cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 12/12/2015 03:05:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pc\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 55,77% Memory free
5,49 Gb Paging File | 3,86 Gb Available in Paging File | 70,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 408,70 Gb Free Space | 87,77% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 311,26 Gb Free Space | 66,83% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/12/12 03:02:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Downloads\OTL.exe
PRC - [2015/12/04 19:32:56 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Chrome\Application\chrome.exe
PRC - [2015/11/20 15:30:53 | 000,282,016 | R--- | M] (Symantec Corporation) -- C:\Arquivos de Programas\Norton 360\Engine\22.5.5.15\n360.exe
PRC - [2015/11/11 18:52:22 | 000,815,304 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Internet Explorer\iexplore.exe
PRC - [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/10/12 10:30:26 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2015/10/12 10:30:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2015/10/09 22:39:43 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2015/09/30 15:46:27 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\GWX\GWX.exe
PRC - [2015/09/22 18:08:32 | 000,593,120 | ---- | M] (GAS Tecnologia) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe
PRC - [2015/05/09 01:12:59 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/12/26 05:53:02 | 000,076,960 | ---- | M] (Atheros) -- C:\Arquivos de Programas\Atheros\Ath_WlanAgent.exe
PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 10:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Sidebar\sidebar.exe
PRC - [2009/02/26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/12/09 18:25:29 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\49308d4b1ba1d332ba25ddea4dac000e\WindowsFormsIntegration.ni.dll
MOD - [2015/12/09 17:55:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4820b4fd008735649ef8aa3ececa5b51\PresentationFramework.Aero.ni.dll
MOD - [2015/12/09 17:54:54 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8025510764161c3afc839ecdae394eb8\PresentationFramework.ni.dll
MOD - [2015/12/09 17:53:54 | 012,255,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d5568a721c541cd3b66e50e92968e6\PresentationCore.ni.dll
MOD - [2015/12/09 17:53:26 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\95fe8bcfce8e5b609f6432ad43d854db\WindowsBase.ni.dll
MOD - [2015/12/04 19:32:53 | 001,583,432 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
MOD - [2015/12/04 19:32:52 | 000,081,224 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\47.0.2526.80\libegl.dll
MOD - [2015/11/12 05:29:44 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\dc5e9aaf3f627418b920205c75b926df\System.Windows.Forms.ni.dll
MOD - [2015/10/10 18:08:32 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\63e9d5c341d64a753cde97f5a3d65c71\System.Core.ni.dll
MOD - [2015/10/10 17:55:40 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0967cf5c31691f38d013263304d2dacb\System.Runtime.Remoting.ni.dll
MOD - [2015/10/10 17:55:25 | 011,923,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\38234ab6b7aa0762a54e27862d8bbdfe\System.Web.ni.dll
MOD - [2015/10/10 17:55:11 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\82ecf48db57ddf66f74fca17b0f99453\System.Drawing.ni.dll
MOD - [2015/10/10 17:55:02 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2015/10/10 17:54:54 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\007fc007edc388d9806dff94ee04f129\System.Configuration.ni.dll
MOD - [2015/10/10 17:54:43 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2015/10/10 17:54:27 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2015/01/21 04:44:57 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2013/07/08 10:41:17 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011/08/10 14:08:08 | 000,369,152 | ---- | M] () -- C:\Arquivos de Programas\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/03/14 15:21:10 | 000,016,384 | ---- | M] () -- C:\Arquivos de Programas\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010/11/04 23:53:19 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_pt-BR_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/11/04 23:53:12 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.resources.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Unknown (-1) | Running] -- -- (Warsaw Technology)
