cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 12/08/2015 11:48:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\usuario\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,88 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 51,04% Memory free
7,76 Gb Paging File | 5,72 Gb Available in Paging File | 73,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,16 Gb Total Space | 856,29 Gb Free Space | 91,96% Space Free | Partition Type: NTFS
Drive D: | 702,82 Mb Total Space | 292,62 Mb Free Space | 41,63% Space Free | Partition Type: UDF
Drive P: | 465,76 Gb Total Space | 105,21 Gb Free Space | 22,59% Space Free | Partition Type: NTFS

Computer Name: WENDELL | User Name: usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/08/12 11:47:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\usuario\Downloads\OTL.exe
PRC - [2015/07/31 03:19:29 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/04/17 07:14:31 | 005,448,976 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2015/03/30 15:15:52 | 001,005,056 | ---- | M] (Serasa Experian) -- C:\Program Files (x86)\Serasa Experian\Service\eSfUpdateForm.exe
PRC - [2015/03/30 15:15:50 | 000,398,848 | ---- | M] (Serasa Experian) -- C:\Program Files (x86)\Serasa Experian\Service\SerasaUpdate.exe
PRC - [2015/03/03 17:34:34 | 000,440,656 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2015/01/20 18:38:00 | 000,565,560 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2014/09/23 17:23:43 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2014/09/23 17:23:43 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2013/09/26 13:39:36 | 000,030,240 | ---- | M] (MICRO-STAR INTERNATIONAL CO., LTD.) -- C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
PRC - [2013/09/16 16:20:16 | 000,390,616 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/09/16 16:20:10 | 000,169,432 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012/05/09 09:30:02 | 000,481,120 | ---- | M] (Athena Smartcard Solutions) -- C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/02 21:29:46 | 000,069,632 | ---- | M] (charismathics GmbH) -- C:\Windows\SysWOW64\cmEvtSrv.exe
PRC - [2011/01/29 15:52:10 | 000,623,520 | ---- | M] (Zbshareware Lab) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe
PRC - [2011/01/12 20:52:12 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2011/01/12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/01/12 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2011/01/12 14:10:08 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/06/29 11:45:18 | 003,151,872 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
PRC - [2010/06/29 11:45:16 | 000,421,376 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files (x86)\Cobian Backup 10\Cobian.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/07/31 03:19:28 | 016,308,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll
MOD - [2015/07/31 03:19:27 | 001,405,768 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
MOD - [2015/07/31 03:19:27 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
MOD - [2014/07/22 10:59:08 | 012,895,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ac38cb30c15eb9e4a54459ee01e9f8e6\System.Windows.Forms.ni.dll
MOD - [2014/07/22 10:58:59 | 001,639,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ce11900fa489575613dc777c7fbb0d7d\System.Drawing.ni.dll
MOD - [2014/07/22 10:58:55 | 000,967,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7ece7799d670cdfc1393b98b0668a046\System.Configuration.ni.dll
MOD - [2014/07/22 10:58:50 | 007,785,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\668bc5e53fd656dc16c9f40ea15e872e\System.Xml.ni.dll
MOD - [2014/07/22 10:58:47 | 010,067,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\b75ba99f72f116d8951b0f2bba8c276a\System.ni.dll
MOD - [2014/07/22 10:58:43 | 017,207,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
MOD - [2012/04/29 10:00:34 | 000,980,832 | ---- | M] () -- C:\Windows\SysWOW64\LASERToken.dll
MOD - [2012/04/29 10:00:28 | 000,968,544 | ---- | M] () -- C:\Windows\SysWOW64\CNSToken.dll
MOD - [2012/04/29 10:00:22 | 001,079,136 | ---- | M] () -- C:\Windows\SysWOW64\AsepcosToken.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2007/04/18 19:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 19:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2014/09/27 10:21:47 | 000,156,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:[b]64bit:[/b] - [2014/09/27 10:21:41 | 000,190,256 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:[b]64bit:[/b] - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/08/12 10:50:14 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/06/26 08:05:26 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Arquivos de Programas\McAfee Security Scan\3.11.149\McCHSvc.exe -- (McComponentHostService)
SRV - [2015/04/17 07:14:31 | 005,448,976 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2015/03/30 15:15:50 | 000,398,848 | ---- | M] (Serasa Experian) [Auto | Running] -- C:\Program Files (x86)\Serasa Experian\Service\SerasaUpdate.exe -- (SerasaUpdate)
SRV - [2015/03/03 17:34:34 | 000,440,656 | ---- | M] (Pervasive Software Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2015/03/03 17:34:34 | 000,440,656 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlCE)
SRV - [2015/02/13 15:47:24 | 000,847,160 | ---- | M] (GAS Tecnologia LTDA) [Auto | Running] -- C:\Arquivos de Programas\Diebold\Warsaw\core.exe -- (Warsaw Technology)
SRV - [2015/01/20 18:38:00 | 000,565,560 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2014/09/23 17:23:43 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/10/31 08:25:26 | 000,006,656 | ---- | M] () [On_Demand | Stopped] -- C:\Contabil\Utilitários\ServicoGerenciadorAtualizacao.exe -- (ServicoGerenciadorAtualizacao)
