Como excluir o Baidu Antivirus?

por Freedman Dom 12 Jan 2014, 12:39

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:34 /+/Freedman, on 12/1/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrador\Meus documentos\SASCORE.EXE
D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BAVSvc.exe
C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Spybot - Search & Destroy 2\SDUpdSvc.exe
D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\avgnt.exe
D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
D:\Arquivos de programas\Notepad++\notepad++.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NextLive] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Administrador\Dados de aplicativos\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} (Portalarium Player Web Plugin) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\docume~1\alluse~1\dadosd~1\browse~1\261125~1.80\{c16c1~1\mngr.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Documents and Settings\Administrador\Meus documentos\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Arquivos de programas\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Arquivos de programas\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Arquivos de programas\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe

--
End of file - 12438 bytes

por Wings [In Memoriam] Dom 12 Jan 2014, 12:41

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de OldTimer) e salve-o no Desktop (Área de Trabalho)

*Clique com o botão direito do mouse no OTL e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Selecione:

Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity

*Clique [Verificar] e aguarde o término

*Poste os relatórios OTL.txt e Extras.txt criados no Desktop (Área de Trabalho)

por Freedman Dom 12 Jan 2014, 12:57

OTL Extras logfile created on: 12/1/2014 11:39:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrador\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

3,50 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 68,17% Memory free
5,34 Gb Paging File | 3,83 Gb Available in Paging File | 71,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 48,83 Gb Total Space | 14,58 Gb Free Space | 29,86% Space Free | Partition Type: NTFS
Drive D: | 416,93 Gb Total Space | 291,13 Gb Free Space | 69,83% Space Free | Partition Type: NTFS

