OTL logfile created on: 08/05/2016 20:44:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eduardo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18230)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,88 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,42% Memory free
7,76 Gb Paging File | 5,31 Gb Available in Paging File | 68,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,38 Gb Total Space | 173,93 Gb Free Space | 62,26% Space Free | Partition Type: NTFS
Drive D: | 186,28 Gb Total Space | 133,77 Gb Free Space | 71,81% Space Free | Partition Type: NTFS
 
Computer Name: EDUARDO-PC | User Name: Eduardo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - File not found -- 
PRC - [2016/05/08 20:39:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe
PRC - [2016/04/22 20:27:48 | 000,252,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
PRC - [2016/04/22 03:02:14 | 000,303,016 | ---- | M] () -- C:\ProgramData\IHeeaWA\protect\protect.exe
PRC - [2016/04/22 03:02:10 | 001,031,592 | ---- | M] (The IHeeaWA Authors) -- C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe
PRC - [2016/04/21 23:39:39 | 000,369,488 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
PRC - [2016/04/21 23:36:41 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
PRC - [2016/04/21 23:36:40 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
PRC - [2016/02/20 17:36:42 | 005,359,032 | ---- | M] (Microsoft Corporation) -- C:\Users\Eduardo\AppData\Roaming\XBox\XBLive.exe
PRC - [2015/12/10 09:56:08 | 000,193,456 | ---- | M] () -- C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
PRC - [2015/08/20 01:37:02 | 030,027,264 | ---- | M] (Cloud NET Frameworks) -- C:\Users\Eduardo\AppData\Local\ZE5G1R0\UltraManager.exe
PRC - [2015/08/19 15:55:32 | 029,780,248 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2015/04/29 11:16:40 | 000,579,896 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2015/03/24 11:56:22 | 003,014,488 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
PRC - [2013/08/08 15:26:42 | 001,593,904 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Easy Settings\CmdServer\EasyLauncher.exe
PRC - [2013/08/08 15:26:34 | 000,085,040 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2013/08/08 15:26:20 | 002,624,560 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Easy Settings\sSettings.exe
PRC - [2013/05/28 14:07:36 | 000,277,488 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe
PRC - [2013/01/14 09:29:52 | 000,366,040 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2013/01/14 09:29:52 | 000,279,000 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/01/14 09:29:50 | 000,165,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2013/01/14 09:29:50 | 000,131,032 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2016/04/22 03:02:13 | 017,530,792 | ---- | M] () -- C:\Program Files (x86)\IHeeaWA\IHeeaWA\PepperFlash\pepflashplayer.dll
MOD - [2016/04/21 23:36:41 | 000,065,696 | ---- | M] () -- C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
MOD - [2016/04/21 23:36:39 | 000,179,200 | ---- | M] () -- C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
MOD - [2015/12/30 14:08:10 | 002,771,896 | ---- | M] () -- C:\ProgramData\System32\SafeGuard32.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2013/08/08 15:26:44 | 000,111,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\EasySettingsBase.dll
MOD - [2013/08/08 15:26:36 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\CmdServer\WinCRT.dll
MOD - [2013/08/08 15:26:24 | 000,060,976 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\EasyMovieEnhancer.dll
MOD - [2013/08/08 15:26:20 | 000,103,984 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\EasySettingsCmdClient.dll
MOD - [2013/08/08 15:26:12 | 000,027,184 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\EasySettingsAPI.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2016/04/22 03:02:14 | 000,303,016 | ---- | M] () [Auto | Running] -- C:\ProgramData\IHeeaWA\protect\protect.exe -- (IHeeaWA_protect)
SRV - [2016/04/22 03:02:13 | 000,473,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe -- (IHeeaWA_update)
SRV - [2016/04/21 23:36:41 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) [Auto | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe -- (iSafeService)
SRV - [2016/04/20 17:42:00 | 001,697,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\ProgramData\Windows Security\winsecurity.exe -- (WindowsSecurity)
SRV - [2016/03/03 21:33:41 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/02/20 17:36:42 | 005,359,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Users\Eduardo\AppData\Roaming\XBox\XBLive.exe -- (XBox)
SRV - [2016/01/14 10:59:02 | 002,945,312 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2015/12/13 22:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/12/10 09:56:08 | 000,193,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe -- (SkypeUpdateEx)
SRV - [2015/04/29 11:16:40 | 000,579,896 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2015/03/24 11:56:22 | 003,014,488 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService)
SRV - [2015/02/04 19:40:07 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2014/04/29 01:42:16 | 000,319,104 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 19:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/08/08 15:26:42 | 001,593,904 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2013/05/28 14:07:36 | 000,277,488 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/01/14 09:29:52 | 000,366,040 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2013/01/14 09:29:52 | 000,279,000 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/01/14 09:29:50 | 000,165,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/01/14 09:29:50 | 000,131,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/12/10 13:31:44 | 000,803,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV - [2012/12/10 13:31:28 | 000,732,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/01/09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2016/05/05 21:05:39 | 000,027,552 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2016/04/21 23:38:48 | 000,110,112 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys -- (iSafeKrnlKit)
