cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþ[code]
OTS logfile created on: 02/12/2015 01:04:47 - Run 1
OTS by OldTimer - Version 3.1.47.2 Folder = C:\Users\Cliente\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17843)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): c:\pagefile.sys 200 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,41 Gb Total Space | 386,65 Gb Free Space | 84,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CLIENTE-PC
Current User Name: Cliente
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Cliente\Desktop\OTS.exe -> [2015/12/02 01:00:21 | 000,646,656 | ---- | M] (OldTimer Tools)
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> [2015/11/07 02:36:36 | 000,811,848 | ---- | M] (Google Inc.)
armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated)
googlecrashhandler.exe -> C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe -> [2015/09/17 08:02:44 | 000,245,576 | ---- | M] (Google Inc.)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2015/09/13 19:50:29 | 000,410,744 | ---- | M] (NVIDIA Corporation)
avp.exe -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe -> [2014/04/20 17:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO)
avpui.exe -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe -> [2014/04/20 17:15:18 | 000,192,160 | ---- | M] (Kaspersky Lab ZAO)

[Modules - No Company Name]
libglesv2.dll -> C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll -> [2015/11/07 02:36:33 | 001,532,744 | ---- | M] ()
libegl.dll -> C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll -> [2015/11/07 02:36:32 | 000,081,224 | ---- | M] ()

[Win32 Services - Safe List]
64bit-(IEEtwCollectorService) [On_Demand | Stopped] -> C:\Windows\SysNative\IEEtwCollector.exe -> [2015/12/01 02:42:54 | 000,114,688 | ---- | M] (Microsoft Corporation)
64bit-(AppMgmt) [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
(MozillaMaintenance) Mozilla Maintenance Service [Disabled | Stopped] -> C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -> [2015/11/07 01:50:53 | 000,147,624 | ---- | M] (Mozilla Foundation)
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated)
(Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2015/09/13 19:50:29 | 000,410,744 | ---- | M] (NVIDIA Corporation)
(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\Windows\SysWow64\GameMon.des -> [2015/07/22 05:26:00 | 003,512,928 | ---- | M] (INCA Internet Co., Ltd.)
(Warsaw Technology) Warsaw Technology [Auto | Running] -> C:\Arquivos de Programas\Diebold\Warsaw\core.exe -> [2015/06/19 16:43:34 | 000,858,424 | ---- | M] (GAS Tecnologia LTDA)
(Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2015/06/04 19:12:14 | 000,837,312 | ---- | M] (Valve Corporation)
(AVP15.0.0) Serviço do Kaspersky Anti-Virus 15.0.0 [Auto | Running] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe -> [2014/04/20 17:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO)
(SkypeUpdate) Skype Updater [Disabled | Stopped] -> C:\Program Files (x86)\Skype\Updater\Updater.exe -> [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
64bit-(Neo_VPN) VPN Client Device Driver - VPN [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Neo_0009.sys -> [2015/11/16 22:45:15 | 000,038,432 | ---- | M] (SoftEther Corporation)
64bit-(HWiNFO32) HWiNFO32/64 Kernel Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\HWiNFO64A.SYS -> [2015/11/15 14:11:00 | 000,027,552 | ---- | M] (REALiX(tm))
64bit-(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\SysNative\drivers\klif.sys -> [2015/07/18 00:00:45 | 000,793,800 | ---- | M] (Kaspersky Lab ZAO)
64bit-(klflt) Kaspersky Lab Kernel DLL [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klflt.sys -> [2015/07/18 00:00:44 | 000,141,320 | ---- | M] (Kaspersky Lab ZAO)
64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2015/06/17 07:10:27 | 000,204,648 | ---- | M] (NVIDIA Corporation)
64bit-(tap0901_openvpn_accl) TAP-Win32 Adapter V9 for OpenVPN Accelerator [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tap0901_openvpn_accl.sys -> [2015/01/13 14:35:00 | 000,037,912 | ---- | M] (The OpenVPN Project)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2014/07/16 01:06:16 | 000,941,784 | ---- | M] (Realtek )
64bit-(klhk) klhk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klhk.sys -> [2014/04/10 18:25:34 | 000,243,808 | ---- | M] (Kaspersky Lab ZAO)
64bit-(klkbdflt) Kaspersky Lab KLKBDFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klkbdflt.sys -> [2014/03/28 18:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO)
64bit-(kneps) kneps [Kernel | System | Running] -> C:\Windows\SysNative\drivers\kneps.sys -> [2014/03/26 18:05:28 | 000,179,296 | ---- | M] (Kaspersky Lab ZAO)
64bit-(kltdi) kltdi [Kernel | System | Running] -> C:\Windows\SysNative\drivers\kltdi.sys -> [2014/03/25 17:26:04 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO)
64bit-(KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klim6.sys -> [2014/02/25 14:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO)
64bit-(kl1) kl1 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\kl1.sys -> [2014/02/20 13:59:04 | 000,457,824 | ---- | M] (Kaspersky Lab ZAO)
64bit-(Serial) Nuvoton Serial driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nuvserial.sys -> [2014/01/12 07:05:46 | 000,086,016 | ---- | M] (Nuvoton Technology Corp.)
64bit-(Serenum) Nuvoton Serenum Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nuvserenum.sys -> [2014/01/12 07:05:46 | 000,023,552 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(AmUStor) AM USB Stroage Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\AmUStor.sys -> [2013/10/11 15:03:00 | 000,083,224 | ---- | M] (Alcor Micro, Corp.)
64bit-(klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klmouflt.sys -> [2013/08/08 18:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO)
64bit-(klpd) klpd [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klpd.sys -> [2013/04/12 16:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO)
64bit-(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpvideominiport.sys -> [2010/11/21 01:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/21 01:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(tsusbhub) tsusbhub [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tsusbhub.sys -> [2010/11/21 01:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation)
64bit-(Synth3dVsc) Synth3dVsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\Synth3dVsc.sys -> [2010/11/21 01:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation)
64bit-(dmvsc) dmvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\dmvsc.sys -> [2010/11/21 01:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation)
64bit-(terminpt) Microsoft Remote Desktop Input Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\terminpt.sys -> [2010/11/21 01:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2010/11/21 01:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/21 01:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2010/11/21 01:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2010/11/21 01:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
(WinDivert1.1) WinDivert1.1 [Kernel | Disabled | Running] -> C:\Arquivos de Programas\Diebold\Warsaw\WinDivert64.sys -> [2015/04/01 19:23:46 | 000,038,104 | ---- | M] (Basil)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\] > -> ->
HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\: Main\\"DefaultWANProfile" -> 132192023 ->
HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\: Main\\"Start Page" -> about:blank ->
HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Cliente\AppData\Roaming\Mozilla\FireFox\Profiles\gfyuq2l4.default\prefs.js ->
browser.search.countryCode -> "BR" ->
browser.search.region -> "BR" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com -> C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 15.0.0\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 15.0.0\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM] -> [2015/07/18 00:01:07 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com -> C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 15.0.0\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 15.0.0\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM] -> [2015/07/18 00:01:08 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com -> C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 15.0.0\FFEXT\URL_ADVISOR@KASPERSKY.COM [C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 15.0.0\FFEXT\URL_ADVISOR@KASPERSKY.COM] -> [2015/07/18 00:01:07 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 42.0\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 42.0\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS ->
HKLM\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS ->
< FireFox Extensions [User Folders] > ->
