11e4-8840-001fc6b8801a  
 
Error - 10/07/2014 10:27:10 | Computer Name = micro | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = O Windows não pode carregar o arquivo de Registro de classes.   DETALHE
 - O sistema não pode encontrar o arquivo especificado.  
 
[ System Events ]
Error - 09/07/2014 23:17:57 | Computer Name = micro | Source = Service Control Manager | ID = 7023
Description = O serviço Protocolo PNRP terminou com o erro:   %%-2140993535
 
Error - 10/07/2014 10:28:05 | Computer Name = micro | Source = PNRPSvc | ID = 102
Description = 
 
Error - 10/07/2014 10:28:05 | Computer Name = micro | Source = Service Control Manager | ID = 7001
Description = O serviço Agrupamento de Rede de Mesmo Nível depende do serviço Protocolo
 PNRP, mas não foi possível iniciá-lo devido ao seguinte erro:   %%-2140993535
 
Error - 10/07/2014 10:28:05 | Computer Name = micro | Source = Service Control Manager | ID = 7023
Description = O serviço Protocolo PNRP terminou com o erro:   %%-2140993535
 
Error - 10/07/2014 10:28:15 | Computer Name = micro | Source = PNRPSvc | ID = 102
Description = 
 
Error - 10/07/2014 10:28:15 | Computer Name = micro | Source = PNRPSvc | ID = 102
Description = 
 
Error - 10/07/2014 10:28:15 | Computer Name = micro | Source = Service Control Manager | ID = 7023
Description = O serviço Protocolo PNRP terminou com o erro:   %%-2140993535
 
Error - 10/07/2014 10:28:15 | Computer Name = micro | Source = Service Control Manager | ID = 7001
Description = O serviço Agrupamento de Rede de Mesmo Nível depende do serviço Protocolo
 PNRP, mas não foi possível iniciá-lo devido ao seguinte erro:   %%-2140993535
 
Error - 10/07/2014 10:28:15 | Computer Name = micro | Source = Service Control Manager | ID = 7023
Description = O serviço Protocolo PNRP terminou com o erro:   %%-2140993535
 
Error - 10/07/2014 10:28:15 | Computer Name = micro | Source = Service Control Manager | ID = 7001
Description = O serviço Agrupamento de Rede de Mesmo Nível depende do serviço Protocolo
 PNRP, mas não foi possível iniciá-lo devido ao seguinte erro:   %%-2140993535
 
 
< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro nando97

 

Preciso que refaça os logs do OTL. Note que pedi para que o mesmo fosse executado do Desktop, no entanto você executou da pasta Folder = C:\Users\usuario\Downloads

 

Passe-o para o Desktop, refaça o scan... aguardo os logs.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Realmente, o DDS e Attach também fora na página download.
Vou ter que refazer eles tmbém?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, peço desculpas.

 

Fui postar os logs deu isso:

 