Computer Name: FELIPE | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1220945662-1004336348-725345543-500\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Arquivos de programas\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Arquivos de programas\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Arquivos de programas\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Arquivos de programas\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Arquivos de programas\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58208:TCP" = 58208:TCP:*:Enabled:Pando Media Booster
"58208:UDP" = 58208:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58208:TCP" = 58208:TCP:*:Enabled:Pando Media Booster
"58208:UDP" = 58208:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"D:\Level Up! Games\Combat Arms\CA\Combat Arms\CombatArms.exe" = D:\Level Up! Games\Combat Arms\CA\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Level Up! Games\Combat Arms\CA\Combat Arms\Engine.exe" = D:\Level Up! Games\Combat Arms\CA\Combat Arms\Engine.exe:*Enabled:Engine.exe
"D:\jogo\pb\ca\Combat Arms\CombatArms.exe" = D:\jogo\pb\ca\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"D:\jogo\pb\ca\Combat Arms\Engine.exe" = D:\jogo\pb\ca\Combat Arms\Engine.exe:*Enabled:Engine.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Arquivos de programas\Messenger\msmsgs.exe" = C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Level Up Games\Grand Chase\main.exe" = C:\Level Up Games\Grand Chase\main.exe:*:Enabled:GrandChase
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"D:\Level Up! Games\Combat Arms\CA\Combat Arms\CombatArms.exe" = D:\Level Up! Games\Combat Arms\CA\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Level Up! Games\Combat Arms\CA\Combat Arms\Engine.exe" = D:\Level Up! Games\Combat Arms\CA\Combat Arms\Engine.exe:*Enabled:Engine.exe
"D:\Level Up! Games\Combat Arms\CA\Combat Arms\NMService.exe" = D:\Level Up! Games\Combat Arms\CA\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Arquivos de programas\Hamachi\hamachi.exe" = C:\Arquivos de programas\Hamachi\hamachi.exe:*:Disabled:Hamachi
"C:\winlogin.exe" = C:\winlogin.exe:*:Enabled:PenCat
"C:\WINDOWS\Sys\livesv.exe" = C:\WINDOWS\Sys\livesv.exe:*:Enabled:nHot
"D:\Arquivos de programas\Steam\Steam.exe" = D:\Arquivos de programas\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Arquivos de programas\Steam\steamapps\mohameddoze\team fortress 2\hl2.exe" = D:\Arquivos de programas\Steam\steamapps\mohameddoze\team fortress 2\hl2.exe:*:Enabled:hl2
"D:\Arquivos de programas\Microsoft Games\Age of Mythology\aom.exe" = D:\Arquivos de programas\Microsoft Games\Age of Mythology\aom.exe:*:Disabled:Age of Mythology -- (Ensemble Studios)
"C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Level Up! Games\main.exe" = D:\Level Up! Games\main.exe:*:Enabled:GrandChase
"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"D:\Hamachi\Pointblank\PointBlank.exe" = D:\Hamachi\Pointblank\PointBlank.exe:*:Enabled:PointBlank
"D:\Arquivos de programas\Steam\steamapps\common\brawl busters\bin\PbLauncher.exe" = D:\Arquivos de programas\Steam\steamapps\common\brawl busters\bin\PbLauncher.exe:*:Enabled:BrawlBusters Launcher
"D:\Arquivos de programas\Steam\steamapps\common\brawl busters\bin\pbclient.exe" = D:\Arquivos de programas\Steam\steamapps\common\brawl busters\bin\pbclient.exe:*:Enabled:BrawlBusters
"D:\jogo\pb\ca\Combat Arms\CombatArms.exe" = D:\jogo\pb\ca\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"D:\jogo\pb\ca\Combat Arms\Engine.exe" = D:\jogo\pb\ca\Combat Arms\Engine.exe:*Enabled:Engine.exe
"D:\jogo\pb\ca\Combat Arms\NMService.exe" = D:\jogo\pb\ca\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
"D:\Arquivos de programas\Steam\steamapps\mohameddoze\pirates, vikings, and knights ii\hl2.exe" = D:\Arquivos de programas\Steam\steamapps\mohameddoze\pirates, vikings, and knights ii\hl2.exe:*:Enabled:hl2 -- ()
"D:\Arquivos de programas\VLC\vlc.exe" = D:\Arquivos de programas\VLC\vlc.exe:*:Enabled:VLC media player -- (VideoLAN)
"D:\Arquivos de programas\Steam\steamapps\common\alien swarm\srcds.exe" = D:\Arquivos de programas\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"D:\Arquivos de programas\Steam\steamapps\common\Gotham City Impostors F2P\Engine.exe" = D:\Arquivos de programas\Steam\steamapps\common\Gotham City Impostors F2P\Engine.exe:*:Enabled:Gotham City Impostors - Free To Play
"D:\Arquivos de programas\Steam\steamapps\common\the binding of isaac\Isaac.exe" = D:\Arquivos de programas\Steam\steamapps\common\the binding of isaac\Isaac.exe:*:Enabled:The Binding of Isaac -- (Edmund Mcmillen & Florian Himsl )
"C:\Arquivos de programas\Electronic Arts\EADM\Core.exe" = C:\Arquivos de programas\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Documents and Settings\Administrador\Meus documentos\Downloads\Age of Empires II Completo Traduzido\empires2.exe" = C:\Documents and Settings\Administrador\Meus documentos\Downloads\Age of Empires II Completo Traduzido\empires2.exe:*:Enabled:Age of Empires II
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"D:\Hamachi\Documentos\Age of Empires II Completo Traduzido\empires2.exe" = D:\Hamachi\Documentos\Age of Empires II Completo Traduzido\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"D:\Hamachi\Documentos\Age of Empires II Completo Traduzido\age2_x1\age2_x1.exe" = D:\Hamachi\Documentos\Age of Empires II Completo Traduzido\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"D:\Hamachi\Documentos\Age of Mythology\aomx.exe" = D:\Hamachi\Documentos\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"D:\Hamachi\LOL\LOLReplay\LOLReplay.exe" = D:\Hamachi\LOL\LOLReplay\LOLReplay.exe:*:Enabled:LOLReplay
"D:\Arquivos de programas\Winamp\winamp.exe" = D:\Arquivos de programas\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"D:\Hamachi\Giants.exe" = D:\Hamachi\Giants.exe:*:Enabled:Giants
"D:\Arquivos de programas\Steam\steamapps\common\Batman Arkham City Demo\Binaries\Win32\BatmanAC.exe" = D:\Arquivos de programas\Steam\steamapps\common\Batman Arkham City Demo\Binaries\Win32\BatmanAC.exe:*:Enabled:Batman: Arkham City Demo -- (Rocksteady Studios Ltd.)