-> C:\Users\Cliente\AppData\Roaming\mozilla\Extensions -> [2015/07/17 18:08:23 | 000,000,000 | ---D | M]
-> C:\Users\Cliente\AppData\Roaming\mozilla\Firefox\Profiles\gfyuq2l4.default\extensions -> [2015/11/27 16:09:06 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files (x86)\mozilla firefox\browser\extensions -> [2015/11/07 01:50:49 | 000,000,000 | ---D | M]
Default -> C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2015/11/07 01:50:54 | 000,000,000 | ---D | M]
Ngn ch#n trang web nguy hiê m -> C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 15.0.0\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM -> [2015/07/18 00:01:07 | 000,000,000 | ---D | M]
< HOSTS File > ([2015/07/30 16:28:11 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Content Blocker Plugin] -> [2014/04/20 02:42:30 | 000,878,784 | ---- | M] (Kaspersky Lab ZAO)
{73455575-E40C-433C-9784-C78DC7761455} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Virtual Keyboard Plugin] -> [2015/07/17 23:02:06 | 001,428,264 | ---- | M] (Kaspersky Lab ZAO)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Arquivos de Programas\Java\jre1.8.0_66\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2015/12/01 02:08:34 | 000,551,520 | ---- | M] (Oracle Corporation)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype add-on for Internet Explorer] -> [2013/11/20 10:45:00 | 006,270,336 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Arquivos de Programas\Java\jre1.8.0_66\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2015/12/01 02:08:34 | 000,212,576 | ---- | M] (Oracle Corporation)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [URL Advisor Plugin] -> [2014/04/20 02:42:40 | 001,109,696 | ---- | M] (Kaspersky Lab ZAO)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Content Blocker Plugin] -> [2014/04/20 02:42:06 | 000,709,312 | ---- | M] (Kaspersky Lab ZAO)
{73455575-E40C-433C-9784-C78DC7761455} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Virtual Keyboard Plugin] -> [2015/07/17 23:01:11 | 001,152,808 | ---- | M] (Kaspersky Lab ZAO)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype Browser Helper] -> [2013/11/20 10:45:00 | 004,502,400 | ---- | M] (Microsoft Corporation)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [URL Advisor Plugin] -> [2014/04/20 02:42:04 | 000,891,072 | ---- | M] (Kaspersky Lab ZAO)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/21 01:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/21 01:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
\\"NoDriveTypeAutoRun" -> [60] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [0] -> File not found
\\"ConsentPromptBehaviorUser" -> [3] -> File not found
\\"EnableLUA" -> [0] -> File not found
\\"PromptOnSecureDesktop" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000] > -> HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\] > -> HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xportar para o Microsoft Excel -> [res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000] -> File not found
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{0C4CC089-D306-440D-9772-464E226F6539}:{0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Button: Teclado Virtual] -> [2015/07/17 23:02:06 | 001,428,264 | ---- | M] (Kaspersky Lab ZAO)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Button: Skype Click to Call] -> [2013/11/20 10:45:00 | 006,270,336 | ---- | M] (Microsoft Corporation)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [Button: Verificação de URLs] -> [2014/04/20 02:42:40 | 001,109,696 | ---- | M] (Kaspersky Lab ZAO)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{0C4CC089-D306-440D-9772-464E226F6539}:{0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Button: Teclado Virtual] -> [2015/07/17 23:01:11 | 001,152,808 | ---- | M] (Kaspersky Lab ZAO)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll [Button: Enviar para o OneNote] -> [2006/10/26 21:32:42 | 000,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll [Menu: &Enviar para o OneNote] -> [2006/10/26 21:32:42 | 000,604,000 | ---- | M] (Microsoft Corporation)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype Click to Call] -> [2013/11/20 10:45:00 | 004,502,400 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 21:12:22 | 000,040,424 | ---- | M] (Microsoft Corporation)
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [Button: Verificação de URLs] -> [2014/04/20 02:42:04 | 000,891,072 | ---- | M] (Kaspersky Lab ZAO)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
clonewarsadventures.com .[*] -> Trusted sites ->
freerealms.com .[*] -> Trusted sites ->
soe.com .[*] -> Trusted sites ->
sony.com .[*] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
clonewarsadventures.com .[*] -> Trusted sites ->
freerealms.com .[*] -> Trusted sites ->
soe.com .[*] -> Trusted sites ->
sony.com .[*] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
clonewarsadventures.com .[*] -> ->
freerealms.com .[*] -> ->
soe.com .[*] -> ->
sony.com .[*] -> ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
clonewarsadventures.com .[*] -> ->
freerealms.com .[*] -> ->
soe.com .[*] -> ->
sony.com .[*] -> ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\] > -> HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\] > -> HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{44EF418C-E667-4D2C-BC3B-AC8248F15F92}\\DhcpNameServer -> 192.168.1.1 (Realtek PCIe GBE Family Controller) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2010/11/21 01:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/21 01:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 23:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2010/11/21 01:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
userinit.exe -> C:\Windows\SysWow64\userinit.exe -> [2010/11/21 01:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
/pagefile -> -> File not found
*MultiFile Done* -> ->
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [Groove GFS Stub Execution Hook] -> [2006/10/27 01:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications ->
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{01FBDFFC-9F69-43D6-87EA-15BE812BDD83} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{0F5DADE4-928A-4753-8E58-2401B9C4F5BC} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32757 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{2F57CD51-ECBF-4314-9A46-06C80343FD3D} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32785 | app=%systemroot%\system32\svchost.exe | svc=fdphost |
{3A1F516B-DEEA-439F-80E5-F19C6DE43E6C} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss |
{50A82E3B-5CC6-442E-AC6C-E536E8A2D3E9} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{5A2F2033-A89B-438D-83B3-48B9F20D629A} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system |
{667C77DF-9B4C-4326-A7B5-D1D0CC9E5330} -> lport=5353 | protocol=17 | dir=in | action=allow | name=google chrome (mdns-in) | app=c:\program files (x86)\google\chrome\application\chrome.exe |
{6DAB300B-286D-420F-9987-78F67E3F0362} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32805 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{7656822F-D0C1-4F3A-AFDD-EA6707ABA14C} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system |
{92A77BD0-506E-40B9-9D09-90B8718DDACE} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32789 | app=%systemroot%\system32\svchost.exe | svc=fdphost |
{93FD633F-3E8A-4AC0-8053-9E421DF9B443} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system |
{A2DACF56-2F80-4FEB-80B4-0EE4410A8816} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32753 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{BFCC5CCF-CC86-4053-B360-B5C7B55DBFCD} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32811 | app=%systemroot%\system32\svchost.exe | svc=fdrespub |
{C07D0A2B-2199-4D46-B525-851D06E89A56} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system |
{CFBA8AA2-9ACB-416C-A0D8-F195E37854AB} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system |
{D58C0123-479B-4F4D-A1BD-56A56CCE30ED} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32801 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{D8FCCB50-C2C5-46D9-959E-DE50E6FA62E3} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system |
{DAC9C933-001F-429C-BF58-AA03F30EF7DC} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32809 | app=%systemroot%\system32\svchost.exe | svc=fdrespub |
{E9AE7572-CFB0-4A07-A4D9-6F864774B2C8} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system |
{EBAE796B-C0A2-4877-8A90-E54F6F12DB9F} -> lport=6004 | profile=public | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{ED0882F3-AA5B-4E6D-B933-DD8B7DEEC6E4} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{F280C9A7-4011-41DF-A700-6AD8A1EBFF11} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system |
