cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 30/09/2015 12:13:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aluno.WIN-OT9K4KMKI2A\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,98 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 31,86% Memory free
3,96 Gb Paging File | 2,53 Gb Available in Paging File | 63,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,59 Gb Total Space | 34,00 Gb Free Space | 32,51% Space Free | Partition Type: NTFS
Drive R: | 1,84 Gb Total Space | 1,03 Gb Free Space | 55,73% Space Free | Partition Type: FAT

Computer Name: SÁVIO | User Name: Aluno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/09/30 12:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aluno.WIN-OT9K4KMKI2A\Desktop\OTL.exe
PRC - [2015/09/30 09:17:31 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2015/09/29 10:39:03 | 000,245,576 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
PRC - [2015/08/30 04:27:27 | 006,111,824 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/08/06 08:36:43 | 001,371,960 | ---- | M] (Baidu.com, Inc.) -- C:\Program Files\baidu\Baidu Browser\SparkUpdate.exe
PRC - [2015/08/06 08:36:42 | 000,097,080 | ---- | M] (Baidu Inc.) -- C:\Program Files\baidu\Baidu Browser\sparkservice.exe
PRC - [2015/08/03 18:09:48 | 000,146,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/08/03 18:09:09 | 003,218,624 | ---- | M] (Avast Software) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
PRC - [2015/05/21 12:31:06 | 001,265,816 | ---- | M] (ASUS) -- C:\Program Files\ASUS\PC Link\PCLinkService.exe
PRC - [2014/12/19 07:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/18 14:03:24 | 001,009,664 | ---- | M] () -- C:\Program Files\ASUS\PC Link\tools\adb.exe
PRC - [2014/12/05 10:24:20 | 005,467,527 | ---- | M] () -- C:\Program Files\ASUS\PC Link\tools\pclink_connect.exe
PRC - [2014/10/16 13:05:24 | 003,540,416 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/08/01 21:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/13 21:47:21 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/23 20:00:28 | 001,079,296 | ---- | M] () -- C:\Windows\System32\Pnw\PNWICONTRAY.EXE
PRC - [2012/11/02 10:09:12 | 000,021,504 | ---- | M] () -- C:\Program Files\Intel Learning Series\Theft Deterrent\AgentPPIService.exe
PRC - [2012/11/02 10:01:54 | 000,421,888 | ---- | M] (Intel) -- C:\Program Files\Intel Learning Series\Theft Deterrent\Agent.exe
PRC - [2012/10/15 15:50:12 | 000,134,144 | ---- | M] (Intel) -- C:\Program Files\Intel Learning Series\Theft Deterrent\AgentUpgradeService.exe
PRC - [2012/08/16 08:39:24 | 000,051,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Device Control Service\TSController.exe
PRC - [2012/08/16 08:39:16 | 001,217,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Device Control Service\DeviceControlService.exe
PRC - [2012/04/23 12:19:08 | 000,115,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\On Screen Indicator\bin\FnKeyHook.exe
PRC - [2011/08/10 16:05:44 | 002,957,312 | ---- | M] () -- C:\Program Files\Intel(R) Learning Series\Pen Input by Vision Objects\Pen Input\PenInput.exe
PRC - [2011/07/07 11:47:56 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/04/29 23:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/29 23:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/25 09:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2007/11/08 21:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/08/06 08:36:56 | 001,018,168 | ---- | M] () -- C:\Program Files\baidu\Baidu Browser\bdxui.dll
MOD - [2015/08/03 18:10:19 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/08/03 18:09:59 | 000,102,864 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/08/03 18:09:49 | 000,123,976 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/05/21 12:21:02 | 000,035,328 | ---- | M] () -- C:\Program Files\ASUS\PC Link\ASUSUtility.dll
MOD - [2014/12/18 14:03:24 | 001,009,664 | ---- | M] () -- C:\Program Files\ASUS\PC Link\tools\adb.exe
MOD - [2014/12/05 10:24:20 | 005,467,527 | ---- | M] () -- C:\Program Files\ASUS\PC Link\tools\pclink_connect.exe
MOD - [2014/10/14 20:25:44 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dll
MOD - [2014/10/14 20:25:43 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\b6d5fa75e3cc493fa9d509124d5962ba\UIAutomationProvider.ni.dll
MOD - [2014/10/13 23:06:36 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll
MOD - [2014/10/13 23:05:24 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll
MOD - [2014/10/13 23:04:59 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll
MOD - [2014/10/13 23:04:39 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll
MOD - [2014/10/13 23:04:23 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll
MOD - [2014/10/13 23:04:22 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll
MOD - [2014/10/13 23:04:13 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll
MOD - [2014/10/13 23:04:08 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll
MOD - [2014/10/13 23:04:06 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\95623e12dc6a64d28bad5b85f4c730ae\System.Management.ni.dll
MOD - [2014/10/13 23:03:59 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll
MOD - [2014/10/13 23:03:57 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\e7d92730b571b31e62c2cf257f04a974\PresentationFramework.Aero.ni.dll
MOD - [2014/10/13 23:03:54 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll
MOD - [2014/10/13 23:03:27 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll
MOD - [2014/07/31 13:05:41 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/07/31 13:05:38 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9938f7e83acad35047cedacac72367a3\IAStorCommon.ni.dll
MOD - [2014/07/31 13:05:37 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\79c76a5e5a86fca4458793398b4ffa91\IAStorUtil.ni.dll
MOD - [2014/07/29 12:44:37 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\15c45f1932751583dc3c2d49e5786acd\System.Web.Services.ni.dll
MOD - [2014/07/29 12:44:27 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/07/29 12:43:52 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/07/29 12:41:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/07/29 12:41:29 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/07/29 12:40:32 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/07/29 12:40:05 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/07/29 12:39:50 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/07/29 12:39:47 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/07/29 12:39:22 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/07/08 09:41:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012/11/23 20:00:28 | 001,079,296 | ---- | M] () -- C:\Windows\System32\Pnw\PNWICONTRAY.EXE
MOD - [2012/11/23 20:00:28 | 000,501,248 | ---- | M] () -- C:\Windows\System32\Pnw\PNWOTHER.DLL
MOD - [2012/11/23 20:00:28 | 000,131,584 | ---- | M] () -- C:\Windows\System32\Pnw\LANGUAGE.DLL
MOD - [2012/11/02 20:07:40 | 000,070,656 | ---- | M] () -- C:\Program Files\Intel Learning Series\Theft Deterrent\TPMCtrl_WinBond.dll
MOD - [2012/10/15 15:50:12 | 000,022,016 | ---- | M] () -- C:\Program Files\Intel Learning Series\Theft Deterrent\TDHelpDLL.dll
MOD - [2011/08/10 16:05:44 | 002,957,312 | ---- | M] () -- C:\Program Files\Intel(R) Learning Series\Pen Input by Vision Objects\Pen Input\PenInput.exe
MOD - [2011/08/10 15:52:04 | 000,208,896 | ---- | M] () -- C:\Program Files\Intel(R) Learning Series\Pen Input by Vision Objects\Pen Input\2DParser.dll
MOD - [2011/08/10 15:51:34 | 000,007,680 | ---- | M] () -- C:\Program Files\Intel(R) Learning Series\Pen Input by Vision Objects\Pen Input\styluswinhook.dll
MOD - [2011/04/12 01:46:49 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.resources.dll
MOD - [2010/11/12 20:34:31 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/01/20 19:32:14 | 000,294,912 | ---- | M] () -- C:\Program Files\Intel(R) Learning Series\Pen Input by Vision Objects\Pen Input\QtSvg4.dll
MOD - [2010/01/20 19:20:44 | 008,331,264 | ---- | M] () -- C:\Program Files\Intel(R) Learning Series\Pen Input by Vision Objects\Pen Input\QtGui4.dll
MOD - [2010/01/20 19:07:38 | 000,716,800 | ---- | M] () -- C:\Program Files\Intel(R) Learning Series\Pen Input by Vision Objects\Pen Input\QtNetwork4.dll
MOD - [2010/01/20 19:06:30 | 000,364,544 | ---- | M] () -- C:\Program Files\Intel(R) Learning Series\Pen Input by Vision Objects\Pen Input\QtXml4.dll
MOD - [2010/01/20 19:06:20 | 002,244,608 | ---- | M] () -- C:\Program Files\Intel(R) Learning Series\Pen Input by Vision Objects\Pen Input\QtCore4.dll
MOD - [2007/11/08 21:54:34 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_PTB.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Search Vortex\bin\utilSearchVortex.exe -- (Util Search Vortex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Search Vortex\updateSearchVortex.exe -- (Update Search Vortex)
SRV - [2015/09/30 09:17:28 | 000,149,160 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/09/22 16:08:52 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/08/06 08:36:43 | 001,371,960 | ---- | M] (Baidu.com, Inc.) [On_Demand | Stopped] -- C:\Program Files\baidu\SparkUpdate\Sparkupdate.exe -- (SparkUpdater)
SRV - [2015/08/06 08:36:42 | 000,097,080 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Program Files\baidu\Baidu Browser\sparkservice.exe -- (SparkSvc)
