cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 22/04/2016 12:20:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ricardo e Soila\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

5,97 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 54,39% Memory free
11,93 Gb Paging File | 8,72 Gb Available in Paging File | 73,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,99 Gb Total Space | 350,71 Gb Free Space | 76,91% Space Free | Partition Type: NTFS
Drive F: | 9,77 Gb Total Space | 2,61 Gb Free Space | 26,74% Space Free | Partition Type: NTFS

Computer Name: RICARDOESOILA | User Name: Ricardo e Soila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2016/04/22 12:17:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ricardo e Soila\Desktop\OTL.exe
PRC - [2016/03/27 04:59:05 | 000,874,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2016/03/21 15:10:12 | 000,167,352 | ---- | M] (skype.cog.cc) -- C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
PRC - [2016/03/17 13:18:18 | 000,466,504 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2016/03/17 13:11:18 | 000,466,504 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2016/03/17 13:11:09 | 000,807,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2016/03/17 13:08:26 | 001,167,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
PRC - [2016/02/27 10:12:52 | 005,906,904 | ---- | M] (Microsoft Corporation) -- C:\Users\Ricardo e Soila\AppData\Roaming\XBox\XBLive.exe
PRC - [2016/01/27 17:08:48 | 000,139,928 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
PRC - [2016/01/27 17:04:30 | 000,260,456 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
PRC - [2015/12/13 22:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/09/22 19:15:14 | 000,593,120 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2014/10/31 16:38:40 | 002,072,928 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2012/07/31 11:16:30 | 001,057,920 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2016/04/11 07:21:16 | 002,771,896 | ---- | M] () -- C:\ProgramData\System32\SafeGuard32.dll
MOD - [2016/04/08 13:53:34 | 017,532,096 | ---- | M] () -- C:\Users\Ricardo e Soila\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll
MOD - [2016/03/04 15:51:12 | 000,732,160 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\chrome_elf_wk.dll
MOD - [2016/03/04 15:51:02 | 000,096,768 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\chrome_elf.dll
MOD - [2015/02/22 11:59:24 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dll
MOD - [2015/02/22 11:59:21 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7950655216951a291ff375b54d5e33fd\System.Xml.Linq.ni.dll
MOD - [2015/02/22 11:58:36 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\df55f04bc0ebe6c1abde4bc467bf4d03\System.ServiceModel.Internals.ni.dll
MOD - [2015/02/22 11:58:30 | 019,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\ec19fdffa5eaea430a77160272ed897e\System.ServiceModel.ni.dll
MOD - [2015/02/22 11:58:10 | 002,785,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll
MOD - [2015/02/22 11:58:05 | 000,145,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\1346fe7d35b70702029e422970db1201\System.Numerics.ni.dll
MOD - [2015/02/22 11:58:00 | 002,956,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c37bcdac22f4bcd9531dfcc4b9ebda56\System.IdentityModel.ni.dll
MOD - [2015/02/22 11:57:37 | 002,505,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\fb1e17d7933d852614890b82126e6ab8\System.Data.Linq.ni.dll
MOD - [2015/02/22 11:57:17 | 000,985,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\bbb529c570850d761178b1a377b4d13c\System.ComponentModel.Composition.ni.dll
MOD - [2015/02/22 11:57:01 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\98e3281d79512c9a2a0a89e3bc2e554f\SMDiagnostics.ni.dll
MOD - [2015/02/22 11:56:53 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\dcf2b1a7011858156e5b759de2e5e598\PresentationFramework-SystemXml.ni.dll
MOD - [2015/02/22 11:56:53 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\877c3d0263392551522f9655dbf747b6\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2015/02/22 11:56:52 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\0dbb2348461d98c3319e8a3fa729eb68\PresentationFramework-SystemData.ni.dll
MOD - [2015/02/16 03:07:29 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll
MOD - [2015/02/16 03:07:21 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll
MOD - [2015/02/16 03:07:19 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll
MOD - [2015/02/16 03:07:06 | 000,641,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1aea3525c318ac7218966d7b91c52ff1\System.Transactions.ni.dll
MOD - [2015/02/16 03:07:05 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\ad2f6440da38a0dbae2df194782b35d1\System.ServiceProcess.ni.dll
MOD - [2015/02/16 03:07:01 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll
MOD - [2015/02/16 03:06:57 | 007,248,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9a6093eb864d6729de75ec4b955dddb1\System.Data.ni.dll