{F5C06BF7-1A35-433B-8ECA-919E4AEE65D9} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{FA84C6EC-C314-4378-AA99-43476BFE02A4} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{0BB0011C-4E75-4A22-A032-A87434F694EA} -> dir=in | action=allow | name=warsaw | app=c:\program files\diebold\warsaw\core.exe |
{0DDDF90A-F04A-43F0-B902-E47FBD5C5A95} -> profile=domain | protocol=6 | dir=in | action=allow | name=steam web helper | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
{1D5129C2-5210-48DA-A103-457BACEA6C30} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 |
{26ED5F1F-D3F8-4075-A635-D55259627E8F} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{2B899149-A567-46B4-BB91-4BEA2709DD3F} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 |
{2D4EF8C5-9209-4C8F-BFE8-4BBB58906027} -> profile=private | protocol=6 | dir=in | action=allow | name=total war: arena | app=c:\program files (x86)\steam\steamapps\common\total war arena\launcher\launcher.exe |
{39768467-9ED6-4878-8857-2C280CD5023A} -> protocol=17 | dir=in | action=allow | name=¼torrent (udp-in) | app=c:\users\cliente\appdata\roaming\utorrent\utorrent.exe |
{3EEA34A5-18C8-4603-B8EB-D80831AA57A5} -> profile=private | protocol=6 | dir=in | action=allow | name='firefox' (c:\program files (x86)\mozilla firefox) | app=c:\program files (x86)\mozilla firefox\firefox.exe |
{3F2C50AA-CCEF-4CEF-9B9C-B2E21DC2FD27} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 |
{70D46B2A-DEF9-4E63-9155-804C8C181CE4} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe |
{84C7FDD1-F958-4976-B627-E88D04F0CCD0} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 |
{860C84A2-C8CE-40E0-B19F-7F56160D97D1} -> profile=private | protocol=17 | dir=in | action=allow | name='firefox' (c:\program files (x86)\mozilla firefox) | app=c:\program files (x86)\mozilla firefox\firefox.exe |
{99996E43-AE31-4B3A-A64E-3994A7EBEA02} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{9A6968D7-3D3E-4177-9641-CECFEE1829A5} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{9E78CCD6-5638-4E1C-ABD0-A8CC68536EA7} -> profile=domain | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe |
{A4C9BECA-F3DB-4130-8CD7-15099D41BCC7} -> profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-32821 | app=%systemroot%\system32\svchost.exe | svc=upnphost |
{A88D205F-4421-4018-B434-A0ADBEC43BA7} -> protocol=6 | dir=in | action=allow | name=¼torrent (tcp-in) | app=c:\users\cliente\appdata\roaming\utorrent\utorrent.exe |
{B144CD29-E085-4461-A5F6-EB4E8E9F1954} -> profile=private | protocol=17 | dir=in | action=allow | name=firefox (c:\program files (x86)\mozilla firefox) | app=c:\program files (x86)\mozilla firefox\firefox.exe |
{C27AE2EA-9765-49DE-83B2-8D6704AD258C} -> profile=private | protocol=17 | dir=in | action=allow | name=total war: arena | app=c:\program files (x86)\steam\steamapps\common\total war arena\launcher\launcher.exe |
{C9AD62F6-8DAE-4785-A19C-BB58B1F16710} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{D3DC30CD-9B13-45E6-A2D2-C48BF35656B0} -> profile=private | protocol=6 | dir=in | action=allow | name=firefox (c:\program files (x86)\mozilla firefox) | app=c:\program files (x86)\mozilla firefox\firefox.exe |
{DDA4EFCE-1415-47B1-B06D-5905F74AD296} -> profile=domain | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe |
{EAFEA22C-2C16-4C1C-AA1A-D7C074ADA5C5} -> profile=domain | protocol=17 | dir=in | action=allow | name=steam web helper | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
TCP Query User{CDE7F039-1E1E-4049-A0EE-B1FB358BE49B}C:\users\cliente\appdata\local\akamai\netsession_win.exe -> profile=private | protocol=6 | dir=in | action=allow | name=netsession_win.exe | app=c:\users\cliente\appdata\local\akamai\netsession_win.exe |
TCP Query User{E8F55FB6-E64F-4994-907D-4B04173B2FFC}C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe -> profile=private | protocol=6 | dir=in | action=allow | name=total war: arena | app=c:\program files (x86)\steam\steamapps\common\total war arena\arena.exe |
UDP Query User{3E07B701-57AD-428B-A667-AD8A27DF43B3}C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe -> profile=private | protocol=17 | dir=in | action=allow | name=total war: arena | app=c:\program files (x86)\steam\steamapps\common\total war arena\arena.exe |
UDP Query User{FC2C2B36-9B7A-41FA-BF07-42D98FF801EB}C:\users\cliente\appdata\local\akamai\netsession_win.exe -> profile=private | protocol=17 | dir=in | action=allow | name=netsession_win.exe | app=c:\users\cliente\appdata\local\akamai\netsession_win.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 0 ->
"DisplayName" -> Driver de CD-ROM ->
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/21 01:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.html [@ = htmlfile] -> C:\Program Files\Internet Explorer\iexplore.exe -> [2015/12/01 02:42:54 | 000,814,288 | ---- | M] (Microsoft Corporation)
.url [@ = InternetShortcut] -> C:\Windows\SysNative\rundll32.exe -> [2009/07/13 23:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.cpl [@ = cplfile] -> C:\Windows\SysWow64\control.exe -> [2009/07/13 23:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)
.exe [@ = exefile] -> "%1" %* ->
.html [@ = htmlfile] -> C:\Program Files\Internet Explorer\iexplore.exe -> [2015/12/01 02:42:54 | 000,814,288 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\SOFTWARE\Classes\<extension>\ ->
.html [@ = FirefoxHTML] -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2015/11/07 01:50:53 | 000,392,872 | ---- | M] (Mozilla Corporation)
< 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
AppMgmt -> C:\Windows\SysNative\appmgmts.dll -> [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< 64bit-Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2006/10/26 21:34:20 | 000,108,856 | ---- | M] (Microsoft Corporation)
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2006/10/26 22:41:48 | 000,044,344 | ---- | M] (Microsoft Corporation)
< 64bit-Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found
skype-ie-addon-data:{91774881-D725-4E58-B298-07617B9B86A8} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll[Skype IE add-on Pluggable Protocol] -> [2013/11/20 10:45:00 | 006,270,336 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} [HKLM] -> C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL[Local Groove Web Services Protocol] -> [2006/10/27 01:48:02 | 000,222,512 | ---- | M] (Microsoft Corporation)
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL[IEProtocolHandler Class] -> [2013/02/26 16:38:30 | 001,996,392 | R--- | M] (Skype Technologies)
skype-ie-addon-data:{91774881-D725-4E58-B298-07617B9B86A8} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll[Skype IE add-on Pluggable Protocol] -> [2013/11/20 10:45:00 | 004,502,400 | ---- | M] (Microsoft Corporation)
< 64bit-Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"cval" -> [1] -> File not found
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
\Svc\\"VistaSp1" -> [28 4D B2 76 41 04 CA 01 [binary data]] -> File not found
\Svc\\"AntiVirusOverride" -> [0] -> File not found
\Svc\\"AntiSpywareOverride" -> [0] -> File not found
\Svc\\"FirewallOverride" -> [0] -> File not found
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol\ -> ->
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
\Monitoring\KasperskyAntiVirus\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
< Windows DomainProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
\\"EnableFirewall" -> [1] -> File not found
\\"DisableNotifications" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\ -> ->
< Windows StandardProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" -> [1] -> File not found
\\"DisableNotifications" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
knownfolder -> 0 = Computer (Not a Default Protocol) ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
@ivt -> @ivt protocol not assigned ->
file -> file protocol not assigned ->
ftp -> ftp protocol not assigned ->
http -> http protocol not assigned ->
https -> https protocol not assigned ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
@ivt -> @ivt protocol not assigned ->
file -> file protocol not assigned ->
ftp -> ftp protocol not assigned ->
http -> http protocol not assigned ->
https -> https protocol not assigned ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\] - Select to Repair > -> HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
knownfolder -> 0 = Computer (Not a Default Protocol) ->
< 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{1D8E6291-B0D5-35EC-8441-6616F567A0F7} -> Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1 -> Warsaw 1.8.0.10356 64 bits
{26A24AE4-039D-4CA4-87B4-2F86418066F0} -> Java 8 Update 66 (64-bit)
{27986EDD-C9EC-4B52-B92F-06D073F0AA52} -> Motorola Mobile Drivers Installation 6.4.0
{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1 -> MPC-HC 1.7.9 (64-bit)
{37B8F9C7-03FB-3253-8781-2517C99D7C00} -> Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} -> Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A} -> Microsoft .NET Framework 4 Extended PTB Language Pack