SRV - [2013/10/31 08:25:24 | 000,012,288 | ---- | M] () [On_Demand | Stopped] -- C:\Contabil\Utilitários\ServicoAgendador.exe -- (ServicoAgendador)
SRV - [2013/09/26 13:39:36 | 000,030,240 | ---- | M] (MICRO-STAR INTERNATIONAL CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe -- (MSI_Trigger_Service)
SRV - [2013/09/16 16:20:16 | 000,390,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/16 16:20:10 | 000,169,432 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013/08/23 22:48:06 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/16 10:07:46 | 000,010,384 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Arquivos de Programas\SafeNet\Authentication\SAC\x64\SACSrv.exe -- (SACSrv)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/02 21:29:46 | 000,069,632 | ---- | M] (charismathics GmbH) [Auto | Running] -- C:\Windows\SysWOW64\cmEvtSrv.exe -- (cmevtsrv)
SRV - [2011/01/12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/09/21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/06/28 16:02:50 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/06/25 11:14:10 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2015/02/13 15:47:24 | 000,037,592 | ---- | M] (Basil's Projects) [Kernel | Disabled | Running] -- C:\Windows\SysNative\WinDivert64.sys -- (WinDivert1.1)
DRV:[b]64bit:[/b] - [2014/09/27 10:21:47 | 000,281,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:[b]64bit:[/b] - [2014/09/27 10:21:47 | 000,097,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:[b]64bit:[/b] - [2014/09/27 10:21:46 | 000,607,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:[b]64bit:[/b] - [2014/09/27 10:21:44 | 000,217,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:[b]64bit:[/b] - [2014/09/27 10:21:42 | 000,153,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:[b]64bit:[/b] - [2013/11/26 04:49:44 | 000,888,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2013/09/16 16:20:12 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2013/08/19 20:25:01 | 000,449,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2013/08/19 20:20:18 | 004,165,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2013/04/25 23:24:58 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2013/04/25 23:24:56 | 000,786,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2013/04/25 23:24:56 | 000,368,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010/11/20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010/07/08 15:52:44 | 000,022,304 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IKEYIFD.SYS -- (iKeyIFD)
DRV:[b]64bit:[/b] - [2010/07/08 15:52:44 | 000,016,160 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IKEYENUM.SYS -- (iKeyEnum)
DRV:[b]64bit:[/b] - [2010/01/25 15:57:22 | 000,173,952 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)
DRV:[b]64bit:[/b] - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/07/30 12:45:40 | 000,062,632 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksifdh.sys -- (AKSIFDH)
DRV:[b]64bit:[/b] - [2008/07/30 12:45:40 | 000,044,712 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksup.sys -- (AKSUP)
DRV - [2014/10/31 17:55:02 | 000,024,792 | ---- | M] (GAS Tecnologia LTDA) [Kernel | On_Demand | Running] -- C:\PROGRA~2\GbPlugin\wsftprp64.sys -- (Warsaw_PP)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://do-search.com/web/?type=ds&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://do-search.com/web/?type=ds&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG
IE - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD 5C D0 AE F3 DB CF 01 [binary data]
IE - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:62602

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "do-search"
FF - prefs.js..browser.search.selectedEngine: "do-search"
FF - prefs.js..browser.startup.homepage: "http://do-search.com/?type=hp&ts=1429797167&from=cor&uid=ST1000DM003-1CH162_S1DAM4LGXXXXS1DAM4LG"
FF - prefs.js..extensions.enabledAddons: quick_searchff%40gmail.com:5.4.10
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 32670
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 32670
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 32670
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 32670
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 32670
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 32670
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 3214
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 3214
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 3214
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 3214
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 26124
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 26124
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 26124
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 26124
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52358
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 52358
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52358
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 52358
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 36550
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 36550
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 36550
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 36550
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 27805
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 27805
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 37828
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 37828
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 37828
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 37828
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5683
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 5683
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5683
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 5683
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60203