MOD - [2015/02/16 03:06:48 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll
MOD - [2015/02/16 03:06:47 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\e7d92730b571b31e62c2cf257f04a974\PresentationFramework.Aero.ni.dll
MOD - [2015/02/16 03:06:46 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll
MOD - [2015/02/16 03:06:25 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll
MOD - [2015/02/16 03:06:13 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll
MOD - [2015/02/16 03:06:07 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll
MOD - [2015/02/16 03:05:59 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll
MOD - [2015/02/16 03:05:50 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll
MOD - [2014/10/31 16:37:56 | 001,498,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
MOD - [2014/05/19 17:19:02 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2010/02/28 02:55:42 | 001,040,736 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012/05/17 00:00:00 | 000,144,560 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:[b]64bit:[/b] - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/04/20 17:42:00 | 001,697,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\ProgramData\Windows Security\winsecurity.exe -- (WindowsSecurity)
SRV - [2016/04/08 00:09:04 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/03/21 15:10:12 | 000,167,352 | ---- | M] (skype.cog.cc) [Auto | Running] -- C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe -- (SkypeUpdateEx)
SRV - [2016/03/17 13:18:18 | 000,466,504 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2016/03/17 13:13:10 | 001,424,880 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2016/03/17 13:11:46 | 000,955,736 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe -- (AntiVirMailService)
SRV - [2016/03/17 13:11:18 | 000,466,504 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2016/03/16 08:51:02 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe -- (NetExpress Updater)
SRV - [2016/02/27 10:12:52 | 005,906,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Users\Ricardo e Soila\AppData\Roaming\XBox\XBLive.exe -- (XBox)
SRV - [2016/01/27 17:04:30 | 000,260,456 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe -- (Avira.ServiceHost)
SRV - [2015/12/13 22:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/11/04 08:01:24 | 000,904,928 | ---- | M] (GAS Tecnologia LTDA) [Auto | Running] -- C:\Arquivos de Programas\Diebold\Warsaw\core.exe -- (Warsaw Technology)
SRV - [2015/09/22 19:15:14 | 000,593,120 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2014/04/30 16:33:52 | 000,337,776 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Arquivos de Programas\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV - [2013/04/15 05:00:02 | 000,152,640 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE -- (EPSON_PM_RPCV4_06)
SRV - [2012/07/17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/08/30 21:18:00 | 000,267,264 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Arquivos de Programas\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2016/04/22 11:21:44 | 000,101,080 | ---- | M] (GAS Tecnologia) [File_System | System | Running] -- C:\Windows\SysNative\drivers\wsddfac.sys -- (wsddfac)
DRV:[b]64bit:[/b] - [2016/03/17 13:19:53 | 000,154,816 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2016/03/17 13:19:53 | 000,133,168 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2016/03/17 13:19:53 | 000,069,888 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avnetflt.sys -- (avnetflt)
DRV:[b]64bit:[/b] - [2016/03/16 07:57:30 | 000,054,904 | ---- | M] (5u¡{¶[) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TSSKX64.sys -- (TSSKX64)
DRV:[b]64bit:[/b] - [2015/03/18 09:23:04 | 000,103,640 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wsddpp.sys -- (wsddpp)
DRV:[b]64bit:[/b] - [2015/02/16 02:26:47 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2014/11/27 08:22:01 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2011/11/17 15:11:52 | 000,145,424 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:[b]64bit:[/b] - [2011/02/08 04:01:01 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:[b]64bit:[/b] - [2010/11/02 14:48:38 | 001,103,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:[b]64bit:[/b] - [2010/08/30 21:18:00 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2010/08/27 17:28:44 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:[b]64bit:[/b] - [2009/09/02 11:54:00 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 20:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2009/07/10 06:45:00 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:[b]64bit:[/b] - [2009/06/10 17:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2016/04/20 08:22:39 | 000,019,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\EProtect_amd64.sys -- (egg_protect)
DRV - [2015/12/08 12:13:54 | 000,029,912 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GbPlugin\gbprcm64.sys -- (GBPRCM)