Ocorreu um erro

post_too_long

Compartilhar este post


Link para o post
Compartilhar em outros sites
OTL logfile created on: 12/07/2014 12:27:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\usuario\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 71,78% Memory free
4,00 Gb Paging File | 3,09 Gb Available in Paging File | 77,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 68,01 Gb Free Space | 29,22% Space Free | Partition Type: NTFS
Drive D: | 2,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MICRO | User Name: usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/11 21:53:22 | 001,753,280 | ---- | M] (Valve Corporation) -- C:\Arquivos de Programas\Steam\Steam.exe
PRC - [2014/07/10 19:43:37 | 001,436,352 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
PRC - [2014/07/10 19:43:03 | 002,633,408 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFPopups.exe
PRC - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe
PRC - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PluginRemoverSvc.exe
PRC - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
PRC - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe
PRC - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe
PRC - [2014/07/10 13:04:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\usuario\Desktop\OTL.exe
PRC - [2014/06/30 23:14:18 | 000,550,432 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe
PRC - [2014/06/30 23:14:10 | 001,795,104 | ---- | M] () -- C:\Arquivos de Programas\Baidu Security\PC App Store\4.5.1.6176\AppStoreUtilExe.exe
PRC - [2014/06/13 07:56:22 | 001,704,296 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BavTray.exe
PRC - [2014/06/13 07:56:17 | 000,481,432 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe
PRC - [2014/06/13 07:56:10 | 002,038,248 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BAVSvc.exe
PRC - [2014/04/29 11:11:28 | 001,270,352 | ---- | M] (BitTorrent Inc.) -- C:\Users\usuario\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/28 17:53:39 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2013/06/21 06:52:52 | 000,875,296 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/01/31 17:52:28 | 000,623,520 | ---- | M] (Zbshareware Lab) -- C:\Arquivos de Programas\USB Disk Security\USBGuard.exe
PRC - [2010/09/21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/13 22:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 22:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2006/10/26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Common Files\microsoft shared\VS7DEBUG\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/11 21:53:40 | 002,139,328 | ---- | M] () -- C:\Arquivos de Programas\Steam\video.dll
MOD - [2014/07/11 21:53:26 | 001,116,672 | ---- | M] () -- C:\Arquivos de Programas\Steam\libavcodec-55.dll
MOD - [2014/07/11 21:53:26 | 000,438,784 | ---- | M] () -- C:\Arquivos de Programas\Steam\libavutil-53.dll
MOD - [2014/07/11 21:53:26 | 000,399,360 | ---- | M] () -- C:\Arquivos de Programas\Steam\libavformat-55.dll
MOD - [2014/07/11 21:53:26 | 000,331,264 | ---- | M] () -- C:\Arquivos de Programas\Steam\libavresample-1.dll
MOD - [2014/07/11 21:53:24 | 001,116,864 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\chromehtml.dll
MOD - [2014/07/10 19:50:27 | 002,255,040 | ---- | M] () -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\skiax.dll
MOD - [2014/06/30 23:14:30 | 000,517,152 | ---- | M] () -- C:\Arquivos de Programas\Baidu Security\PC App Store\4.5.1.6176\sqlite.dll
MOD - [2014/06/30 23:14:10 | 001,795,104 | ---- | M] () -- C:\Arquivos de Programas\Baidu Security\PC App Store\4.5.1.6176\AppStoreUtilExe.exe
MOD - [2014/06/26 19:40:28 | 000,764,416 | ---- | M] () -- C:\Arquivos de Programas\Steam\SDL2.dll
MOD - [2014/05/01 20:35:22 | 020,628,160 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\libcef.dll
MOD - [2014/04/28 21:37:22 | 000,519,168 | ---- | M] () -- C:\Arquivos de Programas\Steam\libswscale-2.dll
MOD - [2005/10/07 14:05:32 | 000,125,440 | ---- | M] () -- C:\Arquivos de Programas\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe -- (PCFasterSvc_{PCFaster_4.0.0.0})
SRV - [2014/06/30 23:14:18 | 000,550,432 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe -- (PCAppStoreSvc_{PCAppStore_4.5.1.6176})
SRV - [2014/06/13 07:56:17 | 000,481,432 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe -- (BHipsSvc)
SRV - [2014/06/13 07:56:10 | 002,038,248 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BAVSvc.exe -- (BAVSvc)
SRV - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/07 09:26:06 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 22:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\usuario\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\BHipsEx.sys -- (BHipsEx)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (athwocd9)
DRV - [2014/07/10 19:42:06 | 000,119,168 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys -- (PCFApiUtil)
DRV - [2014/07/10 19:30:10 | 000,111,424 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\BProtectEx.sys -- (BprotectEx)
DRV - [2014/06/17 09:35:42 | 000,096,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\Spring.sys -- (Spring)
DRV - [2014/06/15 11:32:06 | 000,377,648 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Arquivos de Programas\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/06/13 07:03:37 | 000,157,504 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bprotect.sys -- (Bprotect)
DRV - [2014/05/27 03:19:38 | 000,070,496 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bnbasex.sys -- (Bnbase)
DRV - [2014/05/27 03:19:38 | 000,051,584 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bndef.sys -- (Bndef)
DRV - [2014/05/27 03:19:38 | 000,048,448 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfilter.sys -- (Bfilter)
DRV - [2014/05/27 03:19:38 | 000,029,504 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfmon.sys -- (Bfmon)
DRV - [2014/05/27 03:19:38 | 000,021,152 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BdCameraProtect.sys -- (BdCameraProtect)
DRV - [2014/05/07 01:09:26 | 000,121,184 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BdApiUtil.sys -- (BdApiUtil)
DRV - [2014/04/03 19:23:09 | 000,099,400 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2014/03/11 00:14:02 | 000,047,456 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Bhbase.sys -- (Bhbase)
DRV - [2013/11/22 15:54:13 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/09/28 18:10:12 | 009,069,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/05/29 16:14:44 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/10/21 13:57:18 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:02:53 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009/07/13 19:02:47 | 000,029,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l260x86.sys -- (Atc002)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1366B34F-DFEC-E73F-486B-3CAAF29DB2BF}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3177980481-815283071-542161974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3177980481-815283071-542161974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3177980481-815283071-542161974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3177980481-815283071-542161974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-3177980481-815283071-542161974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 7E C4 F1 61 56 CF 01  [binary data]
IE - HKU\S-1-5-21-3177980481-815283071-542161974-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3177980481-815283071-542161974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/09/07 09:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
[2013/09/07 09:26:07 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Wallet = \Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2013/12/11 17:29:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4 - HKLM..\Run: [baidu Antivirus] C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe (Baidu, Inc.)
O4 - HKLM..\Run: [baidu PC Faster 4.0.0.0] C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe (Baidu Inc.)
O4 - HKLM..\Run: [uSB Security] C:\Arquivos de Programas\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKU\S-1-5-21-3177980481-815283071-542161974-1000..\Run: [uTorrent] C:\Users\usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Administrador\AppData [2014/01/26 16:56:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\4ced626bc779544a [2014/02/07 15:32:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2013/06/14 12:58:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Auslogics [2013/11/23 13:02:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Avira [2013/08/17 16:17:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Baidu [2014/07/09 17:45:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Baidu Security [2014/05/08 14:08:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2011/12/13 09:50:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Dados de aplicativos [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2013/05/29 16:16:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documentos [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\DSS [2013/10/15 19:04:10 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\EA Core [2013/11/16 20:47:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Electronic Arts [2013/10/11 12:02:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favoritos [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FileSplitUpLoad.dll (Baidu, Inc.)