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 60203
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60203
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 60203
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 33321
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 33321
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 33321
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 33321
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 47087
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 47087
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 47087
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 47087
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 29336
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 29336
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 29336
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 29336
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 45342
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 45342
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54639
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 54639
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 20371
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 20371
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 20371
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 20371
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 14436
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 14436
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 14436
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 14436
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 43211
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 43211
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 43211
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 43211
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 47095
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 47095
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 47095
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 47095
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 28129
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 28129
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 28129
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 28129
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53738
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 53738
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 26582
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 26582
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 26582
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 26582
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 33638
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 33638
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49998
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 49998
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 30007
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 30007
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 30007
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 30007
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62602
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 62602
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.51.2: C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2: C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: C:\Users\usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quick_searchff@gmail.com: C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\if5sgu41.default\extensions\quick_searchff@gmail.com [2015/04/23 10:52:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/07 17:05:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D}: C:\Users\usuario\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015/01/22 09:48:26 | 000,000,000 | ---D | M]

[2014/09/29 09:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Extensions
[2015/04/23 10:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\if5sgu41.default\extensions
[2015/04/23 10:52:49 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\if5sgu41.default\extensions\quick_searchff@gmail.com
[2015/06/13 10:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2015/06/13 10:17:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/11/05 04:32:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/05 00:44:23 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2015/04/23 10:52:48 | 000,000,555 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\do-search.xml
[2011/11/05 00:44:23 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2011/11/05 00:27:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/11/05 00:44:23 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/11/05 00:44:23 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi\3.7.2_0\
CHR - Extension: No name found = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2015/08/12 11:16:15 | 000,000,793 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de Programas\Common Files\McAfee\SystemCore\ScriptSn.20140927102345.dll (McAfee, Inc.)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140927102345.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [CertificateRegistration] C:\Windows\SysNative\aetcrss1.exe (A.E.T. Europe B.V.)
O4:[b]64bit:[/b] - HKLM..\Run: [ConsultaNF-e_SEFAZ_RS] File not found
O4:[b]64bit:[/b] - HKLM..\Run: [Diebold - Warsaw] C:\Arquivos de Programas\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA)
O4:[b]64bit:[/b] - HKLM..\Run: [Java Scheduler 7] C:\Windows\SysWOW64\Java8.exe File not found
O4:[b]64bit:[/b] - HKLM..\Run: [Java7 Update] C:\Windows\SysWOW64\SYSWENDELL.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [SACMonitor] C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe (SafeNet, Inc.)