DRV - [2015/12/08 12:13:54 | 000,024,792 | ---- | M] (GAS Tecnologia LTDA) [Kernel | On_Demand | Running] -- C:\PROGRA~2\GbPlugin\wsftprp64.sys -- (Warsaw_PP)
DRV - [2015/07/07 15:06:58 | 000,038,104 | ---- | M] (Basil) [Kernel | Disabled | Running] -- C:\Arquivos de Programas\Diebold\Warsaw\WinDivert64.sys -- (WinDivert1.1)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=fd1a66a2e4073cc4edd46823d0f7afa4
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nav.brotstation.com?uid={4327a1ee9ffa45bba65df723fca42069}&r=eg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com?q={searchTerms}&uid={4327a1ee9ffa45bba65df723fca42069}&r=eg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com?q={searchTerms}&uid={4327a1ee9ffa45bba65df723fca42069}&r=eg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nav.brotstation.com?uid={4327a1ee9ffa45bba65df723fca42069}&r=eg
IE - HKLM\..\SearchScopes,DefaultScope = {E921F400-D383-4B1B-9DE6-FCFCACFC1173}
IE - HKLM\..\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}: "URL" = http://search.navegaki.com?q={searchTerms}&uid={4327a1ee9ffa45bba65df723fca42069}&r=eg
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.l114la.com
IE - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080;https=127.0.0.1:8080

[color=#E56717]========== FireFox ==========[/color]



FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.77.2: C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2: C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/abn: C:\Users\Ricardo e Soila\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/abn64: C:\Users\Ricardo e Soila\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: C:\Users\Ricardo e Soila\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef64: C:\Users\Ricardo e Soila\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\WSVCU@Wondershare.com: C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com\ [2015/02/16 02:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8874}: C:\Users\Ricardo e Soila\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2015/02/16 02:32:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D}: C:\Users\Ricardo e Soila\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015/02/16 03:13:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015/02/16 02:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\Extensions
[2016/04/06 21:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\Firefox\Profiles\41A66E7E5EE1\extensions
[2016/04/05 00:08:13 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\abs@avira.com
[2016/04/05 07:12:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions
[2016/04/05 07:12:58 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\abs@avira.com
[2016/03/20 23:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\Firefox\Profiles\k828lnm8.default\extensions
[2016/03/20 23:19:34 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\Firefox\Profiles\k828lnm8.default\extensions\abs@avira.com
[2016/04/03 03:00:08 | 001,656,045 | ---- | M] () (No name found) -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\firefox\profiles\41A66E7E5EE1\features\{df61561b-d08b-4a1d-9359-0348f6e5da25}\loop@mozilla.org.xpi
[2016/03/29 03:40:31 | 000,331,500 | ---- | M] () (No name found) -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\firefox\profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
[2016/04/03 03:00:08 | 001,656,045 | ---- | M] () (No name found) -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\firefox\profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\features\{df61561b-d08b-4a1d-9359-0348f6e5da25}\loop@mozilla.org.xpi
[2016/04/03 03:00:08 | 001,656,045 | ---- | M] () (No name found) -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\firefox\profiles\k828lnm8.default\features\{df61561b-d08b-4a1d-9359-0348f6e5da25}\loop@mozilla.org.xpi
[2016/04/05 07:13:21 | 000,000,639 | ---- | M] () -- C:\Users\Ricardo e Soila\AppData\Roaming\mozilla\firefox\profiles\k828lnm8.default\searchplugins\DD1B66D4.xml
[2016/04/20 02:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\Ricardo e Soila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Ricardo e Soila\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Ricardo e Soila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Ricardo e Soila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Ricardo e Soila\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.9.1_0\
CHR - Extension: No name found = C:\Users\Ricardo e Soila\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Ricardo e Soila\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgkppjgcfdbcllmehkoajkhjjpppocad\0.0.2_0\
CHR - Extension: No name found = C:\Users\Ricardo e Soila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Ricardo e Soila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2016/04/05 00:10:12 | 000,001,980 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 down.baidu2016.com
O1 - Hosts: 127.0.0.1 123.sogou.com
O1 - Hosts: 127.0.0.1 www.czzsyzgm.com
O1 - Hosts: 127.0.0.1 www.czzsyzxl.com
O1 - Hosts: 2 more lines...