"D:\Arquivos de programas\Steam\steamapps\common\Batman Arkham City Demo\RunLauncher.bat" = D:\Arquivos de programas\Steam\steamapps\common\Batman Arkham City Demo\RunLauncher.bat:*:Enabled:Batman: Arkham City Demo -- ()
"C:\Arquivos de programas\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe" = C:\Arquivos de programas\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Configuração do dispositivo HP (HP Deskjet 3510 series) -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe" = C:\Arquivos de programas\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Comunicador de rede HP (HP Deskjet 3510 series) -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe" = C:\Arquivos de programas\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:Comunicador de rede HP COM (HP Deskjet 3510 series) -- (Hewlett-Packard Co.)
"D:\jogo\LOLReplay\LOLReplay.exe" = D:\jogo\LOLReplay\LOLReplay.exe:*:Enabled:LOLReplay
"C:\Documents and Settings\Administrador\Desktop\Jogos\TerrariaServer.exe" = C:\Documents and Settings\Administrador\Desktop\Jogos\TerrariaServer.exe:*:Enabled:Terraria
"C:\Arquivos de programas\Skype\Phone\Skype.exe" = C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\Arquivos de programas\Steam\steamapps\common\Team Fortress 2\hl2.exe" = D:\Arquivos de programas\Steam\steamapps\common\Team Fortress 2\hl2.exe:*:Enabled:Team Fortress 2 -- ()
"C:\Documents and Settings\All Users\Dados de aplicativos\Battle.net\Agent\Agent.2380\Agent.exe" = C:\Documents and Settings\All Users\Dados de aplicativos\Battle.net\Agent\Agent.2380\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"D:\Hamachi\Battle.net\Battle.net.exe" = D:\Hamachi\Battle.net\Battle.net.exe:*:Enabled:Battle.net
"D:\jogo\AoE3\age3x.exe" = D:\jogo\AoE3\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"D:\jogo\AoE3\age3y.exe" = D:\jogo\AoE3\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Dados de aplicativos\Battle.net\Agent\Agent.beta.2514\Agent.exe" = C:\Documents and Settings\All Users\Dados de aplicativos\Battle.net\Agent\Agent.beta.2514\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\Arquivos de programas\Spybot - Search & Destroy 2\SDTray.exe" = C:\Arquivos de programas\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Arquivos de programas\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Arquivos de programas\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Arquivos de programas\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Arquivos de programas\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Arquivos de programas\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Arquivos de programas\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{114AA4D3-A577-400E-A1B2-3CF75CF8D2E2}" = C5500_Help
"{17702F96-1B27-4F09-868E-9F8C17874CE7}_is1" = Arquivo261212
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 38
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1" = Módulo de Segurança - Banco do Brasil
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B8B9664-21C8-4A1C-AEE4-EF7B1EEB6BD3}" = PS_AIO_04_C5500_Software
"{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1" = GBBD Caixa Economica Federal
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69969D5E-20DA-47FF-B657-E5D152672AB5}" = HP Deskjet 3510 series Software básico do dispositivo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2.0.5.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A558B0C-541D-47e0-A177-8635CE723B07}" = HP Photosmart C5500 All-In-One Driver Software 11.0 Rel .4
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E37A0C8-C0E7-4E7A-8739-ACF20D02E70C}" = PS_AIO_04_C5500_Software_Min
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{98ADF875-648F-3E73-8F3B-010C2464C948}" = Microsoft .NET Framework 4 Extended PTB Language Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9310B0-FAD0-440E-97B1-5EE14568EF78}" = PS_AIO_04_C5500_ProductContext
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1421
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8672913-A995-4C4A-AA0F-DE5D83549FA0}" = Project64 1.7.0.55
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCCDE721-9F4D-4396-9592-92DD865D965E}" = League of Legends
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C50BF854-E881-434F-9C67-5A73EBB58F06}" = Windows Live Toolbar
"{C77A7F57-0BA5-4A17-B1C4-28E1D5F5A6EC}" = C5500
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D84F41A8-33E6-402A-8DD6-D2244235BCB8}" = LogMeIn Hamachi
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Age of Mythology 1.0" = Age of Mythology
"Aoe World Aok Patch Br" = Aoe World Aok Patch Br
"Ares" = Ares 2.1.7
"AVI ReComp" = AVI ReComp 1.5.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Avisynth" = AviSynth 2.5
"Baidu Antivirus" = Baidu Antivirus
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"Detonadores Patch E_is1" = DET AoC(E) 1.0
"ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5" = Receitanet
"Free MP3 Sound Recorder_is1" = Free MP3 Sound Recorder v1.9
"Garden In The Depth Screensaver_is1" = Garden In The Depth Screensaver 1.0
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
"IRPF2011" = IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"IRPF2012" = IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"IRPF2013" = IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"JMHL Loader" = JMHL Loader
"League of Legends 3.0.1" = League of Legends
"Line 6 Uninstaller" = Line 6 Uninstaller
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Naviextras Toolbox" = Naviextras Toolbox
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"ScummVM_is1" = ScummVM 1.1.1
"Shop for HP Supplies" = Shop for HP Supplies
"SP_20b85a18" = ss helper 1.74
"Steam App 113200" = The Binding of Isaac
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 200240" = Batman: Arkham City Demo
"Steam App 440" = Team Fortress 2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"The Simpsons Movie - Sleeping Homer" = The Simpsons Movie - Sleeping Homer Screen Saver
"VLC media player" = VLC media player 2.0.5
"VobSub" = VobSub 2.23
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-1004336348-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2e4572743b8884b4" = Gerenciador de Downloads
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detectar Aplicação