O4 - Startup: C:\Users\All Users\InstallMate [2014/01/26 16:55:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\IObit [2014/01/20 18:54:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Kaspersky Lab [2013/08/31 18:07:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\KONAMI [2014/05/10 15:58:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Log [2014/01/30 13:07:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2013/08/17 20:50:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Menu Iniciar [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Microsoft [2013/12/11 17:13:36 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2011/12/13 09:11:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Modelos [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Mozilla [2002/01/01 02:56:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nero [2011/12/13 09:30:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2014/07/09 17:45:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2014/04/09 12:00:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ntuser.dat ()
O4 - Startup: C:\Users\All Users\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\All Users\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\All Users\ntuser.dat{1785aa86-1275-11e3-bcce-001fc6b8801a}.TM.blf ()
O4 - Startup: C:\Users\All Users\ntuser.dat{1785aa86-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\All Users\ntuser.dat{1785aa86-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\All Users\ntuser.dat{1785aa95-1275-11e3-bcce-001fc6b8801a}.TM.blf ()
O4 - Startup: C:\Users\All Users\ntuser.dat{1785aa95-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\All Users\ntuser.dat{1785aa95-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\All Users\NVIDIA [2013/09/28 18:12:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NVIDIA Corporation [2013/09/28 18:11:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Origin [2014/06/01 01:54:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Package Cache [2013/12/04 08:38:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PopCap Games [2013/06/10 12:56:07 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2014/06/29 23:50:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2013/09/28 20:12:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2011/12/13 09:02:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2013/10/28 09:03:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SystemRequirementsLab [2013/10/17 21:01:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Zbshareware Lab [2011/12/13 12:29:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} [2013/09/28 17:45:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Convidado\AppData [2014/01/26 16:56:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Ambiente de impressão [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Ambiente de rede [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009/07/13 23:37:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Configurações locais [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Dados de aplicativos [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009/07/13 23:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2011/12/13 08:14:51 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009/07/13 23:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2009/07/13 23:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009/07/13 23:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Menu Iniciar [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Meus documentos [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Modelos [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009/07/13 23:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009/07/13 23:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009/07/13 23:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009/07/13 23:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\HomeGroupUser$\AppData [2014/01/26 16:56:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\AppData [2013/12/11 17:34:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Desktop [2014/06/11 21:54:26 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2014/06/21 20:45:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2014/04/09 12:16:36 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009/07/13 23:04:25 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2013/05/19 14:24:51 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009/07/14 01:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\ntuser.dat ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Public\ntuser.dat{1785aa8d-1275-11e3-bcce-001fc6b8801a}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{1785aa8d-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{1785aa8d-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{1785aa9c-1275-11e3-bcce-001fc6b8801a}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{1785aa9c-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{1785aa9c-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\Pictures [2009/07/14 01:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2009/07/14 05:52:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009/07/14 01:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Todos os Usuários\4ced626bc779544a [2014/02/07 15:32:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Adobe [2013/06/14 12:58:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Application Data [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\Auslogics [2013/11/23 13:02:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Avira [2013/08/17 16:17:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Baidu [2014/07/09 17:45:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Baidu Security [2014/05/08 14:08:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\CyberLink [2011/12/13 09:50:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Dados de aplicativos [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\DAEMON Tools Lite [2013/05/29 16:16:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Desktop [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\Documentos [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\Documents [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\DSS [2013/10/15 19:04:10 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\EA Core [2013/11/16 20:47:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Electronic Arts [2013/10/11 12:02:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Favorites [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\Favoritos [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\FileSplitUpLoad.dll (Baidu, Inc.)
O4 - Startup: C:\Users\Todos os Usuários\InstallMate [2014/01/26 16:55:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\IObit [2014/01/20 18:54:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Kaspersky Lab [2013/08/31 18:07:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\KONAMI [2014/05/10 15:58:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Log [2014/01/30 13:07:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Malwarebytes [2013/08/17 20:50:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Menu Iniciar [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\Microsoft [2013/12/11 17:13:36 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\Todos os Usuários\Microsoft Help [2011/12/13 09:11:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Modelos [2011/12/13 08:14:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\Mozilla [2002/01/01 02:56:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Nero [2011/12/13 09:30:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Norton [2014/07/09 17:45:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\NortonInstaller [2014/04/09 12:00:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\ntuser.dat ()
O4 - Startup: C:\Users\Todos os Usuários\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Todos os Usuários\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Todos os Usuários\ntuser.dat{1785aa86-1275-11e3-bcce-001fc6b8801a}.TM.blf ()
O4 - Startup: C:\Users\Todos os Usuários\ntuser.dat{1785aa86-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Todos os Usuários\ntuser.dat{1785aa86-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Todos os Usuários\ntuser.dat{1785aa95-1275-11e3-bcce-001fc6b8801a}.TM.blf ()
O4 - Startup: C:\Users\Todos os Usuários\ntuser.dat{1785aa95-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Todos os Usuários\ntuser.dat{1785aa95-1275-11e3-bcce-001fc6b8801a}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Todos os Usuários\NVIDIA [2013/09/28 18:12:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\NVIDIA Corporation [2013/09/28 18:11:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Origin [2014/06/01 01:54:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Package Cache [2013/12/04 08:38:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\PopCap Games [2013/06/10 12:56:07 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Skype [2014/06/29 23:50:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Spybot - Search & Destroy [2013/09/28 20:12:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Start Menu [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\Sun [2011/12/13 09:02:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Symantec [2013/10/28 09:03:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\SystemRequirementsLab [2013/10/17 21:01:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\Templates [2009/07/14 01:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Todos os Usuários\Zbshareware Lab [2011/12/13 12:29:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Todos os Usuários\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} [2013/09/28 17:45:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\usuario\.gimp-2.8 [2013/11/02 18:04:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\usuario\.swt [2013/08/30 20:16:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\usuario\.thumbnails [2013/11/02 18:03:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\usuario\a.txt ()