DRV - [2016/04/20 10:14:55 | 000,019,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\EProtect_amd64.sys -- (egg_protect)
DRV - [2015/08/19 04:02:04 | 000,052,440 | ---- | M] (Elex do Brasil Participações Ltda) [File_System | System | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys -- (iSafeKrnlMon)
DRV - [2015/08/19 04:02:02 | 000,103,904 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Stopped] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys -- (iSafeKrnlR3)
DRV - [2015/05/14 00:50:13 | 000,260,856 | ---- | M] (Elex do Brasil Participações Ltda) [File_System | System | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys -- (iSafeKrnl)
DRV - [2014/10/31 17:55:02 | 000,024,792 | ---- | M] (GAS Tecnologia LTDA) [Kernel | On_Demand | Running] -- C:\PROGRA~2\GbPlugin\wsftprp64.sys -- (Warsaw_PP)
DRV - [2014/06/23 15:15:54 | 000,007,598 | ---- | M] (PROTEQ) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\Proteq.sys -- (Proteq)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nav.brotstation.com?uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com?q={searchTerms}&uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com?q={searchTerms}&uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nav.brotstation.com?uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKLM\..\SearchScopes,DefaultScope = {E921F400-D383-4B1B-9DE6-FCFCACFC1173}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nav.brotstation.com?uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com?q={searchTerms}&uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com?q={searchTerms}&uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nav.brotstation.com?uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nav.brotstation.com?uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com?q={searchTerms}&uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com?q={searchTerms}&uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nav.brotstation.com?uid={e20f23f9a2454001b627b28c37190d3b}&r=eg
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 2D 40 96 A4 4C D0 01  [binary data]
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = F3 72 B6 7D ED A6 D1 01  [binary data]
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..\SearchScopes,DefaultScope = {2f23ab71-4ac6-41f2-a955-ea576e553146}
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE08
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost:8092
IE - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080;https=127.0.0.1:8080
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.countryCode: "BR"
FF - prefs.js..browser.search.region: "BR"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.8.141\npMcAfeeMss.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb64:  File not found
 
 
[2015/11/03 20:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\Extensions
[2016/04/10 17:50:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\Firefox\Profiles\41A66E7E5EE1\extensions
[2016/04/10 17:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions
[2016/03/09 01:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\Firefox\Profiles\imqld5ji.default\extensions
[2016/04/09 04:08:05 | 000,331,500 | ---- | M] () (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\41A66E7E5EE1\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
[2016/03/09 01:24:46 | 001,013,992 | ---- | M] () (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\41A66E7E5EE1\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/04/09 04:08:05 | 000,331,500 | ---- | M] () (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
[2016/03/09 01:24:46 | 001,013,992 | ---- | M] () (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/03/09 01:24:46 | 001,013,992 | ---- | M] () (No name found) -- C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\imqld5ji.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/12/17 20:58:55 | 000,000,674 | ---- | M] () -- C:\Users\Eduardo\AppData\Roaming\mozilla\firefox\profiles\imqld5ji.default\searchplugins\navegaki.xml
[2016/03/09 01:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR\SAFFPLG.XPI
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - Extension: No name found = C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\
CHR - Extension: No name found = C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibbhkjoamnfmpcilggihmfeebhienpea\1.0_0\
CHR - Extension: No name found = C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njmbjnbcmjicocnmfjelmfdfkkcecebm\1.1.2_0\
CHR - Extension: No name found = C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2016/05/05 19:15:19 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000..\Run: [UltraManager] C:\Users\Eduardo\AppData\Local\ZE5G1R0\UltraManager.exe (Cloud NET Frameworks)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Atheros Communications)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O7 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\ProgramData\System32\SafeGuard32.dll ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: bb.com.br ([seg] https in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: bb.com.br ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: drp.su ([update] http in Local intranet)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: drp.su ([update] https in Local intranet)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: drp.su ([update-test2] http in Local intranet)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: drp.su ([update-test2] https in Local intranet)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: itau.com.br ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: itau.com.br ([bankline] * in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: itau.com.br ([bankline] https in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: itau.com.br ([clickbanking] * in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: itau.com.br ([clickbanking] https in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: itau.com.br ([guardiao] * in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: itau.com.br ([guardiao] https in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: itau.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: itau.com.br ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: itau.com.br ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3129407853-3164131212-2012958777-1000\..Trusted Domains: itaupersonnalite.com.br ([www] http in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29611349-F18B-4CCA-836D-DCDAB5A3EE4E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95643A8E-5F9C-4239-A8D4-B8CAF525BD76}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files (x86)\GbPlugin\gbiehUni.dll) - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7ba9d36e-2cb8-11e5-8e3d-24f5aa63ca4f}\Shell - "" = AutoRun
