cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Z-Analyse V1.0.0.4 Updated 08-April-2015
Tool run by ANDERSON on 18/04/2015 at 19:57:36,28.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ANDERSON\Desktop\Z-analyse\Z-Analyse.exe [Deep Scan]

==== Older Logs ======================

C:\zoek-results2015-04-18-225006.log 23010 bytes

==== System Restore Info ======================

18/04/2015 19:58:19 Zoek.exe System Restore Point Created Successfully.

==== Running Processes ======================

C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\ANDERSON\Desktop\Z-analyse\Z-Analyse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [AVGIDSHA] - AVGIDSHA - C:\Windows\system32\Drivers\AVGIDSHA.sys
R0 - [Avgloga] - AVG Logging Driver - C:\Windows\system32\Drivers\Avgloga.sys
R0 - [Avgmfx64] - AVG Mini-Filter Resident Anti-Virus Shield - C:\Windows\system32\Drivers\Avgmfx64.sys
R0 - [Avgrkx64] - AVG Anti-Rootkit Driver - C:\Windows\system32\Drivers\Avgrkx64.sys
R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8106 MB
CPU Info: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
CPU Speed: 2232,2 MHz
Sound Card: Alto-falantes (Realtek High Def |
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Monitor Gen�rico PnP |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe FE Family Controller | Atheros AR9285 Wireless Network Adapter
CD / DVD Drives: 1x (E: | ) E: Optiarc DVD RW AD-7710H
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 195,2GB | D: 270,4GB
Hard Disks - Free: C: 119,7GB | D: 194,0GB
Manufacturer *: Phoenix Technologies Ltd.
BIOS Info: AT/AT COMPATIBLE | 04/06/11 | DELL - 2
Time Zone: Hora oficial do Brasil
Motherboard *: Intel Corp. Emerald Lake
Country: Brasil
Language: PTB

==== System Specs (Software) ======================

Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated)
Default Browser: Firefox 37.0.1
Internet Explorer Version: 11.0.9600.17728
Mozilla Firefox version: 37.0.1 (x86 pt-BR)
Adobe Reader version: 11.0.10.32
Flash Player version: 17.0.0.169