SRV - [2015/08/03 18:09:48 | 000,146,600 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/08/03 18:09:09 | 003,218,624 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2014/12/19 07:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/04 18:19:49 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/13 21:57:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/23 20:00:28 | 000,082,944 | ---- | M] (CHINANSL) [Auto | Running] -- C:\Windows\System32\FAMSVC.DLL -- (PnwSvc)
SRV - [2012/11/02 10:09:12 | 000,021,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel Learning Series\Theft Deterrent\AgentPPIService.exe -- (AgentPPIService)
SRV - [2012/10/15 15:50:12 | 000,134,144 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel Learning Series\Theft Deterrent\AgentUpgradeService.exe -- (AgentUpgradeService)
SRV - [2012/08/16 08:39:16 | 001,217,024 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Device Control Service\DeviceControlService.exe -- (Device Control Service)
SRV - [2011/04/29 23:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/13 22:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/11/08 21:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | System | Stopped] -- system32\drivers\pofilterdrv.sys -- (pofilterdrv)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\BHipsEx.sys -- (BHipsEx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Baidu-Security-2014-4.4.4.82805\Baidu Antivirus\BdCameraProtect.sys -- (BdCameraProtect)
DRV - [2015/08/03 18:10:35 | 000,113,592 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2015/08/03 18:10:34 | 000,433,264 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2015/08/03 18:10:34 | 000,208,664 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/08/03 18:10:34 | 000,081,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2015/08/03 18:10:34 | 000,076,000 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/08/03 18:10:34 | 000,049,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/08/03 18:10:34 | 000,024,016 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/08/03 18:09:21 | 000,788,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2015/08/03 18:09:18 | 000,095,112 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ngvss.sys -- (ngvss)
DRV - [2015/08/03 18:09:10 | 000,220,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2013/01/28 17:02:10 | 001,297,632 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtwlane.sys -- (RTWlanE)
DRV - [2012/11/24 01:30:58 | 001,036,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV - [2012/11/23 23:26:28 | 000,278,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2012/11/23 20:07:47 | 000,197,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012/09/27 15:07:26 | 000,099,192 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/08/23 11:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/08/23 11:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 11:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 11:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/16 08:39:22 | 000,018,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\virkbd.sys -- (VKBD)
DRV - [2012/08/16 08:39:20 | 000,016,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hpls.sys -- (HPLS)
DRV - [2012/08/16 08:39:20 | 000,009,984 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ipmlebl.sys -- (IPMLEBL)
DRV - [2012/08/16 08:39:20 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iscm.sys -- (iscm)
DRV - [2012/08/16 08:39:18 | 000,014,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADXL345accel.sys -- (accel)
DRV - [2011/12/13 20:11:46 | 001,336,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2011/10/31 05:28:10 | 000,415,744 | ---- | M] (Imagination Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\imgkmd32.sys -- (imgkmd32)
DRV - [2010/11/20 18:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 18:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 18:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 18:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/02 09:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/03/02 09:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/03/02 09:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/02/22 05:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 20:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 19:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{8BEF8ADF-E49D-4DC3-A476-AC88128FDE01}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MANMJS
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Users\Aluno.WIN-OT9K4KMKI2A\appdata\Local\Temp\SÁVIO.txt