O4 - HKLM..\Run: [Cobian Backup 10] C:\Program Files (x86)\Cobian Backup 10\Cobian.exe (Luis Cobian, CobianSoft)
O4 - HKLM..\Run: [IDProtect Monitor] C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (Athena Smartcard Solutions)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: bb.com.br ([seg] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: bb.com.br ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: bb.com.br ([seg] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: bb.com.br ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites)
O15 - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites)
O15 - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\..Trusted Domains: bb.com.br ([seg] https in Trusted sites)
O15 - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1129058292-3268724400-3612336994-1000\..Trusted Domains: bb.com.br ([www] http in Trusted sites)
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_11-windows-i586.cab (Java Plug-in 11.45.2)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0018-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_11-windows-i586.cab (Java Plug-in 1.8.0_11)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_11-windows-i586.cab (Java Plug-in 11.45.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab (Java Plug-in 11.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 11.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D8E6D2C-1C44-40DA-AEDD-862B4352C379}: DhcpNameServer = 192.168.1.1 208.67.222.222
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - c:\Windows\SysWOW64\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e57f7c84-d6cb-11e4-9225-448a5bb813d0}\Shell - "" = AutoRun
O33 - MountPoints2\{e57f7c84-d6cb-11e4-9225-448a5bb813d0}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{f88aedf7-bda7-11e4-9368-448a5bb813d0}\Shell - "" = AutoRun
O33 - MountPoints2\{f88aedf7-bda7-11e4-9368-448a5bb813d0}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/08/12 09:19:30 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{74937E66-4ADC-41CA-A745-A3EF44053869}
[2015/08/11 07:54:47 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7EECBD0F-C8BF-43EB-9F75-19B28544FD37}
[2015/08/10 08:04:08 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{4E39AE76-063B-4738-A1BA-DA56B2B4F8E9}
[2015/08/07 14:45:28 | 000,084,232 | ---- | C] (Prosoft Tecnologia SA) -- C:\Windows\SysWow64\ProLfsInteg.dll
[2015/08/07 14:07:41 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{E5F52A17-A716-4E31-A364-2540A7B7E217}
[2015/08/07 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{CB0E140E-FC1D-46D0-8B2E-C98D2144FAB9}
[2015/08/06 11:00:33 | 001,690,096 | ---- | C] (GlavSoft LLC.) -- C:\Windows\SysWow64\crov.exe
[2015/08/06 11:00:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WENDELL-Win32
[2015/08/06 10:59:55 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Roaming\Java
[2015/08/06 10:55:08 | 000,196,608 | ---- | C] (Systems Inc) -- C:\Users\usuario\AppData\Roaming\net.exe
[2015/08/06 07:55:45 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B7CB5A5A-8B51-4D18-9106-5499E8AD4EB1}
[2015/08/05 08:43:38 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7CD91970-1857-4AE5-B195-38CE69082D7F}
[2015/08/04 07:54:17 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{4ABFDDB0-DBFE-44D5-AA00-0856C3051A06}
[2015/08/03 08:16:32 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{63B5C71C-0824-448F-AF28-0E8575135988}
[2015/07/31 10:17:36 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{86494FCD-C57E-45BF-BBBE-0180A26EE8FA}
[2015/07/30 08:44:26 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{4D952ECE-371E-439D-8E44-8E9119149EE2}
[2015/07/29 08:09:47 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{1D07D728-634C-4BBA-9658-D3CEEF4AE4DE}
[2015/07/28 15:48:08 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{90D04DFC-339A-4423-89E7-38532EE6BC03}
[2015/07/27 14:08:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/07/27 08:14:30 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{0A8288D7-D15A-4D36-B0EF-4AB818EBBF8B}