O4 - Startup: C:\Users\usuario\aaaaaaaaa.txt ()
O4 - Startup: C:\Users\usuario\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt ()
O4 - Startup: C:\Users\usuario\aas.txt ()
O4 - Startup: C:\Users\usuario\Ambiente de impressão [2011/12/13 08:15:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\usuario\Ambiente de rede [2011/12/13 08:15:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\usuario\AppData [2011/12/13 08:15:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\usuario\asssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss.txt ()
O4 - Startup: C:\Users\usuario\azd.txt ()
O4 - Startup: C:\Users\usuario\Configurações locais [2011/12/13 08:15:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\usuario\Contacts [2014/01/20 18:24:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\usuario\Cookies [2011/12/13 08:15:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\usuario\Dados de aplicativos [2011/12/13 08:15:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\usuario\dasz.txt ()
O4 - Startup: C:\Users\usuario\Desktop [2014/07/12 12:25:51 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\usuario\Documents [2014/07/10 12:39:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\usuario\Downloads [2014/07/12 12:25:51 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\usuario\Favorites [2014/01/20 18:24:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\usuario\fla.txt ()
O4 - Startup: C:\Users\usuario\Links [2014/01/20 18:24:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\usuario\Local Settings [2013/11/17 18:29:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\usuario\Menu Iniciar [2011/12/13 08:15:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\usuario\Meus documentos [2011/12/13 08:15:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\usuario\Modelos [2011/12/13 08:15:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\usuario\Music [2014/01/20 18:24:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\usuario\ntuser.dat ()
O4 - Startup: C:\Users\usuario\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\usuario\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\usuario\ntuser.dat{54085dd7-0780-11e4-8840-001fc6b8801a}.TM.blf ()
O4 - Startup: C:\Users\usuario\ntuser.dat{54085dd7-0780-11e4-8840-001fc6b8801a}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\usuario\ntuser.dat{54085dd7-0780-11e4-8840-001fc6b8801a}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\usuario\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\usuario\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\usuario\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\usuario\ntuser.dat{f034f2b8-8088-11e3-b952-001fc6b8801a}.TM.blf ()
O4 - Startup: C:\Users\usuario\ntuser.dat{f034f2b8-8088-11e3-b952-001fc6b8801a}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\usuario\ntuser.dat{f034f2b8-8088-11e3-b952-001fc6b8801a}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\usuario\ntuser.ini ()
O4 - Startup: C:\Users\usuario\ntuser.pol ()
O4 - Startup: C:\Users\usuario\numero do pedido.txt ()
O4 - Startup: C:\Users\usuario\Pictures [2014/06/29 20:00:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\usuario\Recent [2011/12/13 08:15:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\usuario\Saved Games [2014/01/20 18:24:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\usuario\Searches [2014/01/30 13:23:26 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\usuario\SendTo [2011/12/13 08:15:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\usuario\Thumbs.db ()
O4 - Startup: C:\Users\usuario\Tracing [2013/08/31 18:34:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\usuario\Videos [2014/01/20 18:24:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\usuario\werder.txt ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3177980481-815283071-542161974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKU\S-1-5-21-3177980481-815283071-542161974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FA3F88A-DC53-4560-B6C9-2A15AAD45EAD}: DhcpNameServer = 200.165.132.155 200.165.132.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{540A17FC-8AD2-4C7D-82FD-298AA36D3526}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{540A17FC-8AD2-4C7D-82FD-298AA36D3526}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58E2182C-F1E6-4076-9458-F365FC8AA110}: DhcpNameServer = 200.165.132.155 200.165.132.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F226FB42-3848-4B5D-902C-3F962F8BB611}: DhcpNameServer = 200.165.132.155 200.165.132.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7E33999-1C4F-4264-89D1-BBEC036CACF8}: DhcpNameServer = 200.165.132.155 200.165.132.148
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/20 23:17:02 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: BavSvc - C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BAVSvc.exe (Baidu, Inc.)
SafeBootMin: Boot Bus estender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus estender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: BavSvc - C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BAVSvc.exe (Baidu, Inc.)
SafeBootNet: Boot Bus estender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus estender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {49C187D7-91E1-459E-9759-2925384BD397} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.iac2 - C:\\Windows\\system32\\iac25_32.ax ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msaudio1 - msaud32.acm File not found
Drivers32: msacm.msg723 - msg723.acm File not found
Drivers32: msacm.sl_anet - sl_anet.acm File not found
Drivers32: msacm.trspch - tssoft32.acm File not found
Drivers32: msacm.voxacm160 - vct3216.acm File not found
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll File not found
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: VIDC.I420 - i420vfw.dll File not found
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.M261 - msh261.drv File not found
Drivers32: vidc.M263 - msh263.drv File not found
Drivers32: vidc.mp42 - MPG4C32.dll File not found
Drivers32: VIDC.MSUD - msulvc05.dll File not found
Drivers32: VIDC.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: vidc.X264 - x264vfw.dll File not found
Drivers32: VIDC.YV12 - yv12vfw.dll File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/08 21:06:23 | 000,000,000 | ---D | C] -- C:\FLTK
[2014/07/08 21:06:23 | 000,000,000 | ---D | C] -- \FLTK
[2014/07/08 20:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2014/07/08 20:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2014/07/08 20:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2014/07/08 20:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TEA
[2014/07/08 20:25:04 | 000,000,000 | ---D | C] -- C:\TEA
[2014/07/08 20:25:04 | 000,000,000 | ---D | C] -- \TEA
[2014/07/05 17:06:28 | 000,104,960 | ---- | C] (GMER) -- C:\uxldypob.sys
[2014/06/29 23:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/06/21 20:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2014/06/21 20:45:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu
[2014/06/17 09:35:40 | 000,111,424 | ---- | C] (Baidu, Inc.) -- C:\Windows\System32\drivers\BProtectEx.sys
[2014/06/17 09:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
[2013/10/22 09:25:04 | 000,170,344 | ---- | C] (Baidu, Inc.) -- C:\ProgramData\FileSplitUpLoad.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/12 12:09:37 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/12 12:09:37 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/12 12:02:33 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/12 12:02:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/12 12:02:01 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/12 00:00:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/10 19:30:10 | 000,111,424 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\BProtectEx.sys
[2014/07/05 17:06:28 | 000,104,960 | ---- | M] (GMER) -- C:\uxldypob.sys
[2014/06/30 10:12:26 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for usuario.job
[2014/06/25 14:35:26 | 159,792,719 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/13 07:03:37 | 000,157,504 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\Bprotect.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/05 17:06:28 | 000,104,960 | ---- | C] () -- \uxldypob.sys
[2013/12/11 17:13:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/11 17:13:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/11 17:13:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/11 17:13:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/11 17:13:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/03 19:56:39 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2013/11/03 19:56:38 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2013/11/03 19:56:38 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2013/11/03 19:56:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2013/09/29 19:48:14 | 000,000,000 | ---- | C] () -- \asc_rdflag