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31/12/2013 02:31:11 | Computer Name = FELIPE | Source = MsiInstaller | ID = 11609
Description =

Error - 2/1/2014 22:06:13 | Computer Name = FELIPE | Source = Application Error | ID = 1000
Description = Aplicativo com falha skype.exe, versão 6.11.73.102, módulo com falha
kernel32.dll, versão 5.1.2600.6293, endereço com falha 0x0000984e.

Error - 9/1/2014 17:01:47 | Computer Name = FELIPE | Source = MsiInstaller | ID = 11609
Description =

Error - 11/1/2014 08:39:30 | Computer Name = FELIPE | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 11/1/2014 10:17:38 | Computer Name = FELIPE | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 11/1/2014 10:17:39 | Computer Name = FELIPE | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 11/1/2014 10:17:47 | Computer Name = FELIPE | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 12/1/2014 07:15:52 | Computer Name = FELIPE | Source = EventSystem | ID = 4614
Description = O sistema de eventos COM+ detectou uma inconsistência em seu estado
interno. Falha da declaração "GetLastError() == 122L" na linha 162 de d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Contate os serviços de suporte Microsoft para relatar esse err

Error - 12/1/2014 08:25:21 | Computer Name = FELIPE | Source = Application Error | ID = 1000
Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com
falha kernel32.dll, versão 5.1.2600.6293, endereço com falha 0x000658c0.

Error - 12/1/2014 08:34:52 | Computer Name = FELIPE | Source = MsiInstaller | ID = 11706
Description = Produto: Project64 1.7.0.55 -- Erro 1706. Um pacote de instalação
para o produto Project64 1.7.0.55 não pode ser encontrado. Tente a instalação novamente
usando uma cópia válida do pacote de instalação 'Project64 1.7.0.55.msi'.

[ LevelUp Events ]
Error - 1/5/2012 00:02:41 | Computer Name = FELIPE | Source = LevelUpDownloader | ID = 0
Description = 2012-05-01 01:02:41.4531|ERROR|LevelUp.DownloaderClient.Bootstrapper|Not
critial/required initialization error: System.IO.DirectoryNotFoundException: Could
not find a part of the path 'C:\Documents and Settings\Administrador\Meus documentos\Level
Up! Games\Gerenciador de Downloads\torrents'. at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.Directory.InternalGetFileDirectoryNames(String
path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean
includeDirs, SearchOption searchOption) at System.IO.Directory.GetFiles(String
path, String searchPattern, SearchOption searchOption) at System.IO.Directory.GetFiles(String
path, String searchPattern) at LevelUp.DownloaderClient.Initializers.MigrateOldFormatDownloads.GetListOfExistingTorrents(String
baseDownloadPath) at LevelUp.DownloaderClient.Initializers.MigrateOldFormatDownloads.Initialize()

at LevelUp.DownloaderClient.Bootstrapper.b__d(IInitializer
i)

[ System Events ]
Error - 12/1/2014 07:49:59 | Computer Name = FELIPE | Source = Service Control Manager | ID = 7022
Description = Serviço Serviço de Descoberta de dispositivos CUE HP suspenso ao iniciar.

Error - 12/1/2014 07:56:00 | Computer Name = FELIPE | Source = Schedule | ID = 7901
Description = O comando At2.job falhou ao iniciar devido ao seguinte erro: %%2147942403

Error - 12/1/2014 07:57:00 | Computer Name = FELIPE | Source = Schedule | ID = 7901
Description = O comando At1.job falhou ao iniciar devido ao seguinte erro: %%2147942403

Error - 12/1/2014 08:56:00 | Computer Name = FELIPE | Source = Schedule | ID = 7901
Description = O comando At2.job falhou ao iniciar devido ao seguinte erro: %%2147942403

Error - 12/1/2014 08:57:00 | Computer Name = FELIPE | Source = Schedule | ID = 7901
Description = O comando At1.job falhou ao iniciar devido ao seguinte erro: %%2147942403

Error - 12/1/2014 09:13:15 | Computer Name = FELIPE | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 12/1/2014 09:13:55 | Computer Name = FELIPE | Source = Service Control Manager | ID = 7009
Description = Tempo limite (30000 milissegundos) de espera para que o serviço Spybot-S&D
2 Security Center Service se conecte.

Error - 12/1/2014 09:13:55 | Computer Name = FELIPE | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Spybot-S&D 2 Security Center Service
devido ao seguinte erro: %%1053

Error - 12/1/2014 09:15:12 | Computer Name = FELIPE | Source = Service Control Manager | ID = 7022
Description = Serviço Serviço de Descoberta de dispositivos CUE HP suspenso ao iniciar.

Error - 12/1/2014 09:16:04 | Computer Name = FELIPE | Source = Service Control Manager | ID = 7011
Description = Tempo limite (30000 milissegundos) esperando por uma resposta do serviço
NVSvc.

< End of report >

por Freedman Dom 12 Jan 2014, 12:58

OTL logfile created on: 12/1/2014 11:39:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrador\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

3,50 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 68,17% Memory free
5,34 Gb Paging File | 3,83 Gb Available in Paging File | 71,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 48,83 Gb Total Space | 14,58 Gb Free Space | 29,86% Space Free | Partition Type: NTFS
Drive D: | 416,93 Gb Total Space | 291,13 Gb Free Space | 69,83% Space Free | Partition Type: NTFS