[2015/07/24 08:38:21 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{71A99346-F9EA-4C3B-86B3-F4713E167AEF}
[2015/07/23 10:18:38 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{8862714D-9438-4306-BE9A-3599D3558FDF}
[2015/07/22 08:18:40 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B24BB12B-32D0-4F6D-8E99-123A0EF97AAD}
[2015/07/21 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\IsolatedStorage
[2015/07/21 14:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serasa Experian
[2015/07/21 14:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Serasa Experian
[2015/07/21 14:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serasa Experian
[2015/07/21 14:18:10 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Downloaded Installations
[2015/07/21 07:59:05 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{0561C77B-515B-4631-AABB-254F80BE57CF}
[2015/07/20 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{6A83A900-8B43-4B37-BCD3-F0106EA28E7F}
[2015/07/20 11:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/07/20 11:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2015/07/20 08:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2015/07/20 08:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2015/07/18 08:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2015/07/18 08:12:46 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C1B7B0E3-307A-42AF-8BE6-8154DBE76629}
[2015/07/17 07:57:11 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C9B84815-977E-43B3-9FBD-4BAACFD6867C}
[2015/07/16 07:56:41 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{A9E4A62A-6E13-4FEB-BFD3-792EA234DAD5}
[2015/07/15 08:29:17 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{E36A025B-AF2A-4D1C-8BCA-59F96D0CE36F}
[2015/07/14 08:13:19 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3C121557-31ED-4878-B911-D6957EF136BB}
[2015/07/13 18:07:35 | 000,510,216 | ---- | C] (Wolters Kluwer Prosoft) -- C:\Windows\SysWow64\ProLfsSat.dll
[2015/07/13 18:07:35 | 000,231,688 | ---- | C] (Prosoft Tecnologia Ltda) -- C:\Windows\SysWow64\ProLfsSatXML.dll
[2014/10/29 14:53:33 | 000,057,344 | ---- | C] (DBA Engenharia de Sistemas) -- C:\Users\usuario\signver.dll
[2014/10/29 14:50:30 | 000,057,344 | ---- | C] (DBA Engenharia de Sistemas) -- C:\Users\usuario\signver1.dll
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[16 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/08/12 11:50:24 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/08/12 11:44:20 | 001,690,096 | ---- | M] (GlavSoft LLC.) -- C:\Windows\SysWow64\crov.exe
[2015/08/12 11:44:19 | 000,000,002 | ---- | M] () -- C:\Windows\SysWow64\WENDELLX.xml
[2015/08/12 11:43:32 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/08/12 11:43:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/08/12 11:43:23 | 3125,293,056 | -HS- | M] () -- C:\hiberfil.sys
[2015/08/12 11:42:06 | 000,000,708 | RHS- | M] () -- C:\Users\usuario\ntuser.pol
[2015/08/12 11:31:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/08/11 10:36:21 | 000,001,450 | ---- | M] () -- C:\Users\usuario\Documents\2015-06 - PIS COFINS.lnk
[2015/08/10 14:43:58 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/08/10 14:43:58 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/08/08 09:07:24 | 000,387,547 | ---- | M] () -- C:\Users\usuario\Documents\configurações de proxy.pdf
[2015/08/06 16:41:37 | 001,712,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/08/06 16:41:37 | 000,735,632 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2015/08/06 16:41:37 | 000,684,088 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/08/06 16:41:37 | 000,155,268 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2015/08/06 16:41:37 | 000,129,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/08/06 11:00:09 | 098,215,936 | ---- | M] () -- C:\Windows\SysWow64\SYSWENDELL.exe
[2015/08/06 10:55:43 | 000,196,608 | ---- | M] (Systems Inc) -- C:\Users\usuario\AppData\Roaming\net.exe