SRV - [2015/11/20 15:30:53 | 000,282,016 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\22.5.5.15\N360.exe -- (N360)
SRV - [2015/11/09 22:03:07 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/12 10:30:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2015/09/22 18:08:32 | 000,593,120 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2015/07/22 15:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2013/05/27 02:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/26 05:53:02 | 000,076,960 | ---- | M] (Atheros) [Auto | Running] -- C:\Arquivos de Programas\Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/02/26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Unknown (-1) | Unknown (-1) | Unknown] -- -- (Warsaw Technology)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\gbpddreg32.sys -- (gbpddreg)
DRV - [2015/12/11 22:14:03 | 000,080,728 | ---- | M] (GAS Tecnologia) [File_System | System | Running] -- C:\Windows\System32\drivers\wsddfac.sys -- (wsddfac)
DRV - [2015/12/04 17:00:04 | 000,580,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Arquivos de Programas\Norton 360\NortonData\22.5.4.24\Definitions\IPSDefs\20151211.001\IDSvix86.sys -- (IDSVix86)
DRV - [2015/11/18 00:26:34 | 000,389,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Arquivos de Programas\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2015/11/18 00:26:34 | 000,125,264 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2015/11/11 21:29:07 | 000,431,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1605050.00F\symnets.sys -- (SymNetS)
DRV - [2015/11/11 21:28:54 | 001,287,408 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1605050.00F\symefasi.sys -- (SymEFASI)
DRV - [2015/11/11 21:28:46 | 000,712,944 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1605050.00F\srtsp.sys -- (SRTSP)
DRV - [2015/11/10 01:26:58 | 000,029,400 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\System32\drivers\gbpndisrdn.sys -- (ndisrd)
DRV - [2015/10/27 15:09:16 | 001,647,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20151211.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2015/10/27 15:09:16 | 000,104,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20151211.017\NAVENG.SYS -- (NAVENG)
DRV - [2015/10/13 17:03:42 | 000,103,152 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2015/10/12 10:30:44 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2015/10/12 10:30:42 | 000,066,688 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2015/10/12 10:30:42 | 000,033,408 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2015/10/12 10:30:29 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2015/10/12 10:30:28 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2015/10/08 16:51:27 | 001,193,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Arquivos de Programas\Norton 360\NortonData\22.5.4.24\Definitions\BASHDefs\20151207.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2015/09/23 20:49:23 | 000,234,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1605050.00F\ironx86.sys -- (SymIRON)
DRV - [2015/09/23 20:49:21 | 000,044,792 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1605050.00F\srtspx.sys -- (SRTSPX)
DRV - [2015/09/23 20:49:16 | 000,137,456 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1605050.00F\ccsetx86.sys -- (ccSet_N360)
DRV - [2015/08/19 15:19:16 | 000,049,496 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2015/07/07 16:06:58 | 000,031,448 | ---- | M] (Basil) [Kernel | Disabled | Running] -- C:\Arquivos de Programas\Diebold\Warsaw\WinDivert32.sys -- (WinDivert1.1)
DRV - [2015/06/11 15:15:04 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2015/03/18 10:23:04 | 000,079,064 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\System32\drivers\wsddpp.sys -- (wsddpp)
DRV - [2010/11/20 10:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 10:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 10:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 08:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 07:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 07:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 07:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [String data over 1000 bytes]
IE - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [String data over 1000 bytes]
IE - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "BR"
FF - prefs.js..browser.search.region: "BR"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:41.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon\ [2015/11/30 20:03:29 | 000,000,000 | ---D | M]