[2013/09/28 18:48:08 | 005,479,244 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2013/09/28 18:48:06 | 000,576,929 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/09/28 17:46:17 | 000,268,968 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2013/09/04 13:09:59 | 000,000,029 | ---- | C] () -- C:\Windows\System32\config.ini
[2013/09/02 13:52:27 | 000,000,468 | RHS- | C] () -- C:\Users\usuario\ntuser.pol
[2013/08/11 20:11:47 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2013/08/11 20:11:47 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2011/12/13 08:10:28 | 1610,014,720 | -HS- | C] () -- \hiberfil.sys
[2009/07/13 23:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/13 23:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/01/26 16:56:13 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData
[2014/02/07 15:32:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\4ced626bc779544a
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2013/11/23 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Auslogics
[2014/07/09 17:45:21 | 000,000,000 | ---D | M] -- C:\Users\All Users\Baidu
[2014/05/08 14:08:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\Baidu Security
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dados de aplicativos
[2013/05/29 16:16:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documentos
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2013/10/15 19:04:10 | 000,000,000 | -HSD | M] -- C:\Users\All Users\DSS
[2013/11/16 20:47:04 | 000,000,000 | ---D | M] -- C:\Users\All Users\EA Core
[2013/10/11 12:02:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoritos
[2014/01/26 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\InstallMate
[2014/01/20 18:54:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\IObit
[2014/05/10 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\KONAMI
[2014/01/30 13:07:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\Log
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Menu Iniciar
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Modelos
[2014/06/01 01:54:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\Origin
[2013/12/04 08:38:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Package Cache
[2013/06/10 12:56:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\PopCap Games
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2013/10/17 21:01:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\SystemRequirementsLab
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2011/12/13 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\Zbshareware Lab
[2013/09/28 17:45:24 | 000,000,000 | ---D | M] -- C:\Users\All Users\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2014/01/26 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Convidado\AppData
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Ambiente de impressão
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Ambiente de rede
[2009/07/13 23:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Configurações locais
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Dados de aplicativos
[2009/07/13 23:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2011/12/13 08:14:51 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/13 23:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2009/07/13 23:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/13 23:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Menu Iniciar
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Meus documentos
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Default\Modelos
[2009/07/13 23:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009/07/13 23:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/13 23:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/13 23:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2014/01/26 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\HomeGroupUser$\AppData
[2013/12/11 17:34:33 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2014/06/11 21:54:26 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2014/06/21 20:45:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2014/04/09 12:16:36 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/13 23:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2013/05/19 14:24:51 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/07/14 01:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009/07/14 01:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2009/07/14 05:52:54 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2009/07/14 01:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2014/02/07 15:32:03 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\4ced626bc779544a
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\Application Data
[2013/11/23 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\Auslogics
[2014/07/09 17:45:21 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\Baidu
[2014/05/08 14:08:36 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\Baidu Security
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\Dados de aplicativos
[2013/05/29 16:16:29 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\DAEMON Tools Lite
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\Desktop
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\Documentos
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\Documents
[2013/10/15 19:04:10 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\DSS
[2013/11/16 20:47:04 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\EA Core
[2013/10/11 12:02:22 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\Electronic Arts
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\Favorites
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\Favoritos
[2014/01/26 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\InstallMate
[2014/01/20 18:54:29 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\IObit
[2014/05/10 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\KONAMI
[2014/01/30 13:07:56 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\Log
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\Menu Iniciar
[2011/12/13 08:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\Modelos
[2014/06/01 01:54:39 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\Origin
[2013/12/04 08:38:08 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\Package Cache
[2013/06/10 12:56:07 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\PopCap Games
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\Start Menu
[2013/10/17 21:01:36 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\SystemRequirementsLab
[2009/07/14 01:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Todos os Usuários\Templates
[2011/12/13 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\Zbshareware Lab
[2013/09/28 17:45:24 | 000,000,000 | ---D | M] -- C:\Users\Todos os Usuários\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/11/02 18:04:29 | 000,000,000 | ---D | M] -- C:\Users\usuario\.gimp-2.8
[2013/08/30 20:16:37 | 000,000,000 | ---D | M] -- C:\Users\usuario\.swt
[2013/11/02 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\usuario\.thumbnails
[2011/12/13 08:15:00 | 000,000,000 | -HSD | M] -- C:\Users\usuario\Ambiente de impressão
[2011/12/13 08:15:00 | 000,000,000 | -HSD | M] -- C:\Users\usuario\Ambiente de rede
[2011/12/13 08:15:00 | 000,000,000 | -H-D | M] -- C:\Users\usuario\AppData
[2011/12/13 08:15:00 | 000,000,000 | -HSD | M] -- C:\Users\usuario\Configurações locais
[2014/01/20 18:24:13 | 000,000,000 | R--D | M] -- C:\Users\usuario\Contacts
[2011/12/13 08:15:00 | 000,000,000 | -HSD | M] -- C:\Users\usuario\Cookies
[2011/12/13 08:15:00 | 000,000,000 | -HSD | M] -- C:\Users\usuario\Dados de aplicativos
[2014/07/12 12:25:51 | 000,000,000 | R--D | M] -- C:\Users\usuario\Desktop
[2014/07/10 12:39:25 | 000,000,000 | R--D | M] -- C:\Users\usuario\Documents
[2014/07/12 12:25:51 | 000,000,000 | R--D | M] -- C:\Users\usuario\Downloads
[2014/01/20 18:24:13 | 000,000,000 | R--D | M] -- C:\Users\usuario\Favorites
[2014/01/20 18:24:13 | 000,000,000 | R--D | M] -- C:\Users\usuario\Links
[2013/11/17 18:29:05 | 000,000,000 | ---D | M] -- C:\Users\usuario\Local Settings
[2011/12/13 08:15:00 | 000,000,000 | -HSD | M] -- C:\Users\usuario\Menu Iniciar
[2011/12/13 08:15:00 | 000,000,000 | -HSD | M] -- C:\Users\usuario\Meus documentos
[2011/12/13 08:15:00 | 000,000,000 | -HSD | M] -- C:\Users\usuario\Modelos
[2014/01/20 18:24:13 | 000,000,000 | R--D | M] -- C:\Users\usuario\Music
[2014/06/29 20:00:08 | 000,000,000 | R--D | M] -- C:\Users\usuario\Pictures
[2011/12/13 08:15:00 | 000,000,000 | -HSD | M] -- C:\Users\usuario\Recent
[2014/01/20 18:24:13 | 000,000,000 | R--D | M] -- C:\Users\usuario\Saved Games
[2014/01/30 13:23:26 | 000,000,000 | R--D | M] -- C:\Users\usuario\Searches
[2011/12/13 08:15:00 | 000,000,000 | -HSD | M] -- C:\Users\usuario\SendTo
[2013/08/31 18:34:48 | 000,000,000 | ---D | M] -- C:\Users\usuario\Tracing
[2014/01/20 18:24:12 | 000,000,000 | R--D | M] -- C:\Users\usuario\Videos
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 22:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\erdnt\cache\netlogon.dll
[2009/07/13 22:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 22:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 22:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 22:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 22:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 22:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\erdnt\cache\scecli.dll
[2009/07/13 22:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 22:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< End of report >