Computer Name: FELIPE | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/12 11:38:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Meus documentos\Downloads\OTL.exe
PRC - [2014/01/08 14:15:18 | 000,459,416 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe
PRC - [2014/01/08 14:14:46 | 001,923,376 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BAVSvc.exe
PRC - [2014/01/07 02:05:55 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
PRC - [2013/12/19 09:21:29 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\sched.exe
PRC - [2013/12/19 09:20:32 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/12/19 09:20:18 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/11/27 09:30:22 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/10/16 16:02:30 | 000,452,968 | ---- | M] (GAS Tecnologia) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de programas\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de programas\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/07 20:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrador\Meus documentos\SASCore.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2008/04/14 00:20:58 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/07 02:05:53 | 000,399,640 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\32.0.1700.72\ppgooglenaclpluginchrome.dll
MOD - [2014/01/07 02:05:49 | 004,055,320 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\32.0.1700.72\pdf.dll
MOD - [2014/01/07 02:04:42 | 001,634,584 | ---- | M] () -- C:\Arquivos de programas\Google\Chrome\Application\32.0.1700.72\ffmpegsumo.dll
MOD - [2013/12/19 08:32:44 | 000,541,032 | ---- | M] () -- C:\Arquivos de programas\Baidu Security\Baidu Antivirus\sqlite.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Arquivos de programas\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Arquivos de programas\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Arquivos de programas\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/05/11 13:37:35 | 000,397,704 | ---- | M] () -- D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/08/23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Arquivos de programas\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012/04/03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Arquivos de programas\Spybot - Search & Destroy 2\av\BDSmartDB.dll
MOD - [2011/07/18 19:04:08 | 000,296,448 | ---- | M] () -- D:\Arquivos de programas\Notepad++\NppShell_04.dll
MOD - [2011/05/19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Arquivos de programas\Spybot - Search & Destroy 2\av\avxdisk.dll
MOD - [2008/04/14 00:20:33 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Arquivos de programas\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Arquivos de programas\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/01/08 14:15:18 | 000,459,416 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe -- (BHipsSvc)
SRV - [2014/01/08 14:14:46 | 001,923,376 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BAVSvc.exe -- (BAVSvc)
SRV - [2013/12/19 09:21:29 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/11 17:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/11 05:37:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/29 16:20:40 | 001,664,336 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/11/27 09:30:22 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/16 16:02:30 | 000,452,968 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2013/05/07 20:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Documents and Settings\Administrador\Meus documentos\SASCore.exe -- (!SASCORE)
SRV - [2013/04/04 06:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/15 22:35:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 12:29:45 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Disabled | Stopped] -- D:\Hamachi\SMITE\HiPatchService.exe -- (HiPatchService)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/06/19 15:57:00 | 004,122,968 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 22:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva398.sys -- (XDva398)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva393.sys -- (XDva393)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys -- (PCFApiUtil)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Level Up! Games\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BprotectEx.sys -- (BprotectEx)
DRV - [2014/01/12 11:14:51 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (NdisrdMP)
DRV - [2014/01/12 11:14:51 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (Ndisrd)
DRV - [2014/01/10 08:10:16 | 000,135,488 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Bprotect.sys -- (Bprotect)
DRV - [2014/01/05 19:08:06 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2014/01/03 06:29:14 | 000,112,896 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BdApiUtil.sys -- (BdApiUtil)
DRV - [2013/12/23 05:55:10 | 000,043,840 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Bfilter.sys -- (Bfilter)
DRV - [2013/12/19 09:21:36 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/12/19 09:21:36 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/12/19 08:32:58 | 000,071,328 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Bhbase.sys -- (Bhbase)
DRV - [2013/12/17 07:59:36 | 000,019,168 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BdCameraProtect.sys -- (BdCameraProtect)
DRV - [2013/12/17 07:59:28 | 000,027,456 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Bfmon.sys -- (Bfmon)
DRV - [2013/11/27 09:31:28 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/07/01 16:40:10 | 000,047,688 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2013/05/11 13:38:12 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/01/17 22:07:36 | 000,152,880 | R--- | M] (360.cn) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360FileOem.sys -- (360FileOem)
DRV - [2013/01/17 22:07:36 | 000,064,048 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360SpOEM.sys -- (360SpOEM)
DRV - [2013/01/17 22:07:36 | 000,061,488 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\360HookOem.sys -- (360HookOem)
DRV - [2013/01/17 22:07:36 | 000,029,744 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360RegOem.sys -- (360RegOem)
DRV - [2011/08/17 10:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/07/22 14:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Administrador\Meus documentos\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 19:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Administrador\Meus documentos\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/09 17:24:53 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/10/18 15:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/10/18 15:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/10/18 15:44:04 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/10/10 09:48:20 | 001,439,744 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athur.sys -- (athur)
DRV - [2010/01/27 00:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2008/08/07 09:14:00 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/25 10:09:24 | 000,845,184 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/02/14 04:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1220945662-1004336348-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-1220945662-1004336348-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-1220945662-1004336348-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..\SearchScopes\{CBCA2DE3-42E0-496F-8129-AE86284FF8C7}: "URL" =
IE - HKU\S-1-5-21-1220945662-1004336348-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://br.hao123.com/?tn=4shared_hp_hao123_br"
FF - prefs.js..extensions.enabledAddons: finddisableds%40finddisableds.co:1.111
FF - prefs.js..extensions.enabledAddons: WebSiteRecommendation%40weliketheweb.com:1.0.6
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.0
FF - prefs.js..extensions.enabledAddons: %7Bd4a5fd5b-2243-4a66-9f96-9e488a2a4147%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Arquivos de programas\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/01/01 10:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Hamachi\components [2013/02/23 20:54:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Hamachi\plugins [2013/06/15 21:50:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/01/01 10:05:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\sf.xpi [2013/08/07 13:07:22 | 000,016,144 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D}: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\xpi [2014/01/04 11:25:05 | 000,000,000 | ---D | M]

[2013/02/23 21:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions
[2014/01/12 11:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mkcg7gy3.default\extensions
[2013/08/30 23:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profilesmkcg7gy3.default\extensions
[2013/08/30 23:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profilesmkcg7gy3.default\extensions\staged
[2013/11/02 23:47:30 | 000,069,465 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mkcg7gy3.default\extensions\mediahint@jetpack.xpi
[2013/03/28 08:44:33 | 000,002,235 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mkcg7gy3.default\searchplugins\clikseguro.xml
[2012/11/27 00:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
File not found (No name found) -- C:\ARQUIVOS DE PROGRAMAS\FINDLYRICS\FF
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\CONFIGURAÃ§ÃΜES LOCAIS\DADOS DE APLICATIVOS\GAS TECNOLOGIA\GBBD\BB\SF.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\MKCG7GY3.DEFAULT\EXTENSIONS\{D4A5FD5B-2243-4A66-9F96-9E488A2A4147}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\MKCG7GY3.DEFAULT\EXTENSIONS\WEBSITERECOMMENDATION@WELIKETHEWEB.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR - plugin: Shockwave Flash (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\32.0.1700.72\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Arquivos de programas\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: Flash Player = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\enkimeefeoiiblmiaphiicikiejnbedh\11_0\
CHR - Extension: Stylish = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: DealPly Dev channel = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ialdollnlgfogbjjlmjkdmjdmocdhfio\3.6.2.0_0\
CHR - Extension: Redirecionamento de nova guia! = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.1.1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: GBBD Caixa Economica Federal = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei\3.4.0_0\
CHR - Extension: GBBD Caixa Economica Federal = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei\3.5.0_0\
CHR - Extension: Media Hint = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pbogbchcdigifagelnlmhlenmofdgbao\0.1.12_0\
CHR - Extension: GBBD Banco do Brasil = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh\3.4.0_0\
CHR - Extension: GBBD Banco do Brasil = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh\3.6.0_0\