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Wondershare Video Converter Ultimate 7.1.0) - {451C804F-C205-4F03-B48E-537EC94937BF} - C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Diebold - Warsaw] C:\Arquivos de Programas\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IDSCCOM0B8] "C:\Program Files\SpaceSoundPro\idsccom_0B8.exe" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Arquivos de Programas\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [apphide] C:\Program Files (x86)\badu\uc.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DelaypluginInstall] C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000..\Run: [apphide] C:\Program Files (x86)\badu\uc.exe File not found
O4 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" File not found
O4:[b]64bit:[/b] - HKLM..\RunOnce: [WINDOWS_SCREEN_MANAGER_UPDATER_1] C:\Arquivos de Programas\Windows Screen Manager\Windows screen manage updater.exe (Wizzservices)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ricardo e Soila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\ProgramData\System32\SafeGuard64.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\ProgramData\System32\SafeGuard32.dll ()
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)
O15 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\..Trusted Domains: caixa.gov.br ([imagem] https in Trusted sites)
O15 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\..Trusted Domains: caixa.gov.br ([imagem2] https in Trusted sites)
O15 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)
O15 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\..Trusted Domains: caixa.gov.br ([internetbanking] https in Trusted sites)
O15 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)
O15 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\..Trusted Domains: caixa.gov.br ([internetbankingpf] https in Trusted sites)
O15 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2899799009-2788180051-600185579-1000\..Trusted Domains: caixa.gov.br ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F028FF8-3AEB-48D8-AE83-0191B8234929}: DhcpNameServer = 177.128.64.3 177.128.64.12 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8880B075-5863-435A-9CC7-2BA7738CA2F0}: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8880B075-5863-435A-9CC7-2BA7738CA2F0}: NameServer = 208.67.222.222,208.67.220.220
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18 - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/04/22 12:17:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ricardo e Soila\Desktop\OTL.exe
[2016/04/22 10:51:18 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Local\Diagnostics
[2016/04/21 04:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Security
[2016/04/20 07:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SkypeUpdateEx
[2016/04/20 03:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplicativo Bradesco
[2016/04/20 03:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AppBrad
[2016/04/20 03:07:18 | 054,995,152 | ---- | C] (Copyright © 2015 Scopus Tecnologia Ltda. ) -- C:\Users\Ricardo e Soila\Documents\Instalador.exe
[2016/04/20 02:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/04/09 00:46:08 | 000,038,520 | ---- | C] (Tencent) -- C:\Windows\SysWow64\drivers\TS888x64.sys
[2016/04/09 00:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TXQMPC
[2016/04/09 00:07:04 | 000,054,904 | ---- | C] (5u¡{¶[) -- C:\Windows\SysNative\drivers\TSSKX64.sys
[2016/04/09 00:06:15 | 000,087,800 | ---- | C] (5u¡{¶[) -- C:\Windows\SysNative\drivers\TFsFltX64.sys
[2016/04/09 00:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent
[2016/04/09 00:04:58 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Roaming\Tencent
[2016/04/09 00:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Tencent
[2016/04/08 23:03:04 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Local\UCBrowser
[2016/04/05 16:09:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2016/04/05 07:53:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tools
[2016/04/05 07:20:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Guid
[2016/04/05 07:19:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu
[2016/04/05 07:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Screen Manager
[2016/04/05 03:04:48 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Roaming\FrivLauncher
[2016/04/05 01:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\System32
[2016/04/05 01:03:08 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Roaming\XBox
[2016/04/05 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMsg
[2016/04/05 00:08:03 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[2016/04/05 00:06:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\dmp
[2016/04/04 22:55:40 | 009,917,616 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\mkl_intel_thread.dll
[2016/04/04 22:55:39 | 012,708,016 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\mkl_def.dll
[2016/04/04 22:55:38 | 012,474,544 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\mkl_core.dll
[2016/04/04 22:55:38 | 000,529,072 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\libiomp5md.dll
[2016/04/04 22:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugIns
[2016/04/03 19:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST3
[2016/03/31 09:13:09 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Roaming\Voxengo
[2016/03/31 05:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2016/03/31 05:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2016/03/31 05:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2016/03/31 05:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2016/03/31 05:52:47 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Local\Apple
[2016/03/31 05:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2016/03/31 05:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2016/03/31 05:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
[2016/03/31 05:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IK Multimedia
[2016/03/31 05:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Roaming\InstallShield
[2016/03/31 04:14:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2016/03/30 02:09:17 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Roaming\IK Multimedia
[2016/03/30 01:34:35 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\Documents\IK Multimedia
[2016/03/29 19:45:08 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Roaming\REAPER
[2016/03/29 19:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
[2016/03/29 19:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
[2016/03/29 19:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\REAPER (x64)
[2016/03/29 03:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2016/03/28 23:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\Documents\Native Instruments
[2016/03/28 23:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Local\Native Instruments
[2016/03/28 23:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2016/03/28 23:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Avid
[2016/03/28 23:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Avid
[2016/03/28 23:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2016/03/28 23:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2016/03/28 23:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2016/03/27 23:09:06 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2016/03/27 23:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2016/03/25 05:25:23 | 000,000,000 | ---D | C] -- C:\Users\Ricardo e Soila\AppData\Local\Audacity
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/04/22 12:17:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ricardo e Soila\Desktop\OTL.exe
[2016/04/22 11:49:03 | 000,000,913 | ---- | M] () -- C:\Windows\tasks\EPSON XP-211 214 216 Series Update {8E8F69C2-2979-4007-AD43-019C0D9C5F9C}.job
[2016/04/22 11:49:03 | 000,000,727 | ---- | M] () -- C:\Windows\tasks\EPSON XP-211 214 216 Series Invitation {8E8F69C2-2979-4007-AD43-019C0D9C5F9C}.job
[2016/04/22 11:36:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/04/22 11:30:17 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/04/22 11:30:17 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/04/22 11:21:44 | 000,101,080 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\wsddfac.sys