OTL Extras logfile created on: 12/07/2014 12:27:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\usuario\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 71,78% Memory free
4,00 Gb Paging File | 3,09 Gb Available in Paging File | 77,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 68,01 Gb Free Space | 29,22% Space Free | Partition Type: NTFS
Drive D: | 2,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MICRO | User Name: usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3177980481-815283071-542161974-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mega] -- "C:\Program Files\Megacubo\megacubo.exe" "%1"
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17DB6A13-5FEB-412D-A07D-0122275590AB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1887E862-C0A3-4BB1-8AE8-F24A80DF41D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19C81CCF-EDD5-42AD-AEBF-F245E739883B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{284B9D39-577D-4D73-82A1-3D064D623569}" = lport=139 | protocol=6 | dir=in | app=system | 
"{28735700-9BDD-47C0-A5BC-B94B7539C09E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4082676C-3904-41A1-9EB0-60B013CA856D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{458C760C-F70B-4ED7-A4D0-B5889297C27B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{488BA103-CCCE-40BF-B1ED-EA3DD2D5A24A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4DE48B65-51F8-4E49-9FB6-F4183AE0980D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{52A088D4-63FF-4783-AFDA-6F8587779EDD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5372BD2B-E086-4AA6-A8A3-2E190B95AF86}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{54435F4F-E064-43C4-B3DC-886C43C537E0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5996588F-F48C-40F8-84DA-740C1F203064}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{66CAF98F-BE80-4681-B173-9DC47A7DF4CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{778A2EF2-A5EA-43A8-96BA-4626122593A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{85D2A1D6-3482-423A-97DC-4C264AAEAC4D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8838CA3E-E367-4F95-AD09-15DA59C55E86}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{89BAE80F-0816-4108-AC7D-2D6019B4C71E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8FAF8868-02DD-4223-9088-82231CEFE56D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9FB25BB0-021F-4200-A168-86C75055E924}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B40D4C5E-6BE5-4D4B-955C-E206992C695F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{B421BFBF-C185-4462-8173-79312E3B4E94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9D3FFDB-9B8B-4164-B549-C6E69ED0C683}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DACDFC53-C1A3-4576-AA38-209DA256BAF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0484B98F-C48C-4537-BAAB-6C16DCDC7345}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2014 editor\editor.exe | 
"{05A6910B-B9C3-414F-9B17-247BF08E3CFF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2013 editor\editor.exe | 
"{0C19B749-75D4-4ED8-AED5-87EE4BDD3B90}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{1C01ECC9-A049-4600-AF71-0E1A47F95544}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{206F76BD-5002-4828-A033-760351862CAB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | 
"{28059001-24B2-406D-B8D4-865275E02881}" = protocol=6 | dir=in | app=c:\users\usuario\appdata\roaming\utorrent\utorrent.exe | 
"{2FC656FD-4762-4FA9-9DD7-02DD6244BD71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3181106D-78FF-4A48-A9B4-0704F6B394A6}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa world\fifaworld.exe | 
"{346E630B-93A1-4537-9810-94BADA4F2F56}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{3D4ACF66-8E10-4F63-97F1-88B3DD2F51E1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{46699EDD-EE8E-4F39-A13A-8EA1135AADA6}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa world\fifaworld.exe | 
"{4E20F463-04B8-4437-9586-E8FEDBE5EF54}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2013 editor\editor.exe | 
"{51F3AA86-B9B1-41C2-BA73-4325C42A341D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe | 
"{5667F0AE-E4C8-4239-859F-44907C35A8B5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5ACB7B7F-C65F-40D2-824B-B018585EC054}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{604548E7-4ED1-4B2F-8271-C0F51B9394B5}" = protocol=17 | dir=in | app=c:\users\usuario\desktop\pes 2009\pes2009.exe | 
"{66956678-DD37-4CDF-BD7D-5167CE5F41DE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{68370841-93D1-4440-9A9F-3D99C9866BDF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{686B2957-9897-4E55-8879-1E353120ACC5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | 
"{6921B534-0000-4684-9FAF-E524FF724A82}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2014\fm.exe | 
"{6DB38C83-B56A-49A6-A550-5DAC2A1DF8CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2014 editor\editor.exe | 
"{750574B8-5397-4D0A-81C7-D45B148250DA}" = protocol=17 | dir=in | app=c:\users\usuario\appdata\roaming\utorrent\utorrent.exe | 
"{761DFEBD-6C21-4C5B-BAE5-6069B2B578D7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{76CD01B3-45EE-43F3-A945-59AADC7D6BAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{806AD124-878A-4684-ADB8-8BB7128D87A6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{817863AD-2C31-42BB-80AD-33A52A27CAD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{877A1709-5C29-420F-84A3-E41546F57B61}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{8CBE0B36-908E-4B99-BCB6-92F368F8787E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D213767-3E2B-4345-95A7-2DD82524D0BE}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"{912E20C3-14C7-484C-A0F5-40E6F2BC5313}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\dvd9\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"{92277E57-4DFD-4716-BA96-7F524F2B9505}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{971578EC-B52C-480A-A0EE-A233E83429F0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{9788BCAD-BE49-4005-AAAB-383D772ED302}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"{99C2BA52-2CC4-4E5D-A716-B615CFFABB15}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe | 
"{9CFA73ED-C58D-434D-A1B3-1AB8642671F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F6AA9C0-7696-4B9D-8161-604CDBA2FBB5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2013\fm.exe | 
"{A0082B07-4990-492B-9E55-299E77A03483}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A3158D3D-F902-424F-8B04-0B753A434EDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3A46465-56CE-4A21-AAFB-7B6646827B2D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{A5EAEC41-64B8-48E1-8DB3-123BCA4EF818}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{A8C72021-3CA7-4E9E-BBDC-66929A2F9117}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B1855755-677E-4F93-B4BA-55DB59E21848}" = protocol=17 | dir=in | app=c:\users\usuario\appdata\roaming\utorrent\utorrent.exe | 
"{B2C76720-1A3B-4225-8910-FE0B1868B976}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B6BC5FBA-B94F-4F8B-ACA7-53EC7FC65DF8}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\dvd9\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"{BF6C67FF-22EC-4E76-A772-F99AD3A49F3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0B97975-D197-40C3-892C-98F1C708A072}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C67063BA-274D-4896-8E89-5B46D271877B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe | 
"{C737CC4C-1D46-4AC7-96B0-4788180BF9BB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C739762F-D186-4436-BBBA-117E352EA8F6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2013\fm.exe | 
"{CC7ED2D7-A6BA-4503-8093-09600359E0DB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D73B3F33-E051-49A5-A3E5-DDBDE08B4606}" = protocol=6 | dir=in | app=c:\users\usuario\desktop\pes 2009\pes2009.exe | 
"{DA2BA630-1106-4087-B294-4F2707DAD18F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DC3CC270-4026-499F-BCB4-591B647C6298}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E2151181-125C-4485-9564-C73231A55855}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E7947574-5EBC-4B58-ABD9-2E5D2A261A23}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{E82E0C03-6DE8-4F61-B78E-BE653DE133A8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E8F1EF50-758C-4196-8238-470789284BAC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe | 
"{ED9D2B11-A9F9-445E-B958-E77AE6A2A2A7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{EEE70A4D-143A-43EC-93ED-B8CADD36A17F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{EF92ADB6-D26A-416D-A05F-F1C4B56E911F}" = protocol=6 | dir=in | app=c:\users\usuario\appdata\roaming\utorrent\utorrent.exe | 
"{F11E3434-ED0B-42F1-8632-8226FCF5010C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5331453-EF35-4025-B1B6-E20F1217F2A0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2014\fm.exe | 
"{FA44C105-B671-445D-9968-B9A078D81E9E}" = protocol=6 | dir=out | app=system | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}" = EA Sports™ FIFA World
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Português
"{AC99E18E-9237-4D7C-8FC2-472A46B84B20}_is1" = FMB Update versão 1.5
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Age of Empires II HD 2.6" = Age of Empires II HD 2.6
"Any Video Converter_is1" = Any Video Converter 5.0.9
"Baidu Antivirus" = Baidu Antivirus
"Baidu PC Faster 4.0.0.0" = Baidu PC Faster
"CCleaner" = CCleaner
"Cities XL 2012" = Cities XL 2012
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVDFab 8_is1" = DVDFab 8.0.0.5 (25/08/2010)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FM Genie Scout 13_is1" = FM Genie Scout 13 version 1.0 13.3.3
"Game Dev Tycoon v1.3.91.3.9" = Game Dev Tycoon v1.3.9
"Google Chrome" = Google Chrome
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"InternetUpdater" = Internet Updater
"jdownloader2" = JDownloader 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.2.0 Full
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Mozilla Firefox 23.0.1 (x86 pt-BR)" = Mozilla Firefox 23.0.1 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"Origin" = Origin
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"Picasa 3" = Picasa 3
"Steam App 207890" = Football Manager 2013
"Steam App 220600" = Football Manager 2013 Editor
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 231670" = Football Manager 2014
"Steam App 242460" = Football Manager 2014 Editor
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 570" = Dota 2
"Steam App 8930" = Sid Meier's Civilization V
"TEW2005" = TEW2005
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3177980481-815283071-542161974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08/07/2014 17:50:45 | Computer Name = micro | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = O Windows não pode carregar o arquivo de Registro de classes.   DETALHE
 - O sistema não pode encontrar o arquivo especificado.  
 