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:www.google.com
IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 90 F2 13 93 E8 CF 01 [binary data]
IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.1:3128
IE - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Users\Aluno.WIN-OT9K4KMKI2A\appdata\Local\Temp\SÁVIO.txt

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "BR"
FF - prefs.js..browser.search.defaultenginename: "Search IO"
FF - prefs.js..browser.search.region: "BR"
FF - prefs.js..browser.search.searchengine.alias: "delta-homes"
FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine"
FF - prefs.js..browser.search.searchengine.iconURL: "http://search.delta-homes.com/favicon.ico"
FF - prefs.js..browser.search.searchengine.name: "delta-homes"
FF - prefs.js..browser.search.searchengine.ptid: "wpm07163"
FF - prefs.js..browser.search.searchengine.uid: "ADATAXSP900_7D1820012020"
FF - prefs.js..browser.search.searchengine.url: "http://search.delta-homes.com/web/?type=ds&ts=1437055612&z=8162fd1f5adbb1cb8b1b752g2z9cem2e3w7zftet3t&from=wpm07163&uid=ADATAXSP900_7D1820012020&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.2.0.187
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/08/03 18:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\IDM\idmmzcc5 [2014/10/16 13:04:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\IDM\idmmzcc5 [2014/10/16 13:04:07 | 000,000,000 | ---D | M]