{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} -> Microsoft .NET Framework 4.5.1
{8220EEFE-38CD-377E-8595-13398D740ACE} -> Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
{90120000-002A-0000-1000-0000000FF1CE} -> Microsoft Office Office 64-bit Components 2007
{90120000-002A-0416-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
{929FBD26-9020-399B-9A7A-751D61F0B942} -> Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 -> Microsoft .NET Framework 4.5.1
{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} -> Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision -> NVIDIA Driver do 3D Vision 355.98
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel -> Painel de controle da NVIDIA 355.98
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver -> NVIDIA Driver de gráficos 355.98
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB -> NVIDIA Driver de controle do 3D Vision 352.65
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver -> NVIDIA Driver de áudio HD 1.3.34.3
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer -> NVIDIA Install Application
{B7693CDE-074B-301C-9584-FC4343696C8B} -> Microsoft .NET Framework 4 Client Profile PTB Language Pack
{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} -> Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
CCleaner -> CCleaner
CPUID HWMonitor_is1 -> CPUID HWMonitor 1.28
Microsoft .NET Framework 4 Client Profile PTB Language Pack -> Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
Microsoft .NET Framework 4 Extended PTB Language Pack -> Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
TeamSpeak 3 Client -> TeamSpeak 3 Client
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{050d4fc8-5d48-4b8f-8972-47c82c46020f} -> Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} -> Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
{196467F1-C11F-4F76-858B-5812ADC83B94} -> MSXML 4.0 SP3 Parser
{28DB8373-C1BB-444F-A427-A55585A12ED7} -> Motorola Device Manager
{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} -> Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} -> Google Update Helper
{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB} -> NVIDIA PhysX
{653C1B5A-3287-47B1-8613-0745D4E771C4} -> Kaspersky Anti-Virus
{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} -> Microsoft Visual C++ 2005 Redistributable
{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7} -> Skype"! 6.14
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13} -> Motorola Device Software Update
{90120000-0015-0416-0000-0000000FF1CE} -> Microsoft Office Access MUI (Portuguese (Brazil)) 2007
{90120000-0016-0416-0000-0000000FF1CE} -> Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
{90120000-0018-0416-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
{90120000-0019-0416-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
{90120000-001A-0416-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
{90120000-001B-0416-0000-0000000FF1CE} -> Microsoft Office Word MUI (Portuguese (Brazil)) 2007
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0416-0000-0000000FF1CE} -> Microsoft Office Proof (Portuguese (Brazil)) 2007
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-002C-0416-0000-0000000FF1CE} -> Microsoft Office Proofing (Portuguese (Brazil)) 2007
{90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{41B99ED2-1BE3-4006-A04C-CEC84CC0B6D6} ->
{90120000-0044-0416-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
{90120000-006E-0416-0000-0000000FF1CE} -> Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
{90120000-00A1-0416-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
{90120000-00BA-0416-0000-0000000FF1CE} -> Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{9BE518E6-ECC6-35A9-88E4-87755C07200F} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
{AC76BA86-0804-1033-1959-001824161310} -> Adobe Refresh Manager
{AC76BA86-7AD7-1046-7B44-AC0F074E4100} -> Adobe Acrobat Reader DC - Português
{B175520C-86A2-35A7-8619-86DC379688B9} -> Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
{BB285C9F-C821-4770-8970-56C4AB52C87E} -> Skype Click to Call
{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} -> Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} -> Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1 -> aTube Catcher versão 3.8
{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 -> Auslogics DiskDefrag
{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} -> Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{f65db027-aff3-4070-886a-0d87064aabb1} -> Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} -> Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Adobe Flash Player ActiveX -> Adobe Flash Player 19 ActiveX
Afterburner -> MSI Afterburner 4.1.1
ENTERPRISE -> Microsoft Office Enterprise 2007
Glyph -> Glyph
Glyph Devilian Beta-US -> Devilian Beta-US
Google Chrome -> Google Chrome
InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4} -> Kaspersky Anti-Virus
KingdomClient_is1 -> Kingdom
Mozilla Firefox 42.0 (x86 pt-BR) -> Mozilla Firefox 42.0 (x86 pt-BR)
MozillaMaintenanceService -> Mozilla Maintenance Service
NVIDIAStereo -> NVIDIA Stereoscopic 3D Driver
RTSS -> RivaTuner Statistics Server 6.3.0
SandboxAlbionOnline -> Albion Online
Steam -> Steam
Steam App 227520 -> Total War: Arena
WinRAR archiver -> WinRAR 4.20 (32-bit)
< Uninstall List [HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\] > -> HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
Akamai -> Akamai NetSession Interface
uTorrent -> µTorrent
WinDirStat -> WinDirStat 1.1.2
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 30/11/2015 22:53:28 Computer Name = Cliente-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 01/12/2015 00:50:16 Computer Name = Cliente-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 01/12/2015 08:26:00 Computer Name = Cliente-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 01/12/2015 08:31:40 Computer Name = Cliente-PC | Source = Application Hang | ID = 1002 -> Description = O programa IEXPLORE.EXE versão 11.0.9600.17840 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 13a4 Hora de Início: 01d12c339f7d750e Hora de Término: 31 Caminho do Aplicativo: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Id do Relatório:
Application [ Error ] 01/12/2015 08:38:05 Computer Name = Cliente-PC | Source = Application Hang | ID = 1002 -> Description = O programa IEXPLORE.EXE versão 11.0.9600.17840 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 10c8 Hora de Início: 01d12c34f8d8be0d Hora de Término: 16 Caminho do Aplicativo: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Id do Relatório:
Application [ Error ] 01/12/2015 10:19:39 Computer Name = Cliente-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 01/12/2015 14:56:35 Computer Name = Cliente-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 01/12/2015 17:35:47 Computer Name = Cliente-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 01/12/2015 19:26:55 Computer Name = Cliente-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 01/12/2015 22:58:56 Computer Name = Cliente-PC | Source = WinMgmt | ID = 10 -> Description =
System [ Error ] 08/10/2015 21:06:50 Computer Name = Cliente-PC | Source = Service Control Manager | ID = 7009 -> Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Windows Search.
System [ Error ] 08/10/2015 21:06:50 Computer Name = Cliente-PC | Source = Service Control Manager | ID = 7000 -> Description = Não foi possível iniciar o serviço Windows Search devido ao seguinte erro: %%1053
System [ Error ] 08/10/2015 21:06:50 Computer Name = Cliente-PC | Source = Service Control Manager | ID = 7009 -> Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Windows Search.
System [ Error ] 08/10/2015 21:06:50 Computer Name = Cliente-PC | Source = Service Control Manager | ID = 7000 -> Description = Não foi possível iniciar o serviço Windows Search devido ao seguinte erro: %%1053
System [ Error ] 08/10/2015 21:06:50 Computer Name = Cliente-PC | Source = Service Control Manager | ID = 7009 -> Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Windows Search.
System [ Error ] 08/10/2015 21:06:50 Computer Name = Cliente-PC | Source = Service Control Manager | ID = 7000 -> Description = Não foi possível iniciar o serviço Windows Search devido ao seguinte erro: %%1053
System [ Error ] 08/10/2015 21:06:50 Computer Name = Cliente-PC | Source = Service Control Manager | ID = 7009 -> Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Windows Search.
System [ Error ] 08/10/2015 21:06:50 Computer Name = Cliente-PC | Source = Service Control Manager | ID = 7000 -> Description = Não foi possível iniciar o serviço Windows Search devido ao seguinte erro: %%1053
System [ Error ] 08/10/2015 21:06:52 Computer Name = Cliente-PC | Source = Service Control Manager | ID = 7009 -> Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Windows Search.