Error - 09/07/2014 11:47:51 | Computer Name = micro | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = O Windows não pode carregar o arquivo de Registro de classes.   DETALHE
 - O sistema não pode encontrar o arquivo especificado.  
 
Error - 09/07/2014 16:12:01 | Computer Name = micro | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "c:\program files\baidu
 security\baidu antivirus\CrashReport64.exe".   Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 não pôde ser localizado.  Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.
 
Error - 09/07/2014 19:22:42 | Computer Name = micro | Source = Application Hang | ID = 1002
Description = O programa fm.exe versão 14.3.1.28944 parou de interagir com o Windows
 e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
 o histórico de problemas no painel de controle da Central de Ações.    ID de Processo:
 1550    Hora de Início: 01cf9bc8dbde7120    Hora de Término: 573    Caminho do Aplicativo: 
C:\Program Files\Steam\steamapps\common\Football Manager 2014\fm.exe    Id do Relatório:
 e6ebad81-07bf-11e4-8840-001fc6b8801a  
 
Error - 10/07/2014 10:27:10 | Computer Name = micro | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = O Windows não pode carregar o arquivo de Registro de classes.   DETALHE
 - O sistema não pode encontrar o arquivo especificado.  
 
Error - 10/07/2014 21:08:19 | Computer Name = micro | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: fm.exe, versão: 14.3.1.28944, carimbo
 de hora: 0x5342f333  Nome do módulo de falhas: fm.exe, versão: 14.3.1.28944, carimbo
 de hora: 0x5342f333  Código de exceção: 0xc0000005  Deslocamento com falha: 0x00e19b4c
Identificação
 do processo com falha: 0xa80  Hora de início do aplicativo com falha: 0x01cf9c87b7011d25
Caminho
 do aplicativo com falha: C:\Program Files\Steam\steamapps\common\Football Manager
 2014\fm.exe  FCaminho do módulo de falhas: C:\Program Files\Steam\steamapps\common\Football
 Manager 2014\fm.exe  Identificação do Relatório: d81bccbb-0897-11e4-9371-001fc6b8801a
 
Error - 11/07/2014 09:15:42 | Computer Name = micro | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = O Windows não pode carregar o arquivo de Registro de classes.   DETALHE
 - O sistema não pode encontrar o arquivo especificado.  
 
Error - 11/07/2014 13:57:09 | Computer Name = micro | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: chrome.exe, versão: 31.0.1650.63, carimbo
 de hora: 0x529e8b45  Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bdadb  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x0003133c  Identificação do processo com falha: 0xb4  Hora de início do aplicativo
 com falha: 0x01cf9d31880946ed  Caminho do aplicativo com falha: C:\Program Files\Google\Chrome\Application\chrome.exe
FCaminho
 do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll  Identificação do Relatório: c6aa0909-0924-11e4-b9dd-001fc6b8801a
 
Error - 11/07/2014 14:41:06 | Computer Name = micro | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Silverlight.Configuration.exe, versão:
 5.1.20125.0, carimbo de hora: 0x5101e89e  Nome do módulo de falhas: ntdll.dll, versão:
 6.1.7600.16385, carimbo de hora: 0x4a5bdadb  Código de exceção: 0xc0000374  Deslocamento
 com falha: 0x000c283b  Identificação do processo com falha: 0x11b0  Hora de início 
do aplicativo com falha: 0x01cf9d37a53b2829  Caminho do aplicativo com falha: c:\Program
 Files\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe  FCaminho do
 módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll  Identificação do Relatório: ea78f97f-092a-11e4-b9dd-001fc6b8801a
 
Error - 12/07/2014 11:02:10 | Computer Name = micro | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = O Windows não pode carregar o arquivo de Registro de classes.   DETALHE
 - O sistema não pode encontrar o arquivo especificado.  
 
[ System Events ]
Error - 11/07/2014 23:07:05 | Computer Name = micro | Source = Service Control Manager | ID = 7023
Description = O serviço Protocolo PNRP terminou com o erro:   %%-2140993535
 
Error - 12/07/2014 11:03:21 | Computer Name = micro | Source = PNRPSvc | ID = 102
Description = 
 
Error - 12/07/2014 11:03:21 | Computer Name = micro | Source = Service Control Manager | ID = 7023
Description = O serviço Protocolo PNRP terminou com o erro:   %%-2140993535
 
Error - 12/07/2014 11:03:21 | Computer Name = micro | Source = Service Control Manager | ID = 7001
Description = O serviço Agrupamento de Rede de Mesmo Nível depende do serviço Protocolo
 PNRP, mas não foi possível iniciá-lo devido ao seguinte erro:   %%-2140993535
 
Error - 12/07/2014 11:03:31 | Computer Name = micro | Source = PNRPSvc | ID = 102
Description = 
 
Error - 12/07/2014 11:03:31 | Computer Name = micro | Source = PNRPSvc | ID = 102
Description = 
 
Error - 12/07/2014 11:03:31 | Computer Name = micro | Source = Service Control Manager | ID = 7001
Description = O serviço Agrupamento de Rede de Mesmo Nível depende do serviço Protocolo
 PNRP, mas não foi possível iniciá-lo devido ao seguinte erro:   %%-2140993535
 
Error - 12/07/2014 11:03:31 | Computer Name = micro | Source = Service Control Manager | ID = 7023
Description = O serviço Protocolo PNRP terminou com o erro:   %%-2140993535
 
Error - 12/07/2014 11:03:31 | Computer Name = micro | Source = Service Control Manager | ID = 7023
Description = O serviço Protocolo PNRP terminou com o erro:   %%-2140993535
 
Error - 12/07/2014 11:03:31 | Computer Name = micro | Source = Service Control Manager | ID = 7001
Description = O serviço Agrupamento de Rede de Mesmo Nível depende do serviço Protocolo
 PNRP, mas não foi possível iniciá-lo devido ao seguinte erro:   %%-2140993535
 
 
< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro nando97

 

Etapa nº 1 #

 

Desinstalou Baidu?