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\ANDERSON\AppData\Local\Temp ====
2015-04-18 22:57:29 3304FDFB4F7424B385C308B812FB019C 71680 ----a-w- C:\Users\ANDERSON\AppData\Local\Temp\ZAScan.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-04-16 11:53:48 32B9FEE479FF55234ED6BCF1D7976189 1309696 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2015-04-16 11:53:47 11896E75E1A118ABFAD126BEB650A189 3920824 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 11:53:44 A6A644BFAE31F111F35F8C3C7BA2A8A0 3976632 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 11:53:42 BC09159AFF6639DB2CB28058731199F0 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll
2015-04-16 11:53:42 99DE8BADC0E85C9AB4A8301A3723FFEA 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2015-04-16 11:53:41 DB7CFA08957C94F6CFAA0DBB8BE4B906 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2015-04-16 11:53:41 56977F27A96383E2A6C8BACEFC17E9CA 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2015-04-16 11:53:41 2DE438AE95C59FB33B3E4E34827C1100 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2015-04-16 11:53:40 E6A73ED322D8D0E85589894157F81940 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2015-04-16 11:53:40 C2A7AEA0A0FF0E7284632902FF9BD73A 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2015-04-16 11:53:40 A169307F0105183092F2AEDA9A8BD15D 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll
2015-04-16 11:53:40 A057B61F8A553F6DA38563597FA3676B 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2015-04-16 11:53:40 6F8CEB8115737D2E049804B191AE41A9 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
2015-04-16 11:53:40 6A9FFEF19C4F8F2E9082A50BB07ECDF1 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2015-04-16 11:53:40 655C88135254C78E6FB66B6C2F6AC5DA 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2015-04-16 11:53:40 52C84F726B8B84634F2E666C49076CDE 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2015-04-16 11:53:40 47A1F23EE40C2389FCD53E9D5CEA3430 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2015-04-16 11:53:40 0FF9EEFF3EFC725FD90AD2CDA5A96776 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2015-04-16 11:53:40 06C69684C3730E1A31DF06D4DD4042BC 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 11:53:37 FC898E44379D877DE92D869E713528CD 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2015-04-16 11:53:37 C557EB6CD735B4EE5076EA289B02CEAC 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
2015-04-16 11:53:37 C0693456929F40833B9CC36C9CF7E3A8 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2015-04-16 11:53:37 53C485BC8BBD41877F58AEB89412F5D7 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2015-04-16 11:53:37 4B21D227B191A6305087BDD6BB19220F 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll
2015-04-16 11:53:37 2E0F849B7BF17969E45881FA4EB9B487 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2015-04-15 11:30:37 E981C27FA6C2F45C135DB4AF78D6FE1F 92672 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2015-04-15 11:30:37 C7E498E41D92CF8C2EAED9995781A7F7 29696 ----a-w- C:\Windows\SysWOW64\wups.dll
2015-04-15 11:30:37 9D68CE45935C439D5082ECB56902124D 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2015-04-15 11:30:37 751C4859FD46A1461B3FB57252F541D8 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2015-04-15 11:30:37 031C03C9639CE0D294695968C68A5775 173056 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 11:30:07 2B381229CCACA02AFF9D27B09073E523 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll
2015-04-15 11:30:06 DA5B856A037872BE089CA6967C7050C5 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2015-04-15 11:30:06 78492CF3C3697FB5AF4EAABB2BAF8595 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 11:28:49 8CD57250F538CFFA0D5DCA9773AEDCAB 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 11:28:47 BA897AB3BC3DBC25829946EBA487496C 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2015-04-15 11:28:47 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\SysWOW64\ieuinit.inf
2015-04-15 11:28:46 DC155C2C14DC69EA400020CF92895873 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 11:28:46 D730BA653F9F95EC044F6636E6E45905 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 11:28:46 89CACDF654626F1948BF6C19A6D610BE 342704 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 11:28:45 EC442CB6F2D08F4FAA6BA68A23B82383 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 11:28:45 CD91FE4F2718A88FC1C9C9C2E73EABB2 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 11:28:45 92CF8BC1B198C01CDC55A1A91E510700 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 11:28:45 8127C2EE2E287BB3AB7843F9923B62BD 1311232 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2015-04-15 11:28:45 2F42037DD6F2831332653EB7F35D7E9A 19695616 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2015-04-15 11:28:44 CA4F96D21BEF43DE9407210CFF76FCEA 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 11:28:40 8E30C9B4E16C23211F1DD02B517E4FA8 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2015-04-15 11:28:39 01C2BB4C13E6E0AF50867BCE8EE8A03E 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 11:28:38 B7BFB7C2970DF5E779FF729C037BD8E4 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 11:28:38 A305BEDA0CD8304102BFBBA0EB2A48CA 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 11:28:38 8A083313C1F7F50098D1D4F2FC092BD1 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 11:28:38 77104FDBBD821F2D73338D9370675EF3 2278400 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2015-04-15 11:28:38 1DFA1B4968C4E9E23CD6E68AF9CC063F 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 11:28:37 AE8A9FCDC135F681EFE9135929CF4A7B 12825600 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2015-04-15 11:28:37 94D64C343FE6341430A4C61BC490FEBF 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll
2015-04-15 11:28:37 2B5DD86A4B6E92E5A79C479C0652E727 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 11:28:36 C46904F2E9E121A91DDDABB48D7648C3 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll
2015-04-15 11:28:36 BDE9AA78B575CDA7C946A725926021F7 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 11:28:36 B55293D48979DADE6049944C252A3BDB 340992 ----a-w- C:\Windows\SysWOW64\html.iec
2015-04-15 11:28:36 7776F3DA2B1AEDC2DA226F726B1E9A01 503296 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2015-04-15 11:28:36 43A5A38E45F0D4FA02A0CCD51244AA17 4305408 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2015-04-15 11:28:36 2396395B6F563158BEC2E0526D7F6CD2 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
2015-04-15 11:26:01 D824C1C235349B67E652A5CA70D1AA49 58880 ----a-w- C:\Windows\SysWOW64\clfsw32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-04-16 11:53:49 DCB7D8034C773ADB660FA8F1139AC0A0 5557696 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2015-04-16 11:53:48 96C2380819EBAC0BF592A7E8977E9E8A 1727904 ----a-w- C:\Windows\Sysnative\ntdll.dll
2015-04-16 11:53:47 E75074EFBE3C24FBC95C7C1985E08FDE 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll
2015-04-16 11:53:47 B47C4E8E9AF9044F9D59443196D54608 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2015-04-16 11:53:44 5EA8A53A243ED52DA1F705D000854B2A 341504 ----a-w- C:\Windows\Sysnative\schannel.dll
2015-04-16 11:53:43 CBEFBE487F0C09EE0F8AC5299447450E 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2015-04-16 11:53:42 6DEDB5E0258998C01C26280DBDB2A4B9 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2015-04-16 11:53:41 F87B5878D7621A16A0A5CF1D94BE5A53 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
2015-04-16 11:53:41 F36EF8DBE5CE842B8F04515BF422DFB4 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2015-04-16 11:53:41 EA32F4EA3AE06EDD122FBCD5A489E457 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2015-04-16 11:53:41 CB33B9F21F06764DCA561FC194823199 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2015-04-16 11:53:41 B00F1AC213172C557EF84F71E4DF5EA3 243712 ----a-w- C:\Windows\Sysnative\wow64.dll
2015-04-16 11:53:41 A32CA33E8692DA882133341AF31A4C36 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2015-04-16 11:53:41 8E615D40A652999B224EDBBFA7B4035B 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll
2015-04-16 11:53:41 7220246418A40D3BF7470058A2DB939A 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
2015-04-16 11:53:41 5E9E31A2F213E757184EB2CA4B562E6C 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe
2015-04-16 11:53:40 DE328CD9E0678A55880C2189EE5BDBDC 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2015-04-16 11:53:40 CFDA43CD05B94C4853042E4A9561B156 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
2015-04-16 11:53:40 CACB6D061EAAE5CEB9203A26127843AF 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe
2015-04-16 11:53:40 CA4FC33FB22D92368A0B221092B46374 31232 ----a-w- C:\Windows\Sysnative\lsass.exe
2015-04-16 11:53:40 C631969919195C040E135CC380018A65 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll
2015-04-16 11:53:40 978BC01DD41125DED32AC03925A16578 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
2015-04-16 11:53:40 799E731B83F911A6220E678722A73DDF 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2015-04-16 11:53:40 5905040249D279F61AE988A7F5F0D241 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2015-04-16 11:53:40 2ABF1BA930E5CE0017D6197A06B03E07 50176 ----a-w- C:\Windows\Sysnative\srclient.dll
2015-04-16 11:53:40 234529666FB5BBE12343FF58380E8234 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll
2015-04-16 11:53:40 1150C2D3C72887571581DF6D0E58540D 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2015-04-16 11:53:40 0B6514A14631E41DE4D6D40D1C80BE68 112640 ----a-w- C:\Windows\Sysnative\smss.exe
2015-04-16 11:53:37 88B6EDA230EFEFC780AF717AA9640CAD 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll
2015-04-16 11:53:37 55BF60184106FCF60B999CDEB4EACB2E 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
2015-04-16 11:53:37 39D0217773202CF09F13C1E420CBA6CA 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll
2015-04-16 11:53:37 3474740668B86841E999893D9314193E 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll
2015-04-15 11:30:37 C5D90D20035928387FE27E4485EE463F 36864 ----a-w- C:\Windows\Sysnative\wuapp.exe
2015-04-15 11:30:37 AECC03D0A794619E15FF1CB92D65EF9E 191488 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2015-04-15 11:30:37 AEA602B4036CF95522818E911654F52E 135168 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2015-04-15 11:30:37 95A9A336CFF6AC51B33BBFDBEA6D848B 60416 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll
2015-04-15 11:30:37 6C21C983C1F83900DBEDE51DCA247B72 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll
2015-04-15 11:30:37 6BAC8DCC6C58755A1B9E6D3B04C28FC5 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll
2015-04-15 11:30:37 2ADEA6F221BBF0992FDF9A3E25BA9F59 98304 ----a-w- C:\Windows\Sysnative\wudriver.dll
2015-04-15 11:30:37 2A77BD58F0A8D3743D4299434390922E 35328 ----a-w- C:\Windows\Sysnative\wups.dll
2015-04-15 11:30:37 21DF773EF8EFEF531E7E0BF477E03047 3298816 ----a-w- C:\Windows\Sysnative\wucltux.dll
2015-04-15 11:30:37 21CA4277E6918B019525ECCD748EF401 37376 ----a-w- C:\Windows\Sysnative\wups2.dll
2015-04-15 11:30:37 0814A74C853F50B354F08F83DDA9F7FB 2553856 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2015-04-15 11:30:19 E72C92A252EC4B230287BC6E06F24296 957952 ----a-w- C:\Windows\Sysnative\appraiser.dll