[2015/10/14 00:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions
[2015/10/24 18:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\hnmskpvx.default\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeipmiijcbhplgelhaoohblpmblldidb\0.0.0.1_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.5.4.11_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe\1.1.3_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd\0.82_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl\1.0.9_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2009/06/10 19:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de Programas\Norton 360\Engine\22.5.5.15\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de Programas\Norton 360\Engine\22.5.5.15\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Diebold - Warsaw] C:\Arquivos de Programas\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de Programas\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000..\Run: [GoogleChromeAutoLaunch_17E89F440D584F67E92EAD2E51C3A3A4] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Arquivos de Programas\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Arquivos de Programas\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..Trusted Domains: bancobrasil.com.br ([www14] https in Sites confiáveis)
O15 - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..Trusted Domains: bancobrasil.com.br ([www2] https in Sites confiáveis)
O15 - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..Trusted Domains: bb.com.br ([seg] https in Sites confiáveis)
O15 - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..Trusted Domains: bb.com.br ([www] http in Sites confiáveis)
O15 - HKU\S-1-5-21-4181277171-1131437454-2992049158-1000\..Trusted Domains: google.com.br ([www] https in Sites confiáveis)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 158.255.6.12 158.255.6.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1561E63-89CC-4526-945C-810F8D3726E8}: DhcpNameServer = 158.255.6.12 158.255.6.126
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/12/11 16:03:12 | 000,113,272 | ---- | C] (GAS Tecnologia) -- C:\Windows\System32\drivers\wsddin32.sys
[2015/12/11 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Diagnostics
[2015/12/09 20:23:35 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Particular
[2015/12/03 21:05:29 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\CCC REC 4BIM
[2015/12/02 22:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2015/12/01 05:50:14 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Biblioteca
[2015/12/01 05:21:23 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Escolas
[2015/11/25 23:04:06 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\CEF
[2015/11/24 15:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2015/11/21 21:30:21 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Músicas Baixadas
[2015/11/21 21:28:51 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\My Shared Folder
[2015/11/21 21:28:46 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Ares
[2015/11/21 21:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2015/11/21 21:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ares
[2015/11/18 23:09:20 | 000,080,728 | ---- | C] (GAS Tecnologia) -- C:\Windows\System32\drivers\wsddfac.sys
[2015/11/18 23:09:20 | 000,079,064 | ---- | C] (GAS Tecnologia) -- C:\Windows\System32\drivers\wsddpp.sys
[2015/11/17 17:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
[2015/11/17 17:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Free PDF to Word Doc Converter
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/12/12 02:58:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/12 02:56:52 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/12/12 02:56:52 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/12/12 02:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/12/12 00:58:01 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/11 22:18:40 | 000,705,268 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2015/12/11 22:18:40 | 000,653,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/12/11 22:18:40 | 000,147,108 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2015/12/11 22:18:40 | 000,121,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/12/11 22:14:03 | 000,080,728 | ---- | M] (GAS Tecnologia) -- C:\Windows\System32\drivers\wsddfac.sys
[2015/12/11 22:14:03 | 000,001,956 | ---- | M] () -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 1510 series.lnk
[2015/12/11 22:13:13 | 2211,397,632 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/11 14:54:42 | 000,201,651 | ---- | M] () -- C:\Windows\System32\drivers\N360\1605050.00F\VT20151211.005
[2015/12/10 21:49:21 | 000,278,264 | ---- | M] () -- C:\Users\pc\Desktop\Comprovante de Inscrição para Atribuição 2016.jpg
[2015/12/10 17:00:41 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/09 03:42:04 | 000,408,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/12/09 00:30:13 | 002,137,562 | ---- | M] () -- C:\Windows\System32\drivers\N360\1605050.00F\Cat.DB
[2015/12/08 14:45:06 | 000,201,651 | ---- | M] () -- C:\Windows\System32\drivers\N360\1605050.00F\VT20151208.008
[2015/12/07 14:45:28 | 000,201,651 | ---- | M] () -- C:\Windows\System32\drivers\N360\1605050.00F\VT20151207.007
[2015/12/06 14:41:36 | 000,201,651 | ---- | M] () -- C:\Windows\System32\drivers\N360\1605050.00F\VT20151206.005
[2015/12/05 14:38:18 | 000,201,651 | ---- | M] () -- C:\Windows\System32\drivers\N360\1605050.00F\VT20151205.006
[2015/12/04 14:33:51 | 000,201,651 | ---- | M] () -- C:\Windows\System32\drivers\N360\1605050.00F\VT20151204.007
[2015/12/03 14:30:57 | 000,201,651 | ---- | M] () -- C:\Windows\System32\drivers\N360\1605050.00F\VT20151203.004
[2015/12/02 09:17:39 | 000,201,651 | ---- | M] () -- C:\Windows\System32\drivers\N360\1605050.00F\VT20151202.004
[2015/11/30 20:03:13 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360 Premier.LNK
[2015/11/24 15:04:32 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2015/11/24 11:04:26 | 000,113,272 | ---- | M] (GAS Tecnologia) -- C:\Windows\System32\drivers\wsddin32.sys
[2015/11/20 15:30:03 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\1605050.00F\isolate.ini
[2015/11/17 17:44:23 | 000,001,027 | ---- | M] () -- C:\Users\pc\Desktop\Free PDF to Word Doc Converter.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/12/10 21:49:20 | 000,278,264 | ---- | C] () -- C:\Users\pc\Desktop\Comprovante de Inscrição para Atribuição 2016.jpg
[2015/11/24 15:04:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[2015/11/24 15:04:32 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2015/11/17 17:44:23 | 000,001,027 | ---- | C] () -- C:\Users\pc\Desktop\Free PDF to Word Doc Converter.lnk
[2015/10/17 22:47:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2015/10/13 17:17:25 | 000,000,920 | ---- | C] () -- C:\Windows\MEPOR.INI
[2015/10/12 11:14:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2015/10/12 10:02:15 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2015/10/09 14:20:16 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2015/10/09 14:18:55 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2015/10/09 05:25:52 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 15:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2015/10/11 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\driveridentifier

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 8 bytes -> C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt
@Alternate Data Stream - 598 bytes -> C:\Windows\System32\drivers\wsddfac.sys:X5ZN8aGXs4
@Alternate Data Stream - 32 bytes -> C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:1D825A62_Bb.gbp
@Alternate Data Stream - 157 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

< End of report >

Publicité


Signaler le contenu de ce document

Publicité