[2016/04/22 11:21:21 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/04/22 11:21:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/04/22 11:21:05 | 509,480,959 | -HS- | M] () -- C:\hiberfil.sys
[2016/04/20 08:22:39 | 000,019,856 | ---- | M] () -- C:\Windows\EProtect_amd64.sys
[2016/04/20 03:17:21 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Bradesco.lnk
[2016/04/20 03:16:16 | 054,995,152 | ---- | M] (Copyright © 2015 Scopus Tecnologia Ltda. ) -- C:\Users\Ricardo e Soila\Documents\Instalador.exe
[2016/04/20 02:32:53 | 000,242,320 | ---- | M] () -- C:\Users\Ricardo e Soila\Documents\Firefox Setup Stub 45.0.2.exe
[2016/04/15 13:37:44 | 001,633,534 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/04/15 13:37:44 | 000,705,268 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2016/04/15 13:37:44 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/04/15 13:37:44 | 000,147,108 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2016/04/15 13:37:44 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/04/13 20:03:07 | 005,095,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/04/09 08:34:16 | 000,000,016 | ---- | M] () -- C:\ProgramData\autobk.inc
[2016/04/09 01:55:25 | 000,038,520 | ---- | M] (Tencent) -- C:\Windows\SysWow64\drivers\TS888x64.sys
[2016/04/09 00:08:13 | 000,005,120 | ---- | M] () -- C:\Users\Ricardo e Soila\AppData\Roaming\GiftBag.db
[2016/04/09 00:05:42 | 000,087,800 | ---- | M] (5u¡{¶[) -- C:\Windows\SysNative\drivers\TFsFltX64.sys
[2016/04/05 16:09:37 | 547,155,556 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2016/04/05 01:01:26 | 000,000,034 | -HS- | M] () -- C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
[2016/04/05 00:10:12 | 000,001,980 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hp.bak
[2016/04/05 00:10:12 | 000,001,980 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2016/04/04 21:17:00 | 000,384,389 | ---- | M] () -- C:\Users\Ricardo e Soila\Documents\Fatura.pdf
[2016/03/29 19:44:23 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\REAPER (x64).lnk
[2016/03/29 03:43:14 | 000,159,189 | ---- | M] () -- C:\Users\Ricardo e Soila\Documents\DAS-PGMEI-16434963000133.pdf
[2016/03/29 03:39:26 | 000,097,856 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2016/03/28 01:11:27 | 004,005,970 | ---- | M] () -- C:\Users\Ricardo e Soila\Documents\Sing Your Song For Me - Marko Saaresto (from Poets Of The Fall).wma
[2016/03/28 01:11:00 | 004,715,247 | ---- | M] () -- C:\Users\Ricardo e Soila\Documents\Poets Of The Fall-Tobacco Road.wma
[2016/03/28 01:10:44 | 006,357,026 | ---- | M] () -- C:\Users\Ricardo e Soila\Documents\Balance Slays the Demon.wma
[2016/03/28 01:10:16 | 007,035,184 | ---- | M] () -- C:\Users\Ricardo e Soila\Documents\Memórias.mp3
[2016/03/28 01:09:39 | 003,480,777 | ---- | M] () -- C:\Users\Ricardo e Soila\Documents\O Inferno vai Ter Que Esperar.mp3
[2016/03/28 01:09:26 | 004,346,827 | ---- | M] () -- C:\Users\Ricardo e Soila\Documents\The Sound of Winter.wma
[2016/03/28 01:09:16 | 003,745,753 | ---- | M] () -- C:\Users\Ricardo e Soila\Documents\Happy Ending Story.mp3
[2016/03/25 05:24:50 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/04/20 03:17:21 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Bradesco.lnk
[2016/04/20 02:32:53 | 000,242,320 | ---- | C] () -- C:\Users\Ricardo e Soila\Documents\Firefox Setup Stub 45.0.2.exe
[2016/04/09 00:08:12 | 000,005,120 | ---- | C] () -- C:\Users\Ricardo e Soila\AppData\Roaming\GiftBag.db
[2016/04/05 16:09:37 | 547,155,556 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2016/04/05 01:10:09 | 000,019,856 | ---- | C] () -- C:\Windows\EProtect_amd64.sys
[2016/04/05 01:01:26 | 000,000,034 | -HS- | C] () -- C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
[2016/04/04 21:17:00 | 000,384,389 | ---- | C] () -- C:\Users\Ricardo e Soila\Documents\Fatura.pdf
[2016/03/31 05:51:16 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmpliTube 3.lnk
[2016/03/30 02:09:18 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2016/03/29 19:44:23 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\REAPER (x64).lnk
[2016/03/29 03:43:14 | 000,159,189 | ---- | C] () -- C:\Users\Ricardo e Soila\Documents\DAS-PGMEI-16434963000133.pdf