[2015/05/20 19:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\mozilla\Extensions
[2015/09/29 12:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\mozilla\Firefox\Profiles\d9z7vp20.default\extensions
[2015/09/23 07:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\mozilla\Firefox\Profiles\d9z7vp20.default\extensions\1443003596_xpi
[2015/08/03 23:35:24 | 000,266,657 | ---- | M] () (No name found) -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\mozilla\firefox\profiles\d9z7vp20.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
[2015/09/30 09:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/09/30 09:17:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/08/03 18:10:49 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/10/13 23:19:14 | 000,001,065 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 updates.connectify.me
O1 - Hosts: 127.0.0.1 activate.connectify.me
O1 - Hosts: 127.0.0.1 d1.connectify.me
O1 - Hosts: 127.0.0.1 d2.connectify.me
O1 - Hosts: 127.0.0.2 d3.connectify.me
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Agent] C:\Program Files\Intel Learning Series\Theft Deterrent\Agent.exe (Intel)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FnKeyHook] C:\Program Files\Intel\On Screen Indicator\bin\FnKeyHook.exe (Intel Corporation)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PenInputAutoStart.vbe] C:\Program Files\Intel(R) Learning Series\Pen Input by Vision Objects\Pen Input\PenInputAutoStart.vbe ()
O4 - HKLM..\Run: [PNW] C:\Windows\System32\Pnw\PNWICONTRAY.EXE ()
O4 - HKLM..\Run: [TDHelperAutoRun] C:\Windows\system32\TDHelp32.exe File not found
O4 - HKLM..\Run: [TSController] C:\Program Files\Intel\Device Control Service\TSController.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2326273561-456553005-3716579250-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2326273561-456553005-3716579250-1001..\Run: [PCLink] C:\Program Files\ASUS\PC Link\PCLink.exe (ASUSTek Computer Inc.)
O4 - HKU\S-1-5-21-2326273561-456553005-3716579250-1001..\Run: [PenInput.exe] C:\Program Files\Intel(R) Learning Series\Pen Input by Vision Objects\Pen Input\PenInput.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2326273561-456553005-3716579250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Enviar para o OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\FAMHOOK.DLL (CHINANSL)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\FAMHOOK.DLL (CHINANSL)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\FAMHOOK.DLL (CHINANSL)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14703A08-78B0-4FB3-A062-1CFDC57B51C6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{298748FD-6CB7-4384-A6FE-EDBA6AD8DEC1}: DhcpNameServer = 100.100.100.98 208.67.222.222
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d9493443-401b-11e5-88ad-eca86b4319d0}\Shell - "" = AutoRun
O33 - MountPoints2\{d9493443-401b-11e5-88ad-eca86b4319d0}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/09/30 12:09:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aluno.WIN-OT9K4KMKI2A\Desktop\OTL.exe
[2015/09/30 09:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015/09/29 13:32:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PC Faster
[2015/09/29 13:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Browser
[2015/09/29 13:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\baidu
[2015/09/29 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Local\MiniService
[2015/09/29 12:00:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/09/29 11:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/09/04 07:46:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/09/30 12:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aluno.WIN-OT9K4KMKI2A\Desktop\OTL.exe
[2015/09/30 11:44:02 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/09/30 11:28:20 | 007,571,514 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2015/09/30 11:28:20 | 007,524,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/09/30 11:28:20 | 006,725,096 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2015/09/30 11:28:20 | 006,704,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/09/30 10:44:01 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/09/30 08:21:01 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/09/30 08:21:00 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/09/30 08:13:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/09/30 08:13:32 | 1595,166,720 | -HS- | M] () -- C:\hiberfil.sys
[2015/09/29 13:31:48 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Google.lnk
[2015/09/29 13:31:48 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\Baidu Browser.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/09/29 13:31:48 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Google.lnk
[2015/09/29 13:31:48 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\Baidu Browser.lnk
[2015/09/29 10:39:10 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/09/29 10:39:09 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/03/25 23:59:51 | 000,000,132 | ---- | C] () -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\Preferências do Filtro IllExport do Adobe CS6
[2014/11/22 20:50:46 | 000,005,120 | ---- | C] () -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/11/22 00:42:12 | 000,000,492 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/09/14 12:00:33 | 000,000,218 | ---- | C] () -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Local\recently-used.xbel

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 23:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2015/06/30 11:20:08 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\Audacity
[2014/10/02 12:56:08 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\AVAST Software
[2015/09/29 13:33:22 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\baidu
[2013/10/27 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\CmapTools
[2015/09/30 12:09:38 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\DMCache
[2013/09/05 19:27:46 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\E-Reader
[2015/09/29 15:10:25 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\IDM
[2014/11/21 23:17:56 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\inkscape
[2014/08/03 08:43:09 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\klavaro
[2014/11/09 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\MPC-HC
[2015/05/13 20:55:40 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\NetBeans
[2015/02/04 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\Opera
[2014/08/03 09:40:27 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\PhotoScape
[2015/05/13 19:46:15 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\Processing
[2015/06/23 11:19:05 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\Publish Providers
[2014/08/15 11:54:50 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\SoftGrid Client
[2015/06/26 15:33:39 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\Sony
[2013/09/05 13:35:33 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\TP
[2015/08/24 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\uTorrent
[2015/09/22 14:50:54 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\Win Checker
[2013/09/07 19:14:07 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\Windows Live Writer
[2015/08/11 12:17:12 | 000,000,000 | ---D | M] -- C:\Users\Aluno.WIN-OT9K4KMKI2A\AppData\Roaming\WinISO Computing

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F0D7EE30
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

Publicité


Signaler le contenu de ce document

Publicité