2015-04-15 11:30:19 826A7F422014E4762C700B4254F5C588 1111552 ----a-w- C:\Windows\Sysnative\aeinv.dll
2015-04-15 11:30:19 5D0A492C42A43DCF73284F2865519712 30720 ----a-w- C:\Windows\Sysnative\acmigration.dll
2015-04-15 11:30:19 3FCD3FE7F58935A85ACC33019129358E 419840 ----a-w- C:\Windows\Sysnative\devinv.dll
2015-04-15 11:30:19 0E0723E6D064ACD3D603BEF93EE0B950 769536 ----a-w- C:\Windows\Sysnative\invagent.dll
2015-04-15 11:30:19 05ED759DD0821294F05A41F6A8F1E18F 726528 ----a-w- C:\Windows\Sysnative\generaltel.dll
2015-04-15 11:30:18 3F0FFBA1765470F979D57F88248070CA 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll
2015-04-15 11:30:18 205EE22E14A9848FB2266FF035BE0C9C 192000 ----a-w- C:\Windows\Sysnative\aepic.dll
2015-04-15 11:30:07 72098048AB8AE2CAFA4ECE35D5051D62 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll
2015-04-15 11:30:06 2AA1704C1475AD9D18560AD07BDA66DF 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll
2015-04-15 11:30:06 0B85F3551337FE233477DA31545DC45C 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll
2015-04-15 11:28:47 3B69EBB762C52E8EFC127857C93CAC4F 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2015-04-15 11:28:47 3278499EBA0DAA54EB4B68F695F0FB43 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2015-04-15 11:28:46 B664D90F9BFCFBBCF520C63B17736880 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2015-04-15 11:28:46 9D3E174BD20A383523D5551A46C24BF6 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll
2015-04-15 11:28:46 7571102ACD8A82A55D1657CDF96A1A0E 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2015-04-15 11:28:45 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\Sysnative\ieuinit.inf
2015-04-15 11:28:45 0B077004AE4C2F7DE630445391360262 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-04-15 11:28:38 F36C78BC3D456BFB42A606A6B723F6DC 389808 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2015-04-15 11:28:38 68996E442920AD397279C3CD2AC37551 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2015-04-15 11:28:38 630FB85EF5FFB7441A7AFB4CC9FC9DB6 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-04-15 11:28:38 3C9D34F1F5A2C6867ECC60026F1F6CB7 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll
2015-04-15 11:28:37 B137E42258BCE4D1DA6D7F11C084983A 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2015-04-15 11:28:37 9171D1A18B1185A78BA33FEE884B8912 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2015-04-15 11:28:37 3408F27ABC8B2426481306336F747949 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2015-04-15 11:28:37 0E98ED153699741D42472B0B429B3434 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll
2015-04-15 11:28:36 E935163C8AFFEB519572CEB8AA10E8E1 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2015-04-15 11:28:36 706A56A863BD5F24FC98EF5E2D0582AD 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2015-04-15 11:28:36 50B2A19B2FBFEFE0FFC537C1BA6C5DD9 2886144 ----a-w- C:\Windows\Sysnative\iertutil.dll
2015-04-15 11:28:36 35B570D079F77FDE5D816CCB2FCE9C98 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2015-04-15 11:28:35 FA10EC0F44A75511D13F9D93184CFC90 14397440 ----a-w- C:\Windows\Sysnative\ieframe.dll
2015-04-15 11:28:35 8E9A5B0DA4B6DFCD3CB13A69E89417D6 633856 ----a-w- C:\Windows\Sysnative\ieui.dll
2015-04-15 11:28:35 3457A873B2246B36F1FF58876841D7FE 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2015-04-15 11:28:35 0DD9381BE8609D889F01812B7EFB1693 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2015-04-15 11:28:34 E593E891B374088572AD021431EBC38B 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll
2015-04-15 11:28:34 AA0640B3252BB6E9F90715F79EE77399 6025216 ----a-w- C:\Windows\Sysnative\jscript9.dll
2015-04-15 11:28:34 93B4EB4C7FF742BB834607B24EEF9F8F 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2015-04-15 11:28:34 77B35D0FC22A2D2EAC8D07C3F9784DBF 2358784 ----a-w- C:\Windows\Sysnative\wininet.dll
2015-04-15 11:28:34 3C9C1ADE982DB6FD77AD19FFE252B80A 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2015-04-15 11:28:33 E0B5729CDAD0701839569A16DE68D311 199680 ----a-w- C:\Windows\Sysnative\msrating.dll
2015-04-15 11:28:33 DBC0C4554A8B2A81F68690D30F12C99E 24980480 ----a-w- C:\Windows\Sysnative\mshtml.dll
2015-04-15 11:28:33 899C731AF8C5FF826DFA6C19D725A355 417280 ----a-w- C:\Windows\Sysnative\html.iec
2015-04-15 11:28:33 58DF183B856803E74BED39550FED0BCE 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2015-04-15 11:26:01 745DE455E02693423B1B78F448D52961 79360 ----a-w- C:\Windows\Sysnative\clfsw32.dll
2015-04-15 11:26:01 404B7DF9CA4D1CB675045AF220FF3285 367552 ----a-w- C:\Windows\Sysnative\clfs.sys
====== C:\Windows\Sysnative\drivers =====
2015-04-16 11:53:41 1FA627E63195BF3BF636BFEF0D7190D4 155576 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-04-16 11:53:41 063C09DB965E3DFD6F4F08416F6DB8F5 95672 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2015-04-15 11:28:58 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\Sysnative\drivers\http.sys
2015-03-25 14:21:34 079F75EE36CD275620298DA7D7636006 281056 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys
====== C:\Windows\Tasks ======
2015-04-18 22:46:50 5FA664FDA5DB69DCB2354697593B604E 3152 ----a-w- C:\Windows\Sysnative\Tasks\{1DDB5723-2AE4-49A7-9ED5-9EDE12F7ACE8}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-04-15 12:58:57 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
======= C: =====
====== C:\Users\ANDERSON\AppData\Roaming ======
====== C:\Users\ANDERSON ======
2015-04-18 22:45:58 69AA42DB5798159E90D7D1FE7F375CAC 1365504 ----a-w- C:\Users\ANDERSON\Desktop\ZA-Scan.exe
2015-04-15 12:58:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