 

Etapa nº 2 #

 

Faça o download do SystemLook em seu desktop.
 
  • Clique duas vezes no ícone 4119586963_6274067071_o.gif
  • Clique em executar;
  • Copie (ctrl+c) conteúdo abaixo:

:contentsC:\Users\usuario\a.txtC:\Users\usuario\aaaaaaaaa.txtC:\Users\usuario\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txtC:\Users\usuario\asssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss.txtC:\Users\usuario\azd.txtC:\Users\usuario\dasz.txtC:\Users\usuario\fla.txtC:\Users\usuario\numero do pedido.txtC:\Users\usuario\werder.txt
 
E cole (ctrl+v) no espaço indicado na imagem:
 
4120361504_f66dd92e95_o.jpg
  • Clique em 4119586997_32a5666660_o.jpg
  • Aguarde;
  • Ao término será aberto o log do scan;
  • Clique em 4120361454_3c264d5fca_o.jpg
  • Poste todo o conteúdo em sua próxima resposta.

Note:
O log também pode ser encontrado no desktop com o nome:
SystemLook.
txt

 

 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sobre:

:contents
C
:\Users\usuario\a.txt
C
:\Users\usuario\aaaaaaaaa.txt
C
:\Users\usuario\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt
C
:\Users\usuario\asssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss.txt
C
:\Users\usuario\azd.txt
C
:\Users\usuario\dasz.txt
C
:\Users\usuario\fla.txt
C
:\Users\usuario\numero do pedido.txt
C
:\Users\usuario\werder.txt

 

 

Eu criei todos esses arquivos, aí contem rascunhos e coisas pessoais.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro nando97

 

Ok... na verdade não iria removê-los, em princípio, queria ver seus conteúdos para ter certeza antes! ;)

 

Execute as instruções abaixo em Modo Seguro.

 

Novamente com o OTL
  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

:OTLPRC - [2014/07/10 19:43:37 | 001,436,352 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFTray.exePRC - [2014/07/10 19:43:03 | 002,633,408 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFPopups.exePRC - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exePRC - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PluginRemoverSvc.exePRC - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exePRC - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exePRC - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exePRC - [2014/06/30 23:14:18 | 000,550,432 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exePRC - [2014/06/30 23:14:10 | 001,795,104 | ---- | M] () -- C:\Arquivos de Programas\Baidu Security\PC App Store\4.5.1.6176\AppStoreUtilExe.exePRC - [2014/06/13 07:56:22 | 001,704,296 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BavTray.exePRC - [2014/06/13 07:56:17 | 000,481,432 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BHipsSvc.exePRC - [2014/06/13 07:56:10 | 002,038,248 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BAVSvc.exeSRV - [2014/07/10 19:42:24 | 000,785,904 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe -- (PCFasterSvc_{PCFaster_4.0.0.0})SRV - [2014/06/30 23:14:18 | 000,550,432 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe -- (PCAppStoreSvc_{PCAppStore_4.5.1.6176})SRV - [2014/06/13 07:56:17 | 000,481,432 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe -- (BHipsSvc)SRV - [2014/06/13 07:56:10 | 002,038,248 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BAVSvc.exe -- (BAVSvc)DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\BHipsEx.sys -- (BHipsEx)DRV - [2014/07/10 19:42:06 | 000,119,168 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys -- (PCFApiUtil)DRV - [2014/07/10 19:30:10 | 000,111,424 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\BProtectEx.sys -- (BprotectEx)DRV - [2014/06/17 09:35:42 | 000,096,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de Programas\Baidu Security\PC Faster\4.0.0.0\Spring.sys -- (Spring)DRV - [2014/06/13 07:03:37 | 000,157,504 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bprotect.sys -- (Bprotect)DRV - [2014/05/27 03:19:38 | 000,070,496 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bnbasex.sys -- (Bnbase)DRV - [2014/05/27 03:19:38 | 000,051,584 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bndef.sys -- (Bndef)DRV - [2014/05/27 03:19:38 | 000,048,448 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfilter.sys -- (Bfilter)DRV - [2014/05/27 03:19:38 | 000,029,504 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfmon.sys -- (Bfmon)DRV - [2014/05/27 03:19:38 | 000,021,152 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BdCameraProtect.sys -- (BdCameraProtect)DRV - [2014/05/07 01:09:26 | 000,121,184 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\BdApiUtil.sys -- (BdApiUtil)DRV - [2014/03/11 00:14:02 | 000,047,456 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Bhbase.sys -- (Bhbase)O4 - HKLM..\Run: [Baidu Antivirus] C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe (Baidu, Inc.)O4 - HKLM..\Run: [Baidu PC Faster 4.0.0.0] C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe (Baidu Inc.)O4 - Startup: C:\Users\All Users\Baidu [2014/07/09 17:45:21 | 000,000,000 | ---D | M]O4 - Startup: C:\Users\All Users\Baidu Security [2014/05/08 14:08:36 | 000,000,000 | ---D | M]O4 - Startup: C:\Users\Todos os Usuários\Baidu [2014/07/09 17:45:21 | 000,000,000 | ---D | M]O4 - Startup: C:\Users\Todos os Usuários\Baidu Security [2014/05/08 14:08:36 | 000,000,000 | ---D | M][2014/06/21 20:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu[2014/06/21 20:45:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu[2014/06/17 09:35:40 | 000,111,424 | ---- | C] (Baidu, Inc.) -- C:\Windows\System32\drivers\BProtectEx.sys[2014/06/17 09:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster[2013/10/22 09:25:04 | 000,170,344 | ---- | C] (Baidu, Inc.) -- C:\ProgramData\FileSplitUpLoad.dll[2014/07/10 19:30:10 | 000,111,424 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\BProtectEx.sys[2014/06/13 07:03:37 | 000,157,504 | ---- | M] (Baidu, Inc.) -- C:\Windows\System32\drivers\Bprotect.sys[2014/07/09 17:45:21 | 000,000,000 | ---D | M] -- C:\Users\All Users\Baidu[2014/05/08 14:08:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\Baidu Security :Commands[purity][emptyflash][createrestorepoint][emptytemp]
  • Clique no botão 5370056394_358505935a_m.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Poste o conteúdo desse log em sua próxima resposta.
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste mais este log em sua próxima resposta o log gerado.

Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpa a pergunta *****, mas como eu abro o arquivo 'Modo Seguro'?

Se for apertando o pontão direito em cima o ícone não aparece nada sobre modo seguro ( modo de segurança).

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu aperto F8 na tela preta mas aparece a tela de drivers, e não a tela de escolher modo de segurança.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×