[2015/08/05 09:43:42 | 000,008,682 | ---- | M] () -- C:\Users\usuario\Documents\ADILSON - PGDASD-EXTRATO-07 2015.pdf
[2015/08/03 16:55:24 | 000,006,144 | ---- | M] () -- C:\Users\usuario\AppData\Roaming\dwmn.exe
[2015/07/31 14:27:39 | 000,000,027 | ---- | M] () -- C:\Windows\GeradRel.ini
[2015/07/27 16:03:46 | 001,419,528 | ---- | M] (Prosoft Tecnologia Ltda) -- C:\Windows\SysWow64\ProMdIrj.DLL
[2015/07/27 11:35:46 | 000,485,640 | ---- | M] (Prosoft Tecnologia Ltda) -- C:\Windows\SysWow64\ProMdLur.dll
[2015/07/27 11:27:36 | 000,420,104 | ---- | M] (Prosoft Tecnologia SA) -- C:\Windows\SysWow64\ProCtbUtil.dll
[2015/07/27 11:22:42 | 003,680,520 | ---- | M] (Prosoft Tecnologia Ltda) -- C:\Windows\SysWow64\ProMdCtb.Dll
[2015/07/27 11:19:56 | 000,567,560 | ---- | M] (Prosoft Tecnologia Ltda) -- C:\Windows\SysWow64\ProMdGpr.Dll
[2015/07/27 11:16:38 | 000,076,040 | ---- | M] (Prosoft Tecnologia Ltda.) -- C:\Windows\SysWow64\PROGOL.DLL
[2015/07/27 11:14:02 | 000,084,232 | ---- | M] (Prosoft Tecnologia SA) -- C:\Windows\SysWow64\ProLfsInteg.dll
[2015/07/22 08:33:49 | 000,000,103 | ---- | M] () -- C:\Windows\pgdDmed.ini
[2015/07/21 14:19:26 | 000,002,063 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Serasa Update.lnk
[2015/07/21 14:07:28 | 002,414,856 | ---- | M] (Prosoft Tecnologia Ltda) -- C:\Windows\SysWow64\ProGctHonorario.dll
[2015/07/20 08:46:45 | 000,001,934 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2015/07/17 17:53:21 | 000,001,268 | ---- | M] () -- C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[16 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/08/11 10:36:21 | 000,001,450 | ---- | C] () -- C:\Users\usuario\Documents\2015-06 - PIS COFINS.lnk
[2015/08/08 09:07:51 | 000,387,547 | ---- | C] () -- C:\Users\usuario\Documents\configurações de proxy.pdf
[2015/08/06 11:00:11 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\WENDELLX.xml
[2015/08/06 11:00:09 | 098,215,936 | ---- | C] () -- C:\Windows\SysWow64\SYSWENDELL.exe
[2015/08/05 09:43:42 | 000,008,682 | ---- | C] () -- C:\Users\usuario\Documents\ADILSON - PGDASD-EXTRATO-07 2015.pdf
[2015/08/03 16:55:24 | 000,006,144 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\dwmn.exe
[2015/07/31 14:24:50 | 000,000,027 | ---- | C] () -- C:\Windows\GeradRel.ini
[2015/07/21 14:19:26 | 000,002,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Serasa Update.lnk
[2015/07/20 11:26:40 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/07/20 11:26:38 | 000,001,066 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/07/18 08:41:59 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2015/07/18 08:41:56 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/07/08 07:55:36 | 001,887,345 | ---- | C] () -- C:\Windows\SysWow64\CalculoV32.dll
[2015/03/26 10:47:42 | 000,000,100 | ---- | C] () -- C:\Windows\ODBC.INI
[2015/03/26 10:44:12 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\GeradUtl.dll
[2015/03/26 10:43:52 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\unzipd32.dll
[2015/03/26 10:43:47 | 000,334,016 | ---- | C] () -- C:\Windows\SysWow64\Pbflt09.dll
[2015/03/26 10:43:47 | 000,222,928 | ---- | C] () -- C:\Windows\SysWow64\Pbbas09.dll
[2015/03/26 10:43:47 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\Pbdbc09.dll
[2015/03/26 10:43:46 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2015/03/26 10:43:46 | 000,031,008 | ---- | C] () -- C:\Windows\SysWow64\Ivtrn09.dll
[2015/03/26 10:43:05 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\DomSis06.dll
[2015/03/16 08:43:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\Sorcrc32.dll
[2015/02/27 08:03:21 | 000,000,103 | ---- | C] () -- C:\Windows\pgdDmed.ini
[2015/01/06 16:52:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2014/12/19 11:33:28 | 000,088,064 | ---- | C] () -- C:\Windows\SysWow64\WTSClient.dll
[2014/12/19 11:33:25 | 001,461,760 | ---- | C] () -- C:\Windows\SysWow64\SefazDFDAR.DLL
[2014/12/19 11:33:14 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\ProLogCTB.dll
[2014/12/19 11:33:08 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\ProHash101.dll