O1 HOSTS File: ([2013/11/10 20:40:34 | 000,000,774 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 lo
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] D:\Arquivos de programas\Nova pasta\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1220945662-1004336348-725345543-500..\Run: [NextLive] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Administrador\Dados de aplicativos\newnext.me\nengine.dll",EntryPoint -m l File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Sites confiáveis)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Sites confiáveis)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Sites confiáveis)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Sites confiáveis)
O15 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..Trusted Domains: caixa.gov.br ([]https in Sites confiáveis)
O15 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..Trusted Domains: clonewarsadventures.com ([]* in Sites confiáveis)
O15 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..Trusted Domains: freerealms.com ([]* in Sites confiáveis)
O15 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..Trusted Domains: line6.net ([]* in Sites confiáveis)
O15 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..Trusted Domains: soe.com ([]* in Sites confiáveis)
O15 - HKU\S-1-5-21-1220945662-1004336348-725345543-500\..Trusted Domains: sony.com ([]* in Sites confiáveis)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Shockwave ActiveX Control)
O16 - DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Portalarium Player Web Plugin)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (UploadListView Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (WUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Java Plug-in 10.21.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Shockwave Flash Object)
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (GbpDistObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.72.38 189.7.72.33 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BA67BF2-6941-4338-A8B9-D8A386F21ABC}: DhcpNameServer = 189.7.72.38 189.7.72.33 201.6.4.116
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\dadosd~1\browse~1\261125~1.80\{c16c1~1\mngr.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Arquivos de programas\GbPlugin\gbiehCef.dll) - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Documents and Settings\Administrador\Meus documentos\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/15 23:15:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0863850f-1ada-11e2-9b7c-00248c46e4c5}\Shell - "" = AutoRun
O33 - MountPoints2\{0863850f-1ada-11e2-9b7c-00248c46e4c5}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
O33 - MountPoints2\{0892694f-aa3c-11e0-8192-00248c46e4c5}\Shell - "" = AutoRun
O33 - MountPoints2\{0892694f-aa3c-11e0-8192-00248c46e4c5}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
O33 - MountPoints2\{72aa1238-dbb8-11e2-9d6f-00248c46e4c5}\Shell - "" = AutoRun
O33 - MountPoints2\{72aa1238-dbb8-11e2-9d6f-00248c46e4c5}\Shell\AutoRun\command - "" = F:\autorun.exe /AUTORUN
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/12 11:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu
[2014/01/12 11:09:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2014/01/12 11:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configuraþ§es locais
[2014/01/12 11:09:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\HiJackThis
[2014/01/12 10:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\revouninstaller-portable
[2014/01/12 10:31:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent
[2014/01/12 10:23:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner
[2014/01/12 10:06:03 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/01/12 08:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Spybot - Search & Destroy 2
[2014/01/12 08:29:13 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/01/12 08:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
[2014/01/12 08:28:35 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Spybot - Search & Destroy 2
[2014/01/12 08:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\genienext
[2014/01/12 08:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Meus documentos\Mobogenie
[2014/01/12 08:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mobogenie
[2014/01/12 08:23:28 | 000,135,488 | ---- | C] (Baidu, Inc.) -- C:\WINDOWS\System32\drivers\Bprotect.sys
[2014/01/12 08:23:23 | 000,027,456 | ---- | C] (Baidu, Inc.) -- C:\WINDOWS\System32\drivers\Bfmon.sys
[2014/01/12 08:23:20 | 000,043,840 | ---- | C] (Baidu, Inc.) -- C:\WINDOWS\System32\drivers\Bfilter.sys
[2014/01/12 08:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Log
[2014/01/12 08:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Baidu Antivirus
[2014/01/08 04:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menu Iniciar\Programas\GameVicio
[2014/01/08 04:17:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\GameVicio
[2014/01/08 04:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Age of Empires 3
[2014/01/06 09:46:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrador\Desktop\Spore-RELOADED
[2014/01/05 21:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Meus documentos\Minhas criações Spore
[2014/01/05 21:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SPORE
[2014/01/05 21:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Electronic Arts
[2014/01/05 19:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\DAEMON Tools Lite
[2014/01/05 19:07:16 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2013/12/24 14:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Blizzard Entertainment
[2013/12/24 14:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Battle.net
[2013/12/24 14:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Battle.net
[2013/12/24 14:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Blizzard Entertainment
[2013/12/24 14:34:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Blizzard Entertainment
[2013/12/24 14:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Battle.net
[2013/12/22 14:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\openvr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/12 11:37:15 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/12 11:33:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/12 11:16:26 | 000,000,660 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/12 11:16:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/12 11:14:53 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014/01/12 11:14:51 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\WINDOWS\System32\drivers\GbpNdisrd.sys
[2014/01/12 11:12:52 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/12 11:12:52 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1004336348-725345543-500.job
[2014/01/12 11:12:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/12 10:56:47 | 000,687,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\sample_20141201_1056.zip
[2014/01/12 10:45:05 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Atalho para zoek.lnk
[2014/01/12 09:42:27 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2014/01/12 09:28:15 | 000,531,588 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2014/01/12 09:28:15 | 000,497,090 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/12 09:28:15 | 000,095,994 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2014/01/12 09:28:14 | 000,085,574 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/12 08:32:03 | 000,000,632 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/01/12 08:32:03 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/01/12 08:29:38 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/01/12 08:23:09 | 000,000,029 | ---- | M] () -- C:\WINDOWS\System32\config.ini
[2014/01/12 08:22:49 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Baidu Antivirus.lnk
[2014/01/12 00:25:48 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/01/10 15:17:56 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/10 08:10:16 | 000,135,488 | ---- | M] (Baidu, Inc.) -- C:\WINDOWS\System32\drivers\Bprotect.sys
[2014/01/07 21:37:30 | 000,001,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/01/05 19:22:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1004336348-725345543-500.job
[2014/01/05 19:08:06 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2013/12/23 05:55:10 | 000,043,840 | ---- | M] (Baidu, Inc.) -- C:\WINDOWS\System32\drivers\Bfilter.sys
[2013/12/19 09:21:36 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/12/19 09:21:36 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/12/19 08:32:58 | 000,071,328 | ---- | M] (Baidu, Inc.) -- C:\WINDOWS\System32\drivers\Bhbase.sys
[2013/12/17 07:59:28 | 000,027,456 | ---- | M] (Baidu, Inc.) -- C:\WINDOWS\System32\drivers\Bfmon.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/12 10:56:47 | 000,687,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\sample_20141201_1056.zip
[2014/01/12 10:45:05 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Atalho para zoek.lnk
[2014/01/12 08:31:57 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/01/12 08:31:55 | 000,000,632 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/01/12 08:31:51 | 000,000,660 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/12 08:29:38 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Spybot-S&D Start Center.lnk
[2014/01/12 08:29:37 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/01/12 08:23:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\config.ini
[2014/01/12 08:22:49 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Baidu Antivirus.lnk
[2013/11/09 23:37:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/11/09 08:54:24 | 000,018,570 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\unins001.dat
[2013/10/05 07:56:40 | 000,077,717 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\funmoods_2.3.1.crx
[2013/08/01 20:01:22 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Ament.ini
[2013/06/15 12:13:29 | 000,014,345 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.dat
[2013/04/21 13:38:25 | 000,000,176 | ---- | C] () -- C:\WINDOWS\REC-NET.INI
[2013/03/31 20:47:21 | 000,444,283 | ---- | C] () -- C:\Arquivos de programas\Arquivos comuns\WinPcapNmap.exe
[2013/03/10 13:18:15 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2013/03/09 21:08:14 | 000,000,912 | RHS- | C] () -- C:\Documents and Settings\Administrador\ntuser.pol
[2013/03/04 06:46:36 | 000,143,390 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-S-1-5-21-1220945662-1004336348-725345543-500-0.dat
[2013/03/02 07:26:22 | 000,143,390 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-System.dat
[2012/11/23 19:09:27 | 000,026,048 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/09/25 21:42:38 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\wibuk1.crx
[2012/02/15 22:02:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 12:48:35 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2012/02/13 20:42:48 | 000,246,773 | ---- | C] () -- C:\Arquivos de programas\VirtualDub.chm
[2012/02/13 20:42:48 | 000,220,394 | ---- | C] () -- C:\Arquivos de programas\VirtualDub.vdi
[2012/02/13 20:42:48 | 000,073,728 | ---- | C] ( ) -- C:\Arquivos de programas\vdremote.dll
[2012/02/13 20:42:48 | 000,069,632 | ---- | C] ( ) -- C:\Arquivos de programas\vdicmdrv.dll
[2012/02/13 20:42:48 | 000,069,632 | ---- | C] ( ) -- C:\Arquivos de programas\auxsetup.exe
[2012/02/13 20:42:48 | 000,065,536 | ---- | C] ( ) -- C:\Arquivos de programas\vdsvrlnk.dll
[2012/02/13 20:42:48 | 000,018,321 | ---- | C] () -- C:\Arquivos de programas\copying
[2012/02/13 20:42:48 | 000,008,704 | ---- | C] ( ) -- C:\Arquivos de programas\vdub.exe
[2012/02/13 20:42:47 | 002,670,592 | ---- | C] () -- C:\Arquivos de programas\VirtualDub.exe
[2012/02/13 20:39:24 | 001,707,366 | ---- | C] () -- C:\Arquivos de programas\VirtualDub-1.9.11.zip
[2011/07/13 19:07:01 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Administrador\jagex_runescape_preferences2.dat
[2011/07/13 18:51:02 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrador\jagex_runescape_preferences.dat
[2011/07/10 05:12:22 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Administrador\volconfig.ran
[2011/04/10 18:26:10 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\Administrador\.mjsync_pt_BR
[2011/04/01 19:38:37 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\PnkBstrK.sys
[2011/01/01 16:44:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Ÿ9Ÿ9
[2010/12/21 20:20:49 | 000,158,208 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/12/18 13:47:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:20:40 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:53:26 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:20:41 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/08 22:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\.minecraft
[2013/08/31 00:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\AVI ReComp
[2013/09/28 15:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Baidu Security
[2013/12/24 14:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Battle.net
[2013/01/19 04:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Boot
[2013/03/05 11:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/11/23 19:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/01/12 10:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools Lite
[2012/11/26 22:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\downloads
[2012/07/14 21:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Foxit Software
[2013/09/03 10:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\IEXPLORE
[2012/11/10 07:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Installer
[2012/09/23 21:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Launcher
[2012/08/25 19:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Line 6
[2012/03/26 18:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\LolClient
[2012/05/25 19:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\LolClient2
[2012/03/04 00:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\LOVE
[2010/12/30 23:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mouse Recorder Pro
[2012/02/22 09:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\naviextras
[2013/05/11 13:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Notepad++
[2013/12/22 14:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\openvr
[2013/01/02 14:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PhotoFiltre
[2012/02/10 19:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PointBlank
[2013/06/08 06:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PSafe
[2013/05/09 21:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\raidcall
[2013/09/22 19:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Riot Games
[2011/04/08 21:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ScummVM
[2011/11/18 13:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Sony Online Entertainment
[2014/01/05 21:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SPORE
[2011/08/24 18:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TeamViewer
[2013/06/15 22:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TuneUp Software
[2011/02/08 20:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Unity
[2013/03/31 20:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\VDownloader
[2014/01/08 04:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Age of Empires 3
[2014/01/12 11:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu
[2013/09/26 14:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
[2013/12/24 14:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Battle.net
[2013/06/15 22:40:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files
[2013/06/23 02:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite
[2013/01/03 16:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Electronic Arts
[2014/01/04 11:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GAS Tecnologia
[2014/01/12 09:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2012/09/14 18:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Hi-Rez Studios
[2013/11/09 23:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IPM
[2012/05/01 02:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\levelup downloader
[2012/08/25 19:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Line 6
[2014/01/12 08:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Log
[2013/11/23 14:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn
[2011/03/05 23:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nexon
[2013/06/18 14:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PSafe
[2013/11/09 08:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Temp
[2013/06/15 22:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software
[2013/06/15 22:40:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/03/01 21:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\360Safe
[2013/06/16 09:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\TuneUp Software