====== C: exe-files ==
2015-04-18 22:57:29 3304FDFB4F7424B385C308B812FB019C 71680 ----a-w- C:\Users\ANDERSON\AppData\Local\Temp\ZAScan.exe
2015-04-18 22:45:58 69AA42DB5798159E90D7D1FE7F375CAC 1365504 ----a-w- C:\Users\ANDERSON\Desktop\ZA-Scan.exe
2015-04-16 11:53:49 DCB7D8034C773ADB660FA8F1139AC0A0 5557696 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-16 11:53:47 11896E75E1A118ABFAD126BEB650A189 3920824 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 11:53:44 A6A644BFAE31F111F35F8C3C7BA2A8A0 3976632 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 11:53:41 A32CA33E8692DA882133341AF31A4C36 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-16 11:53:41 5E9E31A2F213E757184EB2CA4B562E6C 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-16 11:53:40 E6A73ED322D8D0E85589894157F81940 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2015-04-16 11:53:40 CACB6D061EAAE5CEB9203A26127843AF 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-16 11:53:40 CA4FC33FB22D92368A0B221092B46374 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-16 11:53:40 6F8CEB8115737D2E049804B191AE41A9 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
2015-04-16 11:53:40 0B6514A14631E41DE4D6D40D1C80BE68 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-16 11:53:37 FC898E44379D877DE92D869E713528CD 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2015-04-16 11:53:37 53C485BC8BBD41877F58AEB89412F5D7 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2015-04-15 11:30:37 C5D90D20035928387FE27E4485EE463F 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-04-15 11:30:37 AEA602B4036CF95522818E911654F52E 135168 ----a-w- C:\Windows\System32\wuauclt.exe
2015-04-15 11:30:37 751C4859FD46A1461B3FB57252F541D8 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2015-04-15 11:30:19 17D815AD21D4325CD589E57A9582E311 70840 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe
2015-04-15 11:28:47 3278499EBA0DAA54EB4B68F695F0FB43 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-04-15 11:28:46 9A9F2AC89AAE40A49D8D474FAD932C37 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2015-04-15 11:28:46 7571102ACD8A82A55D1657CDF96A1A0E 720384 ----a-w- C:\Windows\System32\ie4uinit.exe
2015-04-15 11:28:38 DACC3142BF6317B7250F319AB435D128 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2015-04-15 11:28:38 B91D35BF855852C997D8DD5FA4C586A9 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2015-04-15 11:28:38 B7BFB7C2970DF5E779FF729C037BD8E4 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 11:28:38 B3581F426DC500A51091CDD5BACF0454 815288 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-04-15 11:28:38 630FB85EF5FFB7441A7AFB4CC9FC9DB6 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-15 11:28:37 F452A51F4004606F714EEB5C278CD376 484864 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2015-04-15 11:28:36 E935163C8AFFEB519572CEB8AA10E8E1 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-15 11:28:36 7FBBF54DDE37D80777D8A42F75501B8F 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
=== C: other files ==
2015-04-18 22:54:12 27BC6F317E15BAFA939958D47ACEB309 2718608 ----a-w- C:\Users\ANDERSON\Desktop\Z-analyse.zip
2015-04-16 11:53:41 1FA627E63195BF3BF636BFEF0D7190D4 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-16 11:53:41 063C09DB965E3DFD6F4F08416F6DB8F5 95672 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-15 11:28:58 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\System32\drivers\http.sys
2015-04-15 11:26:01 404B7DF9CA4D1CB675045AF220FF3285 367552 ----a-w- C:\Windows\System32\clfs.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2494405119-2880008662-1736337738-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Diebold - Warsaw"="C:\Program Files (x86)\Diebold\Warsaw\core.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""