System [ Error ] 08/10/2015 21:06:52 Computer Name = Cliente-PC | Source = Service Control Manager | ID = 7000 -> Description = Não foi possível iniciar o serviço Windows Search devido ao seguinte erro: %%1053

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Cliente\Desktop\OTS.exe -> [2015/12/02 01:00:19 | 000,646,656 | ---- | C] (OldTimer Tools)
Easeware -> C:\Users\Cliente\AppData\Roaming\Easeware -> [2015/12/01 22:25:01 | 000,000,000 | ---D | C]
Adobe -> C:\Program Files (x86)\Common Files\Adobe -> [2015/12/01 02:31:40 | 000,000,000 | ---D | C]
Adobe -> C:\Program Files (x86)\Adobe -> [2015/12/01 02:19:20 | 000,000,000 | ---D | C]
Java -> C:\Program Files (x86)\Common Files\Java -> [2015/12/01 02:09:17 | 000,000,000 | ---D | C]
Java -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java -> [2015/12/01 02:08:49 | 000,000,000 | ---D | C]
SecurityCheck -> C:\SecurityCheck -> [2015/12/01 01:03:40 | 000,000,000 | ---D | C]
SecurityCheck.exe -> C:\Users\Cliente\Desktop\SecurityCheck.exe -> [2015/12/01 01:01:23 | 000,484,869 | ---- | C] (glax24 (safezone.cc))
Prefetch -> C:\Windows\Prefetch -> [2015/11/30 22:53:55 | 000,000,000 | ---D | C]
Albion Online -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online -> [2015/11/28 19:35:25 | 000,000,000 | ---D | C]
FRST -> C:\FRST -> [2015/11/28 17:17:41 | 000,000,000 | ---D | C]
Albion -> C:\Users\Cliente\AppData\Roaming\Albion -> [2015/11/28 14:33:23 | 000,000,000 | ---D | C]
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2015/11/28 14:28:09 | 000,000,000 | -HSD | C]
Temp -> C:\Windows\Temp -> [2015/11/28 13:49:02 | 000,000,000 | ---D | C]
Temp -> C:\Users\Cliente\AppData\Local\Temp -> [2015/11/28 13:49:02 | 000,000,000 | ---D | C]
zoek_backup -> C:\zoek_backup -> [2015/11/28 13:29:06 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2015/11/27 15:52:14 | 000,000,000 | ---D | C]
AdwCleaner -> C:\AdwCleaner -> [2015/11/27 01:08:49 | 000,000,000 | ---D | C]
ZHP -> C:\Users\Cliente\AppData\Roaming\ZHP -> [2015/11/26 18:57:07 | 000,000,000 | ---D | C]
uninst -> C:\uninst -> [2015/11/24 17:10:24 | 000,000,000 | ---D | C]
My Games -> C:\Users\Cliente\Documents\My Games -> [2015/11/24 17:03:14 | 000,000,000 | ---D | C]
Glyph -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph -> [2015/11/19 14:07:41 | 000,000,000 | ---D | C]
Glyph -> C:\Program Files (x86)\Glyph -> [2015/11/19 14:07:35 | 000,000,000 | ---D | C]
Overwolf -> C:\Users\Cliente\AppData\Local\Overwolf -> [2015/11/17 18:25:35 | 000,000,000 | ---D | C]
TS3Client -> C:\Users\Cliente\AppData\Roaming\TS3Client -> [2015/11/17 18:22:29 | 000,000,000 | ---D | C]
TeamSpeak 3 Client -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client -> [2015/11/17 18:22:25 | 000,000,000 | ---D | C]
TeamSpeak 3 Client -> C:\Program Files\TeamSpeak 3 Client -> [2015/11/17 18:22:25 | 000,000,000 | ---D | C]
Webzen -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen -> [2015/11/17 13:33:36 | 000,000,000 | ---D | C]
download -> C:\download -> [2015/11/17 11:54:53 | 000,000,000 | ---D | C]
WEBZEN -> C:\ProgramData\WEBZEN -> [2015/11/17 11:41:10 | 000,000,000 | ---D | C]
NexonUS -> C:\ProgramData\NexonUS -> [2015/11/16 22:50:53 | 000,000,000 | ---D | C]
Nexon -> C:\ProgramData\Nexon -> [2015/11/16 22:50:52 | 000,000,000 | ---D | C]
Neo_0009.sys -> C:\Windows\SysNative\drivers\Neo_0009.sys -> [2015/11/16 22:45:15 | 000,038,432 | ---- | C] (SoftEther Corporation)
vpncmd.exe -> C:\Windows\SysNative\vpncmd.exe -> [2015/11/16 19:50:42 | 000,144,104 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.)
AAA_Internet_Publishing,_ -> C:\Users\Cliente\AppData\Local\AAA_Internet_Publishing,_ -> [2015/11/16 18:48:32 | 000,000,000 | ---D | C]
Nexon -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon -> [2015/11/16 18:20:36 | 000,000,000 | ---D | C]
NexonLauncher -> C:\Users\Cliente\AppData\Local\NexonLauncher -> [2015/11/16 13:41:46 | 000,000,000 | ---D | C]
RivaTuner Statistics Server -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server -> [2015/11/15 22:56:35 | 000,000,000 | ---D | C]
RivaTuner Statistics Server -> C:\Program Files (x86)\RivaTuner Statistics Server -> [2015/11/15 22:56:31 | 000,000,000 | ---D | C]
MSI Afterburner -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner -> [2015/11/15 22:56:06 | 000,000,000 | ---D | C]
MSI Afterburner -> C:\Program Files (x86)\MSI Afterburner -> [2015/11/15 22:55:59 | 000,000,000 | ---D | C]
HWiNFO64A.SYS -> C:\Windows\SysNative\drivers\HWiNFO64A.SYS -> [2015/11/15 14:11:00 | 000,027,552 | ---- | C] (REALiX(tm))
BnS -> C:\Users\Cliente\Documents\BnS -> [2015/11/14 01:52:03 | 000,000,000 | ---D | C]
NCWest -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest -> [2015/11/13 22:09:06 | 000,000,000 | ---D | C]
Banco do Brasil_arquivos -> C:\Users\Cliente\Desktop\Banco do Brasil_arquivos -> [2015/11/12 16:01:54 | 000,000,000 | ---D | C]
Glyph -> C:\ProgramData\Glyph -> [2015/11/12 15:52:45 | 000,000,000 | ---D | C]
Microsoft -> C:\Program Files (x86)\Microsoft -> [2015/11/10 13:04:25 | 000,000,000 | ---D | C]
kingdom -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kingdom -> [2015/11/10 13:02:16 | 000,000,000 | ---D | C]
NTTGame -> C:\NTTGame -> [2015/11/10 12:58:10 | 000,000,000 | ---D | C]
FreeHideIP -> C:\Users\Cliente\AppData\Roaming\FreeHideIP -> [2015/11/09 23:17:15 | 000,000,000 | ---D | C]
FreeHideIP -> C:\ProgramData\FreeHideIP -> [2015/11/09 23:17:15 | 000,000,000 | ---D | C]
Leadhope -> C:\Leadhope -> [2015/11/07 17:23:44 | 000,000,000 | ---D | C]
FlyVPN -> C:\ProgramData\FlyVPN -> [2015/11/07 17:18:45 | 000,000,000 | ---D | C]
My Recorded Scripts -> C:\Users\Cliente\Documents\My Recorded Scripts -> [2015/11/07 16:21:07 | 000,000,000 | ---D | C]
Nemex -> C:\Users\Cliente\AppData\Local\Nemex -> [2015/11/07 16:21:02 | 000,000,000 | ---D | C]
Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2015/11/07 01:50:49 | 000,000,000 | ---D | C]
NCSOFT -> C:\Users\Cliente\Documents\NCSOFT -> [2015/11/06 01:37:38 | 000,000,000 | ---D | C]
NCSOFT -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT -> [2015/11/05 19:15:10 | 000,000,000 | ---D | C]
NCSOFT -> C:\Users\Cliente\AppData\Roaming\NCSOFT -> [2015/11/05 19:12:48 | 000,000,000 | ---D | C]
Info -> C:\ProgramData\Info -> [2015/11/05 00:29:36 | 000,000,000 | -HSD | C]
GameNet Themes -> C:\Users\Cliente\Documents\GameNet Themes -> [2015/11/02 17:14:42 | 000,000,000 | ---D | C]
THORN -> C:\Users\Cliente\AppData\Local\THORN -> [2015/11/02 17:07:47 | 000,000,000 | ---D | C]
Vebanaul -> C:\Users\Cliente\AppData\Local\Vebanaul -> [2015/11/02 17:06:05 | 000,000,000 | ---D | C]
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

[Files/Folders - Modified Within 30 Days]
ntuser.dat -> C:\Users\Cliente\ntuser.dat -> [2015/12/02 01:07:39 | 001,835,008 | -HS- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2015/12/02 01:04:31 | 000,026,352 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2015/12/02 01:04:31 | 000,026,352 | -H-- | M] ()
OTS.exe -> C:\Users\Cliente\Desktop\OTS.exe -> [2015/12/02 01:00:21 | 000,646,656 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2015/12/02 00:57:25 | 000,001,066 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2015/12/02 00:57:15 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2015/12/02 00:57:10 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2015/12/02 00:57:07 | 3220,627,456 | -HS- | M] ()
IconCache.db -> C:\Users\Cliente\AppData\Local\IconCache.db -> [2015/12/02 00:08:25 | 002,081,724 | -H-- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2015/12/02 00:08:03 | 000,001,070 | ---- | M] ()
Internet Explorer.lnk -> C:\Users\Cliente\Desktop\Internet Explorer.lnk -> [2015/12/01 03:01:23 | 000,001,393 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2015/12/01 02:54:41 | 001,643,802 | ---- | M] ()
prfh0416.dat -> C:\Windows\SysNative\prfh0416.dat -> [2015/12/01 02:54:41 | 000,708,738 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2015/12/01 02:54:41 | 000,657,194 | ---- | M] ()
prfc0416.dat -> C:\Windows\SysNative\prfc0416.dat -> [2015/12/01 02:54:41 | 000,148,518 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2015/12/01 02:54:41 | 000,123,006 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2015/12/01 02:48:50 | 000,419,960 | ---- | M] ()
ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2015/12/01 02:42:54 | 000,016,303 | ---- | M] ()
ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2015/12/01 02:42:54 | 000,016,303 | ---- | M] ()
SecurityCheck.exe -> C:\Users\Cliente\Desktop\SecurityCheck.exe -> [2015/12/01 01:01:29 | 000,484,869 | ---- | M] (glax24 (safezone.cc))
Banco do Brasil.htm -> C:\Users\Cliente\Desktop\Banco do Brasil.htm -> [2015/11/28 21:17:01 | 000,125,950 | ---- | M] ()
AlbionOnline.lnk -> C:\Users\Cliente\Desktop\AlbionOnline.lnk -> [2015/11/28 19:35:25 | 000,001,182 | ---- | M] ()
ntuser.pol -> C:\Users\Cliente\ntuser.pol -> [2015/11/28 14:28:02 | 000,000,008 | RHS- | M] ()
zoek-delete.exe -> C:\Windows\zoek-delete.exe -> [2015/11/28 13:29:05 | 000,024,064 | ---- | M] ()
ZHPCleaner.lnk -> C:\Users\Cliente\Desktop\ZHPCleaner.lnk -> [2015/11/27 02:10:48 | 000,000,834 | ---- | M] ()
Glyph.lnk -> C:\Users\Cliente\Desktop\Glyph.lnk -> [2015/11/19 14:07:42 | 000,001,001 | ---- | M] ()
TeamSpeak 3 Client.lnk -> C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk -> [2015/11/17 23:08:26 | 000,001,011 | ---- | M] ()
Neo_0009.sys -> C:\Windows\SysNative\drivers\Neo_0009.sys -> [2015/11/16 22:45:15 | 000,038,432 | ---- | M] (SoftEther Corporation)
vpncmd.exe -> C:\Windows\SysNative\vpncmd.exe -> [2015/11/16 19:50:42 | 000,144,104 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.)