[2016/03/28 01:07:30 | 004,715,247 | ---- | C] () -- C:\Users\Ricardo e Soila\Documents\Poets Of The Fall-Tobacco Road.wma
[2016/03/28 01:07:29 | 006,357,026 | ---- | C] () -- C:\Users\Ricardo e Soila\Documents\Balance Slays the Demon.wma
[2016/03/28 01:07:29 | 003,480,777 | ---- | C] () -- C:\Users\Ricardo e Soila\Documents\O Inferno vai Ter Que Esperar.mp3
[2016/03/28 01:07:28 | 007,035,184 | ---- | C] () -- C:\Users\Ricardo e Soila\Documents\Memórias.mp3
[2016/03/28 01:07:28 | 003,745,753 | ---- | C] () -- C:\Users\Ricardo e Soila\Documents\Happy Ending Story.mp3
[2016/03/28 01:07:27 | 004,346,827 | ---- | C] () -- C:\Users\Ricardo e Soila\Documents\The Sound of Winter.wma
[2016/03/28 01:07:27 | 004,005,970 | ---- | C] () -- C:\Users\Ricardo e Soila\Documents\Sing Your Song For Me - Marko Saaresto (from Poets Of The Fall).wma
[2016/03/28 01:07:27 | 003,624,706 | ---- | C] () -- C:\Users\Ricardo e Soila\Documents\Dying.mp3
[2015/10/09 14:29:12 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\cds005.dll
[2015/02/18 05:43:04 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\ssdevm.dll
[2015/02/16 03:59:02 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2015/02/16 03:59:01 | 000,655,872 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2015/02/16 03:59:01 | 000,240,128 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2015/02/16 03:59:00 | 000,218,712 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2015/02/16 03:58:58 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2015/02/16 03:13:29 | 000,018,029 | ---- | C] () -- C:\Users\Ricardo e Soila\AppData\Roaming\unins001.dat
[2015/02/16 02:56:42 | 001,598,992 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/02/16 02:29:27 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll
[2015/02/16 02:29:27 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\WSCM32.dll
[2015/02/16 02:27:52 | 000,035,853 | ---- | C] () -- C:\Users\Ricardo e Soila\AppData\Roaming\unins000.dat
[2015/02/16 02:11:36 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2015/02/16 02:09:17 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2015/02/16 02:09:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2015/02/16 02:09:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2015/02/16 02:09:09 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/13 22:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >[/color]
"DefaultConnectionSettings" = 46 00 00 00 0A 01 00 00 09 00 00 00 28 00 00 00 68 74 74 70 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 3B 68 74 74 70 73 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 50 BE CF B5 A6 9C D1 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 30 80 00 A0 58 98 83 EB 0C 00 00 00 CC 96 5F 00 CC 96 5F 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 F0 96 5F 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 02 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 02 00 00 00 C0 A8 00 9E 00 00 00 00 00 00 00 00 DA DA DA DA 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 9F 1D 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 68 97 5F 00 68 97 5F 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8C 97 5F 00 8C 97 5F 00 00 00 00 00 98 97 5F 00 98 97 5F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 B4 24 00 00 09 00 00 00 28 00 00 00 68 74 74 70 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 3B 68 74 74 70 73 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 50 BE CF B5 A6 9C D1 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 30 80 00 A0 58 98 83 EB 0C 00 00 00 CC 96 5F 00 CC 96 5F 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 F0 96 5F 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 02 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 02 00 00 00 C0 A8 00 9E 00 00 00 00 00 00 00 00 DA DA DA DA 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 9F 1D 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 68 97 5F 00 68 97 5F 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8C 97 5F 00 8C 97 5F 00 00 00 00 00 98 97 5F 00 98 97 5F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt

< End of report >

Publicité


Signaler le contenu de ce document

Publicité