==== Startup Folders ======================

2015-02-03 12:32:48 1049 ----a-w- C:\Users\ANDERSON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
2015-02-03 13:17:51 1057 ----a-w- C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
2013-05-28 14:31:40 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
2015-02-03 13:17:51 1112 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/04/2015 15:42]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16/05/2013 13:34]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ANDERSON\AppData\Roaming\Mozilla\Firefox\Profiles\92uziuu4.default-1415887509800
user_pref("browser.startup.homepage", "http://login.lataminternet.com/search.php?q=");
user_pref("keyword.URL", "http://login.lataminternet.com/search.php?q=");

ProfilePath: C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\z9vq8bvx.default
user_pref("browser.startup.homepage", "http://login.lataminternet.com/search.php?q=");
user_pref("keyword.URL", "http://login.lataminternet.com/search.php?q=");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{190bc294-c8e5-471c-9466-3eb945b09542}"="C:\Program Files (x86)\Mozilla Firefox\extensions\{190bc294-c8e5-471c-9466-3eb945b09542}" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\ANDERSON\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [05/09/2014 09:50]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ANDERSON\AppData\Roaming\Mozilla\Firefox\Profiles\92uziuu4.default-1415887509800
- Guardio - Ita 30 horas - C:\Users\ANDERSON\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
- Easy Youtube Video Downloader Express - %ProfilePath%\extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\ANDERSON\AppData\Roaming\Mozilla\Firefox\Profiles\92uziuu4.default-1415887509800
9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
F6419D3B99616C80C947B9D7B427348B - C:\Users\ANDERSON\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardi�o Ita� 30 horas
B8CFF778A75C685AAC275BFC00BB8FD8 - C:\Users\ANDERSON\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardi�o Ita� 30 horas


==== Chromium Look ======================


Google Docs - ANDERSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - ANDERSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - ANDERSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - ANDERSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
GBBD Guardião - Itaú 30 horas - ANDERSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Google Wallet - ANDERSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - ANDERSON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
MSS+ Extension - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\ANDERSON\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.herbalife.com.br/",
"startup_urls": [ "http://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br" ]

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"startup_urls": [ "http://www.google.com" ]


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://login.lataminternet.com/"
"Search Page"="http://login.lataminternet.com/"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVV_pt-BRBR536"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: G-Buster Browser Defense Ita� Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Diebold - Warsaw] C:\Program Files (x86)\Diebold\Warsaw\core.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVI�O LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVI�O LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVI�O DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVI�O DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Windows Explorer.lnk = ANDERSON\AppData\Roaming\jcersqrtt\hpprocess32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Explorer.lnk = ANDERSON\AppData\Roaming\jcersqrtt\cmdmonitor.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Servi�o do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Servi�o do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servi�o do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files (x86)\Diebold\Warsaw\core.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 18/04/2015 at 20:01:22,21 ======================

Publicité


Signaler le contenu de ce document

Publicité