MSI Afterburner.lnk -> C:\Users\Cliente\Desktop\MSI Afterburner.lnk -> [2015/11/15 22:56:06 | 000,001,090 | ---- | M] ()
HWiNFO64A.SYS -> C:\Windows\SysNative\drivers\HWiNFO64A.SYS -> [2015/11/15 14:11:00 | 000,027,552 | ---- | M] (REALiX(tm))
Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2015/11/11 15:11:18 | 000,002,181 | ---- | M] ()
Kingdom Online.lnk -> C:\Users\Public\Desktop\Kingdom Online.lnk -> [2015/11/10 13:02:20 | 000,000,749 | ---- | M] ()
KUF2Launcher.lnk -> C:\Users\Cliente\Desktop\KUF2Launcher.lnk -> [2015/11/07 17:25:03 | 000,000,783 | ---- | M] ()
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

[Files - No Company Name]
Internet Explorer.lnk -> C:\Users\Cliente\Desktop\Internet Explorer.lnk -> [2015/12/01 03:01:23 | 000,001,393 | ---- | C] ()
ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2015/12/01 02:42:54 | 000,016,303 | ---- | C] ()
ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2015/12/01 02:42:54 | 000,016,303 | ---- | C] ()
Acrobat Reader DC.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> [2015/12/01 02:31:41 | 000,002,441 | ---- | C] ()
AlbionOnline.lnk -> C:\Users\Cliente\Desktop\AlbionOnline.lnk -> [2015/11/28 19:35:25 | 000,001,182 | ---- | C] ()
zoek-delete.exe -> C:\Windows\zoek-delete.exe -> [2015/11/28 13:49:02 | 000,024,064 | ---- | C] ()
ZHPCleaner.lnk -> C:\Users\Cliente\Desktop\ZHPCleaner.lnk -> [2015/11/27 00:58:22 | 000,000,834 | ---- | C] ()
IconCache.db -> C:\Users\Cliente\AppData\Local\IconCache.db -> [2015/11/25 17:54:59 | 002,081,724 | -H-- | C] ()
Glyph.lnk -> C:\Users\Cliente\Desktop\Glyph.lnk -> [2015/11/19 14:07:42 | 000,001,001 | ---- | C] ()
TeamSpeak 3 Client.lnk -> C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk -> [2015/11/17 18:22:26 | 000,001,011 | ---- | C] ()
MSI Afterburner.lnk -> C:\Users\Cliente\Desktop\MSI Afterburner.lnk -> [2015/11/15 22:56:06 | 000,001,090 | ---- | C] ()
Banco do Brasil.htm -> C:\Users\Cliente\Desktop\Banco do Brasil.htm -> [2015/11/12 16:01:54 | 000,125,950 | ---- | C] ()
Kingdom Online.lnk -> C:\Users\Public\Desktop\Kingdom Online.lnk -> [2015/11/10 13:02:20 | 000,000,749 | ---- | C] ()
KUF2Launcher.lnk -> C:\Users\Cliente\Desktop\KUF2Launcher.lnk -> [2015/11/07 17:25:03 | 000,000,783 | ---- | C] ()
nvcompiler.dll -> C:\Windows\SysWow64\nvcompiler.dll -> [2015/09/24 00:11:12 | 037,819,000 | ---- | C] ()
NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2015/08/01 19:45:47 | 000,000,069 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2015/07/18 00:13:01 | 001,653,300 | ---- | C] ()
Resmon.ResmonCfg -> C:\Users\Cliente\AppData\Local\Resmon.ResmonCfg -> [2015/07/17 23:06:35 | 000,007,597 | ---- | C] ()
DP45977C.lfl -> C:\ProgramData\DP45977C.lfl -> [2015/07/17 17:55:09 | 000,000,000 | -H-- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Cliente\AppData\Local\GDIPFONTCACHEV1.DAT -> [2015/07/17 17:38:51 | 000,109,632 | ---- | C] ()
unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2015/07/17 17:38:18 | 000,178,688 | ---- | C] ()

[File - Lop Check]
0ad -> C:\Users\Cliente\AppData\Roaming\0ad -> [2015/08/21 02:38:20 | 000,000,000 | ---D | M]
Albion -> C:\Users\Cliente\AppData\Roaming\Albion -> [2015/11/28 14:33:23 | 000,000,000 | ---D | M]
AlbionOnline -> C:\Users\Cliente\AppData\Roaming\AlbionOnline -> [2015/12/01 22:36:53 | 000,000,000 | ---D | M]
Awesomium -> C:\Users\Cliente\AppData\Roaming\Awesomium -> [2015/11/14 17:40:29 | 000,000,000 | ---D | M]
com.playsaurus.heroclicker -> C:\Users\Cliente\AppData\Roaming\com.playsaurus.heroclicker -> [2015/09/18 21:35:07 | 000,000,000 | ---D | M]
Easeware -> C:\Users\Cliente\AppData\Roaming\Easeware -> [2015/12/01 22:25:01 | 000,000,000 | ---D | M]
FreeHideIP -> C:\Users\Cliente\AppData\Roaming\FreeHideIP -> [2015/11/09 23:17:15 | 000,000,000 | ---D | M]
Motorola -> C:\Users\Cliente\AppData\Roaming\Motorola -> [2015/10/28 14:34:48 | 000,000,000 | ---D | M]
Motorola Mobility -> C:\Users\Cliente\AppData\Roaming\Motorola Mobility -> [2015/10/28 14:56:09 | 000,000,000 | ---D | M]
NCSOFT -> C:\Users\Cliente\AppData\Roaming\NCSOFT -> [2015/11/05 19:12:48 | 000,000,000 | ---D | M]
Steam -> C:\Users\Cliente\AppData\Roaming\Steam -> [2015/11/24 20:11:37 | 000,000,000 | ---D | M]
steam.transformice.com -> C:\Users\Cliente\AppData\Roaming\steam.transformice.com -> [2015/09/18 21:40:32 | 000,000,000 | ---D | M]
Tera_Awesomium -> C:\Users\Cliente\AppData\Roaming\Tera_Awesomium -> [2015/08/08 04:17:55 | 000,000,000 | ---D | M]
The Creative Assembly -> C:\Users\Cliente\AppData\Roaming\The Creative Assembly -> [2015/09/15 12:34:33 | 000,000,000 | ---D | M]
TS3Client -> C:\Users\Cliente\AppData\Roaming\TS3Client -> [2015/11/24 02:43:00 | 000,000,000 | ---D | M]
Unity -> C:\Users\Cliente\AppData\Roaming\Unity -> [2015/08/07 12:38:32 | 000,000,000 | ---D | M]
uTorrent -> C:\Users\Cliente\AppData\Roaming\uTorrent -> [2015/11/24 21:03:11 | 000,000,000 | ---D | M]
ZHP -> C:\Users\Cliente\AppData\Roaming\ZHP -> [2015/11/30 22:53:56 | 000,000,000 | ---D | M]
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2015/12/01 10:24:28 | 000,001,774 | ---- | M] ()
[Custom Scans]

CREATERESTOREPOINT
Restore point Set: OTS Restore Point
< netsvcs >
< %systemroot%\system32\drivers\*.* /90 >
< %systemdrive%\drivers\*.exe >
< %SYSTEMDRIVE%\*.* >
.rnd -> C:\.rnd -> [2015/07/30 16:26:27 | 000,001,024 | ---- | M] ()
bootmgr -> C:\bootmgr -> [2010/11/21 01:23:51 | 000,383,786 | RHS- | M] ()
BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2015/07/17 17:06:57 | 000,008,192 | RHS- | M] ()
DelFix.txt -> C:\DelFix.txt -> [2015/07/08 13:46:59 | 000,000,959 | ---- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2015/12/02 00:57:07 | 3220,627,456 | -HS- | M] ()
JBSTQ -> C:\JBSTQ -> [2015/07/17 17:32:17 | 000,427,901 | RHS- | M] ()
ntldr -> C:\ntldr -> [2008/04/13 12:31:44 | 000,251,696 | RHS- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2015/12/02 00:57:08 | 209,715,200 | -HS- | M] ()
PureRa.txt -> C:\PureRa.txt -> [2015/11/25 17:37:57 | 000,003,686 | ---- | M] ()
TJOXF -> C:\TJOXF -> [2014/04/02 18:31:45 | 000,346,483 | RHS- | M] ()
zoek-results.log -> C:\zoek-results.log -> [2015/11/28 14:28:02 | 000,035,689 | ---- | M] ()
< %LOCALAPPDATA%\*.exe >
< %LOCALAPPDATA%\*.txt >
< %LOCALAPPDATA%\*.ini >
< %LOCALAPPDATA%\*.dll >
< %LOCALAPPDATA%\*.dat >
GDIPFONTCACHEV1.DAT -> C:\Users\Cliente\AppData\Local\GDIPFONTCACHEV1.DAT -> [2015/07/31 00:43:15 | 000,109,632 | ---- | M] ()
< %USERPROFILE%\*.exe >
< %USERPROFILE%\*.txt >
< %USERPROFILE%\*.ini >