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2013/11/14 18:49:47 | 097,872,530 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꡯ嘟唴6
[2013/11/14 12:50:19 | 097,872,530 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꡯ嘟唴6
[2013/11/13 14:00:02 | 097,671,483 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\叴唴6
[2013/11/13 14:00:02 | 097,671,483 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\叴唴6
[2013/11/11 13:46:50 | 103,716,811 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\識쥯唴6
[2013/11/11 13:46:50 | 103,716,811 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\識쥯唴6
[2013/11/09 13:44:59 | 103,387,443 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䨖唴6
[2013/11/09 07:45:34 | 103,387,443 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䨖唴6
[2013/11/02 19:13:28 | 104,684,788 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\낾埞唴6
[2013/11/02 19:13:28 | 104,684,788 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\낾埞唴6
[2013/10/22 02:09:18 | 102,278,179 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\冺셌唴6
[2013/10/21 20:09:18 | 102,278,179 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\冺셌唴6
[2013/10/15 14:05:42 | 101,148,298 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鹐唴6
[2013/10/15 08:05:32 | 101,148,298 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鹐唴6
[2013/10/14 20:05:52 | 101,072,268 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\퉂鬏唴6
[2013/10/14 20:05:52 | 101,072,268 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\퉂鬏唴6
[2013/10/05 02:00:52 | 099,319,274 | ---- | M] ()(C:\WINDOWS\System32\?S?6) -- C:\WINDOWS\System32\棵Σ唴6
[2013/10/02 14:01:47 | 099,319,274 | ---- | C] ()(C:\WINDOWS\System32\?S?6) -- C:\WINDOWS\System32\棵Σ唴6
[2013/09/28 15:02:44 | 098,442,955 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\噜ꅠ唴6
[2013/09/28 15:02:44 | 098,442,955 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\噜ꅠ唴6