[2014/12/19 11:32:57 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\IGiss32s.dll
[2014/12/19 11:32:54 | 000,475,648 | ---- | C] () -- C:\Windows\SysWow64\DllInscE32.dll
[2014/12/18 10:41:05 | 000,815,314 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\unins001.exe
[2014/12/18 10:41:05 | 000,016,872 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\unins001.dat
[2014/10/17 10:24:09 | 000,069,632 | ---- | C] () -- C:\Windows\MSJCE.dll
[2014/10/06 10:31:07 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
[2014/10/02 14:51:56 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\WiseDLL.dll
[2014/09/30 18:02:20 | 000,050,663 | ---- | C] () -- C:\Windows\PKZIP.EXE
[2014/09/30 18:02:20 | 000,034,583 | ---- | C] () -- C:\Windows\PKUNZIP.EXE
[2014/09/30 08:28:34 | 000,730,322 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\unins000.exe
[2014/09/30 08:28:34 | 000,016,945 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\unins000.dat
[2014/09/29 10:48:54 | 000,000,708 | RHS- | C] () -- C:\Users\usuario\ntuser.pol
[2014/09/29 10:41:28 | 000,051,512 | ---- | C] () -- C:\Windows\SysWow64\ProQRDados.dll
[2014/09/29 10:41:28 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\Prosoft.Messenger.dll-old
[2014/09/29 10:41:28 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\ProMessage.dll-old
[2014/09/29 10:32:20 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2014/09/23 17:25:04 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2014/09/23 17:25:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2014/09/23 17:17:58 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/09/23 17:15:25 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/09/23 17:15:25 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/09/23 17:15:20 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/07/22 10:53:44 | 001,565,646 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/07/21 16:24:29 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2014/07/21 16:24:29 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2014/07/21 16:24:28 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2014/07/21 16:24:28 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2014/04/23 17:02:09 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\Prosoft.Messenger.dll
[2014/04/23 17:02:08 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\ProsoftFramework.dll
[2014/04/15 18:12:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\NFSePBHUtil.dll
[2014/04/15 18:12:18 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\NFSePBHInterop.dll
[2014/01/14 08:12:51 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
[2014/01/14 08:12:44 | 000,030,793 | ---- | C] () -- C:\Windows\SysWow64\crtslv.dll
[2014/01/08 18:33:53 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\Prosoft.Messenger.XmlSerializers.dll
[2013/10/17 18:01:30 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\ProWseCat.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 05:27:26 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 04:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >[/color]
"DefaultConnectionSettings" = 46 00 00 00 51 2C 00 00 03 00 00 00 0F 00 00 00 31 32 37 2E 30 2E 30 2E 31 3A 36 32 36 30 32 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 B0 84 B1 A5 0D D5 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 E5 2A E0 82 74 EC 92 69 0D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 01 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 7F 3E 00 00 03 00 00 00 0F 00 00 00 31 32 37 2E 30 2E 30 2E 31 3A 36 32 36 30 32 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 B0 84 B1 A5 0D D5 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 E5 2A E0 82 74 EC 92 69 0D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 01 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 4096 bytes -> C:\Users\usuario\Documents\ADAILTON.pdf:Docf_SummaryInformation
@Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt

< End of report >

Publicité


Signaler le contenu de ce document

Publicité