ntuser.ini -> C:\Users\Cliente\ntuser.ini -> [2015/07/17 17:29:02 | 000,000,020 | -HS- | M] ()
< %USERPROFILE%\*.dll >
< %USERPROFILE%\*.dat /30 >
ntuser.dat -> C:\Users\Cliente\ntuser.dat -> [2015/12/02 01:07:39 | 001,835,008 | -HS- | M] ()
< C:\windows\system32\Tasks\*.* /s >
< C:\windows\system32\Tasks\*.* /s /64 >
Adobe Acrobat Update Task -> C:\Windows\SysNative\Tasks\Adobe Acrobat Update Task -> [2015/12/01 03:02:46 | 000,003,886 | ---- | M] ()
CCleanerSkipUAC -> C:\Windows\SysNative\Tasks\CCleanerSkipUAC -> [2015/07/19 15:54:41 | 000,002,798 | ---- | M] ()
GameNet -> C:\Windows\SysNative\Tasks\GameNet -> [2015/11/05 01:51:43 | 000,004,296 | ---- | M] ()
GoogleUpdateTaskMachineCore -> C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore -> [2015/09/17 08:03:14 | 000,003,814 | ---- | M] ()
GoogleUpdateTaskMachineUA -> C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA -> [2015/09/17 08:03:14 | 000,004,066 | ---- | M] ()
HWiNFO -> C:\Windows\SysNative\Tasks\HWiNFO -> [2015/11/15 13:40:25 | 000,002,932 | ---- | M] ()
{0F031549-EDB4-44C3-AADC-EE6CED2555E0} -> C:\Windows\SysNative\Tasks\{0F031549-EDB4-44C3-AADC-EE6CED2555E0} -> [2015/11/15 01:45:42 | 000,002,984 | ---- | M] ()
AD RMS Rights Policy Template Management (Automated) -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) -> [2009/07/14 02:53:29 | 000,004,472 | ---- | M] ()
AD RMS Rights Policy Template Management (Manual) -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) -> [2009/07/14 02:53:29 | 000,003,854 | ---- | M] ()
PolicyConverter -> C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter -> [2009/07/14 02:54:39 | 000,002,900 | ---- | M] ()
VerifiedPublisherCertStoreCheck -> C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck -> [2009/07/14 02:54:39 | 000,003,790 | ---- | M] ()
AitAgent -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\AitAgent -> [2009/07/14 02:54:05 | 000,003,458 | ---- | M] ()
ProgramDataUpdater -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater -> [2009/07/14 02:54:05 | 000,003,614 | ---- | M] ()
Proxy -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy -> [2009/07/14 02:49:22 | 000,003,026 | ---- | M] ()
UninstallDeviceTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask -> [2009/07/14 02:57:09 | 000,001,862 | ---- | M] ()
SystemTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask -> [2009/07/14 02:53:22 | 000,004,130 | ---- | M] ()
UserTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask -> [2009/07/14 02:53:22 | 000,003,868 | ---- | M] ()
UserTask-Roam -> C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam -> [2009/07/14 03:09:01 | 000,003,134 | ---- | M] ()
Consolidator -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> [2009/07/14 02:57:09 | 000,002,934 | ---- | M] ()
KernelCeipTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask -> [2009/07/14 02:53:33 | 000,003,946 | ---- | M] ()
UsbCeip -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip -> [2009/07/14 02:54:08 | 000,003,598 | ---- | M] ()
ScheduledDefrag -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag -> [2009/07/14 02:57:12 | 000,003,886 | ---- | M] ()
Scheduled -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled -> [2009/07/14 02:57:07 | 000,004,018 | ---- | M] ()
Microsoft-Windows-DiskDiagnosticDataCollector -> C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector -> [2015/08/30 02:00:00 | 000,003,760 | ---- | M] ()
Microsoft-Windows-DiskDiagnosticResolver -> C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver -> [2015/07/17 17:12:44 | 000,002,538 | ---- | M] ()
Notifications -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Location\Notifications -> [2009/07/14 02:57:13 | 000,003,554 | ---- | M] ()
WinSAT -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT -> [2015/10/18 13:59:23 | 000,004,084 | ---- | M] ()
ActivateWindowsSearch -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch -> [2015/08/30 14:37:13 | 000,002,420 | ---- | M] ()
ConfigureInternetTimeService -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService -> [2015/08/30 14:37:09 | 000,002,448 | ---- | M] ()
DispatchRecoveryTasks -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks -> [2015/11/02 17:15:49 | 000,003,650 | ---- | M] ()
ehDRMInit -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ehDRMInit -> [2015/08/30 14:37:07 | 000,002,400 | ---- | M] ()
InstallPlayReady -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\InstallPlayReady -> [2015/08/30 14:37:11 | 000,002,546 | ---- | M] ()
mcupdate -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\mcupdate -> [2015/08/30 14:37:19 | 000,002,790 | ---- | M] ()
MediaCenterRecoveryTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> [2015/08/30 14:37:24 | 000,002,954 | ---- | M] ()
ObjectStoreRecoveryTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> [2015/08/30 14:37:21 | 000,002,958 | ---- | M] ()
OCURActivate -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\OCURActivate -> [2015/08/30 14:37:07 | 000,002,380 | ---- | M] ()
OCURDiscovery -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\OCURDiscovery -> [2015/08/30 14:37:04 | 000,002,400 | ---- | M] ()
PBDADiscovery -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscovery -> [2015/08/30 14:37:06 | 000,002,384 | ---- | M] ()
PBDADiscoveryW1 -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 -> [2015/08/30 14:37:29 | 000,003,226 | ---- | M] ()
PBDADiscoveryW2 -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 -> [2015/08/30 14:37:30 | 000,003,228 | ---- | M] ()
PeriodicScanRetry -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry -> [2015/08/30 14:37:00 | 000,003,822 | ---- | M] ()
PvrRecoveryTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask -> [2015/08/30 14:37:20 | 000,002,926 | ---- | M] ()
PvrScheduleTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask -> [2015/08/30 14:37:23 | 000,002,918 | ---- | M] ()
RecordingRestart -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\RecordingRestart -> [2015/08/30 14:37:02 | 000,003,078 | ---- | M] ()
RegisterSearch -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\RegisterSearch -> [2015/08/30 14:37:10 | 000,002,408 | ---- | M] ()
ReindexSearchRoot -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot -> [2015/08/30 14:37:12 | 000,002,432 | ---- | M] ()
SqlLiteRecoveryTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> [2015/08/30 14:37:22 | 000,002,942 | ---- | M] ()
StartRecording -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\StartRecording -> [2015/11/02 17:15:47 | 000,003,418 | ---- | M] ()