========== Alternate Data Streams ==========

@Alternate Data Stream - 310 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:D55B9EBA_Cef.gbp
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:D55B9EBA_Bb.gbp

< End of report >

por Wings [In Memoriam] Dom 12 Jan 2014, 13:24

Efetue as ações enviadas por MP e poste os relatórios pedidos para serem analisados.

por Freedman Dom 12 Jan 2014, 14:00

All processes killed
========== OTL ==========
Unable to kill active process BHipsSvc.exe!
Unable to kill active process BAVSvc.exe!
Releasing module C:\Arquivos de programas\Baidu Security\Baidu Antivirus\sqlite.dll
File move failed. C:\Arquivos de programas\Baidu Security\Baidu Antivirus\sqlite.dll scheduled to be moved on reboot.
Error: Unable to stop service BHipsSvc!
Unable to delete service\driver key BHipsSvc.
File move failed. C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe scheduled to be moved on reboot.
Service BAVSvc stopped successfully!
Service BAVSvc deleted successfully!
File move failed. C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BAVSvc.exe scheduled to be moved on reboot.
Service XDva401 stopped successfully!
Service XDva401 deleted successfully!
File C:\WINDOWS\system32\XDva401.sys not found.
Service XDva398 stopped successfully!
Service XDva398 deleted successfully!
File C:\WINDOWS\system32\XDva398.sys not found.
Service XDva397 stopped successfully!
Service XDva397 deleted successfully!
File C:\WINDOWS\system32\XDva397.sys not found.
Service XDva393 stopped successfully!
Service XDva393 deleted successfully!
File C:\WINDOWS\system32\XDva393.sys not found.
Service XDva392 stopped successfully!
Service XDva392 deleted successfully!
File C:\WINDOWS\system32\XDva392.sys not found.
Service PCFApiUtil stopped successfully!
Service PCFApiUtil deleted successfully!
File C:\Arquivos de programas\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys not found.
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Arquivos de programas\Enigma Software Group\SpyHunter\esgiguard.sys not found.
Service BprotectEx stopped successfully!
Service BprotectEx deleted successfully!
File C:\WINDOWS\System32\drivers\BprotectEx.sys not found.
Error: Unable to stop service Bprotect!
Unable to delete service\driver key Bprotect.
File move failed. C:\WINDOWS\system32\drivers\Bprotect.sys scheduled to be moved on reboot.
Error: No service named BdApiUtil was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully.
File move failed. C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BdApiUtil.sys scheduled to be moved on reboot.
Error: Unable to stop service Bfilter!
Unable to delete service\driver key Bfilter.
File move failed. C:\WINDOWS\system32\drivers\Bfilter.sys scheduled to be moved on reboot.
Error: Unable to stop service Bhbase!
Unable to delete service\driver key Bhbase.
File move failed. C:\WINDOWS\system32\drivers\Bhbase.sys scheduled to be moved on reboot.
Error: No service named BdCameraProtect was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully.
File move failed. C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BdCameraProtect.sys scheduled to be moved on reboot.
Error: Unable to stop service Bfmon!
Unable to delete service\driver key Bfmon.
File move failed. C:\WINDOWS\system32\drivers\Bfmon.sys scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}\ not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-1004336348-725345543-500\Software\Microsoft\Internet Explorer\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}\ not found.
Prefs.js: "http://br.hao123.com/?tn=4shared_hp_hao123_br" removed from browser.startup.homepage
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ialdollnlgfogbjjlmjkdmjdmocdhfio\3.6.2.0_0\images folder moved successfully.
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ialdollnlgfogbjjlmjkdmjdmocdhfio\3.6.2.0_0 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\docume~1\alluse~1\dadosd~1\browse~1\261125~1.80\{c16c1~1\mngr.dll deleted successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu\Antivirus folder moved successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_searchplugins folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_Extensions folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_AI_RecycleBin\{E0137A43-E457-4FF7-93D4-8780C04E9665} folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_AI_RecycleBin\{BF7C76CF-3D12-4106-B330-57E7689EB230} folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_AI_RecycleBin\{9AFCADBC-9AD9-4B9F-B3B0-A273FB865D94} folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_AI_RecycleBin\{42E4758A-34EA-43D8-BA06-376423DAECBA} folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_AI_RecycleBin\{421A4AE2-BE39-49C5-A75D-A33E7A14B28E} folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_AI_RecycleBin\{2706EC0A-BBB9-44DB-9891-DFD126719403} folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_AI_RecycleBin\{1B72E9CF-2F2C-4503-A8A0-B7707A269045} folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_AI_RecycleBin\{044C6F39-C42B-44C0-9BB3-B6406A8B0D59} folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_AI_RecycleBin\{019BA5B5-74BC-4401-A7D9-F20ADBB00794} folder moved successfully.
C:\zoek_backup\C_WINDOWS_System32_AI_RecycleBin folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_SummerSoft\Setup folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_SummerSoft folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_saveonosharre folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_InstallMate\{AD1F8585-44BC-4DEB-AF00-0C9E76FCA773} folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_InstallMate\E2111ECA\cfg folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_InstallMate\E2111ECA folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_InstallMate\4CE3E126\cfg folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_InstallMate\4CE3E126 folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_InstallMate\371D716B\cfg folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_InstallMate\371D716B folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_InstallMate folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_boost_interprocess\20131127124804.375000 folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_boost_interprocess folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_BetterSoft folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu\commondll\splitupload\DllVersion_2.0 folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu\commondll\splitupload folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu\commondll folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu\Antivirus folder moved successfully.
C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Menu Iniciar_Programas_TornTV.com folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Menu Iniciar_Programas_Mobogenie folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Menu Iniciar_Programas_Hao123-br folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Toolbar4 folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_SimilarSites folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_RCTW folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_newnext.me\cache folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_newnext.me folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Mozilla_Firefox_Profiles_mkcg7gy3.default_jetpack\torntv2@torntv.com\simple-storage folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Mozilla_Firefox_Profiles_mkcg7gy3.default_jetpack\torntv2@torntv.com folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Mozilla_Firefox_Profiles_mkcg7gy3.default_jetpack\gophoto@gophoto.it\simple-storage folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Mozilla_Firefox_Profiles_mkcg7gy3.default_jetpack\gophoto@gophoto.it folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Mozilla_Firefox_Profiles_mkcg7gy3.default_jetpack folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Mozilla_Firefox_Profiles_mkcg7gy3.default_extensions_{d4a5fd5b-2243-4a66-9f96-9e488a2a4147}\defaults\preferences folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Mozilla_Firefox_Profiles_mkcg7gy3.default_extensions_{d4a5fd5b-2243-4a66-9f96-9e488a2a4147}\defaults folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Mozilla_Firefox_Profiles_mkcg7gy3.default_extensions_{d4a5fd5b-2243-4a66-9f96-9e488a2a4147}\chrome\content\images folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Mozilla_Firefox_Profiles_mkcg7gy3.default_extensions_{d4a5fd5b-2243-4a66-9f96-9e488a2a4147}\chrome\content folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Mozilla_Firefox_Profiles_mkcg7gy3.default_extensions_{d4a5fd5b-2243-4a66-9f96-9e488a2a4147}\chrome folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Mozilla_Firefox_Profiles_mkcg7gy3.default_extensions_{d4a5fd5b-2243-4a66-9f96-9e488a2a4147} folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]\chrome\skin\classic folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]\chrome\skin folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]\chrome\locale\en-US folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]\chrome\locale folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]\chrome\content folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]\chrome folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]\content folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_JOBS folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_GetRightToGo folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Funmoods\UpdateProc folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Funmoods folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_baidu\hao123-br folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_baidu\Baidu Antivirus folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_baidu folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_Dados de aplicativos_Ahead folder moved successfully.
C:\zoek_backup\C_Documents and Settings_Administrador_.android folder moved successfully.
C:\zoek_backup\C_Arquivos de programas_TornTV.com folder moved successfully.
C:\zoek_backup\C_Arquivos de programas_ss helper folder moved successfully.
C:\zoek_backup\C_Arquivos de programas_SimilarSites folder moved successfully.
C:\zoek_backup\C_Arquivos de programas_Mobogenie folder moved successfully.
C:\zoek_backup\C_Arquivos de programas_FindLyrics_FF\chrome\content folder moved successfully.
C:\zoek_backup\C_Arquivos de programas_FindLyrics_FF\chrome folder moved successfully.
C:\zoek_backup\C_Arquivos de programas_FindLyrics_FF folder moved successfully.
C:\zoek_backup\C_Arquivos de programas_FindLyrics\FF\chrome\content folder moved successfully.
C:\zoek_backup\C_Arquivos de programas_FindLyrics\FF\chrome folder moved successfully.
C:\zoek_backup\C_Arquivos de programas_FindLyrics\FF folder moved successfully.
C:\zoek_backup\C_Arquivos de programas_FindLyrics folder moved successfully.
C:\zoek_backup folder moved successfully.
File move failed. C:\WINDOWS\system32\drivers\Bprotect.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\Bfmon.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\Bfilter.sys scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Baidu Antivirus folder moved successfully.
C:\Documents and Settings\All Users\Desktop\Baidu Antivirus.lnk moved successfully.
File move failed. C:\WINDOWS\system32\drivers\Bhbase.sys scheduled to be moved on reboot.
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\funmoods_2.3.1.crx moved successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\PSafe\Updater\86514d075c11824534152196a493659b\psafe\updater folder moved successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\PSafe\Updater\86514d075c11824534152196a493659b\psafe folder moved successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\PSafe\Updater\86514d075c11824534152196a493659b\protege folder moved successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\PSafe\Updater\86514d075c11824534152196a493659b folder moved successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\PSafe\Updater folder moved successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\PSafe\logs folder moved successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\PSafe folder moved successfully.
========== FILES ==========
< rd /s /q "C:\Arquivos de programas\Baidu Security" /c >
C:\Documents and Settings\Administrador\Meus documentos\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Meus documentos\Downloads\cmd.txt deleted successfully.
< reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /v Baidu Antivirus /f /c >
C:\Documents and Settings\Administrador\Meus documentos\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Meus documentos\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrador
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 219 bytes
->Temporary Internet Files folder emptied: 9208206 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4816055 bytes
->Google Chrome cache emptied: 25559328 bytes
->Flash cache emptied: 2885349 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 268119978 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2321819 bytes
%systemroot%\System32 .tmp files removed: 2969 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14772 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 299,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01122014_123514

Files\Folders moved on Reboot...
File move failed. C:\Arquivos de programas\Baidu Security\Baidu Antivirus\sqlite.dll scheduled to be moved on reboot.
File move failed. C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe scheduled to be moved on reboot.
File move failed. C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BAVSvc.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\Bprotect.sys scheduled to be moved on reboot.
File move failed. C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BdApiUtil.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\Bfilter.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\Bhbase.sys scheduled to be moved on reboot.
File move failed. C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BdCameraProtect.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\Bfmon.sys scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

por Wings [In Memoriam] Dom 12 Jan 2014, 14:03

* Inicie o PC em Modo Seguro (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro).

Quando estiver o PC no Modo Seguro, repita o procedimento que lhe passei na resposta anterior e poste os novos logs que serão criados.

Ficamos na espera.

por **Admin** Qui 23 Jan 2014, 10:00

TÓPICO ARQUIVADO

Como o autor não respondeu, o tópico foi arquivado. Caso necessite a sua reabertura, deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] via MP.

por Conteúdo patrocinado

Como excluir o Baidu Antivirus?

Como excluir o Baidu Antivirus?

Re: Como excluir o Baidu Antivirus?

Extras

OTL

Re: Como excluir o Baidu Antivirus?

01122014_123514

Re: Como excluir o Baidu Antivirus?

Re: Como excluir o Baidu Antivirus?

Re: Como excluir o Baidu Antivirus?

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30