UpdateRecordPath -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath -> [2015/08/30 14:37:08 | 000,002,736 | ---- | M] ()
CorruptionDetector -> C:\Windows\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> [2009/07/14 02:53:33 | 000,003,304 | ---- | M] ()
DecompressionFailureDetector -> C:\Windows\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> [2009/07/14 02:53:33 | 000,003,510 | ---- | M] ()
HotStart -> C:\Windows\SysNative\Tasks\Microsoft\Windows\MobilePC\HotStart -> [2015/07/17 17:12:50 | 000,003,576 | ---- | M] ()
LPRemove -> C:\Windows\SysNative\Tasks\Microsoft\Windows\MUI\LPRemove -> [2009/07/14 02:54:22 | 000,003,168 | ---- | M] ()
SystemSoundsService -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService -> [2009/07/14 02:57:07 | 000,002,602 | ---- | M] ()
GatherNetworkInfo -> C:\Windows\SysNative\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo -> [2009/07/14 02:54:39 | 000,002,044 | ---- | M] ()
Background Synchronization -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Offline Files\Background Synchronization -> [2015/07/17 17:28:36 | 000,004,082 | ---- | M] ()
Logon Synchronization -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization -> [2015/07/17 17:12:42 | 000,003,058 | ---- | M] ()
BackgroundConfigSurveyor -> C:\Windows\SysNative\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> [2009/07/14 02:55:03 | 000,002,832 | ---- | M] ()
AnalyzeSystem -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem -> [2009/07/14 02:53:47 | 000,003,752 | ---- | M] ()
RacTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\RAC\RacTask -> [2009/07/14 02:57:07 | 000,004,370 | ---- | M] ()
MobilityManager -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Ras\MobilityManager -> [2009/07/14 02:49:35 | 000,003,052 | ---- | M] ()
RegIdleBackup -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Registry\RegIdleBackup -> [2009/07/14 02:54:36 | 000,003,956 | ---- | M] ()
RemoteAssistanceTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> [2009/07/14 02:57:09 | 000,004,596 | ---- | M] ()
WindowsParentalControls -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControls -> [2009/07/14 02:57:07 | 000,003,616 | ---- | M] ()
WindowsParentalControlsMigration -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration -> [2009/07/14 03:09:03 | 000,003,912 | ---- | M] ()
AutoWake -> C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\AutoWake -> [2015/07/17 17:12:45 | 000,003,784 | ---- | M] ()
GadgetManager -> C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\GadgetManager -> [2015/07/17 17:12:46 | 000,003,612 | ---- | M] ()
SessionAgent -> C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\SessionAgent -> [2015/07/17 17:29:21 | 000,003,698 | ---- | M] ()
SystemDataProviders -> C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\SystemDataProviders -> [2015/07/17 17:29:36 | 000,003,792 | ---- | M] ()
SvcRestartTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask -> [2009/07/14 02:49:17 | 000,003,942 | ---- | M] ()
SR -> C:\Windows\SysNative\Tasks\Microsoft\Windows\SystemRestore\SR -> [2009/07/14 03:01:13 | 000,003,506 | ---- | M] ()
Interactive -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Task Manager\Interactive -> [2009/07/14 02:53:50 | 000,002,614 | ---- | M] ()
IpAddressConflict1 -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 -> [2009/07/14 02:53:21 | 000,003,950 | ---- | M] ()
IpAddressConflict2 -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 -> [2009/07/14 02:53:21 | 000,004,066 | ---- | M] ()
MsCtfMonitor -> C:\Windows\SysNative\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor -> [2009/07/14 02:53:46 | 000,002,978 | ---- | M] ()
SynchronizeTime -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime -> [2009/07/14 02:49:48 | 000,003,388 | ---- | M] ()
UPnPHostConfig -> C:\Windows\SysNative\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig -> [2009/07/14 02:49:26 | 000,001,730 | ---- | M] ()
HiveUploadTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask -> [2009/07/14 02:53:37 | 000,003,420 | ---- | M] ()
ResolutionHost -> C:\Windows\SysNative\Tasks\Microsoft\Windows\WDI\ResolutionHost -> [2009/07/14 02:49:24 | 000,002,682 | ---- | M] ()
QueueReporting -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting -> [2009/07/14 02:49:16 | 000,003,048 | ---- | M] ()
BfeOnServiceStartTypeChange -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange -> [2009/07/14 02:49:42 | 000,003,290 | ---- | M] ()
UpdateLibrary -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> [2015/08/30 14:37:27 | 000,003,500 | ---- | M] ()
ConfigNotification -> C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification -> [2010/11/21 00:53:42 | 000,004,330 | ---- | M] ()
Calibration Loader -> C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader -> [2009/07/14 03:09:01 | 000,003,532 | ---- | M] ()
CacheTask -> C:\Windows\SysNative\Tasks\Microsoft\Windows\Wininet\CacheTask -> [2015/12/01 02:49:36 | 000,003,540 | ---- | M] ()
SqmUpload_S-1-5-21-3195528365-2483452637-1177309064-1000 -> C:\Windows\SysNative\Tasks\WPD\SqmUpload_S-1-5-21-3195528365-2483452637-1177309064-1000 -> [2015/07/17 17:50:24 | 000,004,486 | ---- | M] ()
< %windir%\tasks\*.* /s >
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2015/12/02 00:57:25 | 000,001,066 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2015/12/02 01:08:00 | 000,001,070 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2015/12/02 00:57:15 | 000,000,006 | -H-- | M] ()
SCHEDLGU.TXT -> C:\Windows\tasks\SCHEDLGU.TXT -> [2015/12/01 10:24:28 | 000,001,774 | ---- | M] ()
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
desktop.ini -> C:\Windows\Fonts\desktop.ini -> [2009/06/10 18:49:50 | 000,000,065 | ---- | M] ()
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.com >
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/14 03:32:31 | 000,026,040 | ---- | M] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/14 03:32:31 | 000,026,489 | ---- | M] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/14 03:32:31 | 000,029,779 | ---- | M] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/14 03:32:31 | 000,043,318 | ---- | M] ()
< %systemroot%\*.scr >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
\\"FlyVPN" -> [[Binary data over 100 bytes]] -> File not found
\\"SavedLegacySettings" -> [[Binary data over 100 bytes]] -> File not found
\\"DefaultConnectionSettings" -> [[Binary data over 100 bytes]] -> File not found
< End of report >
[/code]

Publicité


Signaler le contenu de ce document

Publicité