O33 - MountPoints2\{7ba9d36e-2cb8-11e5-8e3d-24f5aa63ca4f}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O33 - MountPoints2\{7beb514b-685b-11e5-aa80-24f5aa5a03ed}\Shell - "" = AutoRun
O33 - MountPoints2\{7beb514b-685b-11e5-aa80-24f5aa5a03ed}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{ac9e0b2e-0dd2-11e5-9eda-24f5aa63ca4f}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9e0b2e-0dd2-11e5-9eda-24f5aa63ca4f}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2016/05/08 20:39:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe
[2016/05/07 13:41:27 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2016/05/07 11:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SlimWare Utilities, Inc
[2016/05/07 11:49:20 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\SlimWare Utilities Inc
[2016/05/07 11:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2016/05/07 11:48:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2016/05/06 18:23:37 | 000,000,000 | ---D | C] -- C:\d12ba7b23741f1ab7a57
[2016/05/06 12:08:29 | 000,000,000 | ---D | C] -- C:\c31d846ab06aaaa7d4c601f1
[2016/05/05 23:25:46 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\Synaptics
[2016/05/05 23:00:57 | 000,000,000 | ---D | C] -- C:\perflogs
[2016/05/05 22:49:11 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\Elex-tech
[2016/05/05 22:40:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/05/05 22:33:27 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\Apple Computer
[2016/05/05 21:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2016/05/05 21:09:45 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2016/05/05 21:09:43 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\ProductData
[2016/05/05 21:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
[2016/05/05 21:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IObit
[2016/05/05 21:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2016/05/05 21:06:09 | 000,000,000 | ---D | C] -- C:\Windows\IObit
[2016/05/05 21:05:39 | 000,027,552 | ---- | C] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
[2016/05/05 18:58:02 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\DRPSu
[2016/04/24 13:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2016/04/24 13:14:05 | 000,000,000 | ---D | C] -- C:\Quarantine
[2016/04/24 10:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2016/04/24 10:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2016/04/23 22:41:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\GPBAK
[2016/04/22 13:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elex-tech
[2016/04/22 13:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\IHeeaWA
[2016/04/22 13:09:55 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\IHeeaWA
[2016/04/22 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\IHeeaWA
[2016/04/22 13:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IHeeaWA
[2016/04/20 10:20:16 | 000,000,000 | R--D | C] -- C:\Users\Eduardo\Desktop\Daniel
[2016/04/20 10:17:46 | 000,000,000 | R--D | C] -- C:\Users\Eduardo\Desktop\j
[2016/04/15 22:13:27 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\Application Data
[2016/04/15 12:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2016/04/13 00:06:20 | 000,000,000 | --SD | C] -- C:\Users\Eduardo\Documents\Minhas fontes de dados
[2016/04/10 21:54:24 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2016/04/10 17:45:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\dmp
[2 C:\Users\Eduardo\AppData\Roaming\*.tmp files -> C:\Users\Eduardo\AppData\Roaming\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2016/05/08 20:45:54 | 004,194,304 | ---- | M] () -- C:\Users\Eduardo\ntuser.dat
[2016/05/08 20:39:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe
[2016/05/08 20:33:05 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/05/08 20:32:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/05/08 20:28:56 | 000,001,752 | ---- | M] () -- C:\Google Chrome.lnk
[2016/05/08 20:23:56 | 000,000,034 | ---- | M] () -- C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
[2016/05/08 20:20:20 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2016/05/08 20:18:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2016/05/08 20:18:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/05/08 20:18:31 | 4165,050,368 | -HS- | M] () -- C:\hiberfil.sys
[2016/05/07 15:23:09 | 000,136,594 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/05/07 15:16:03 | 001,947,195 | -H-- | M] () -- C:\Users\Eduardo\AppData\Local\IconCache.db
[2016/05/07 14:16:20 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - Eduardo).job
[2016/05/05 23:11:39 | 000,007,600 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Resmon.ResmonCfg
[2016/05/05 21:43:35 | 000,060,416 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
[2016/05/05 21:43:33 | 000,280,064 | ---- | M] () -- C:\Windows\SysWow64\igdmd32.dll
[2016/05/05 21:43:32 | 000,142,848 | ---- | M] () -- C:\Windows\SysWow64\igdail32.dll
[2016/05/05 21:05:39 | 000,027,552 | ---- | M] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
[2016/05/05 19:45:27 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{b6e1c5cc-1311-11e6-b4ed-24f5aa5a03ed}.TMContainer00000000000000000002.regtrans-ms
[2016/05/05 19:45:27 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{b6e1c5cc-1311-11e6-b4ed-24f5aa5a03ed}.TMContainer00000000000000000001.regtrans-ms
[2016/05/05 19:45:27 | 000,262,144 | ---- | M] () -- C:\ProgramData\NTUSER.DAT
[2016/05/05 19:45:27 | 000,065,536 | -HS- | M] () -- C:\ProgramData\NTUSER.DAT{b6e1c5cc-1311-11e6-b4ed-24f5aa5a03ed}.TM.blf
[2016/05/05 19:32:40 | 000,524,288 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat{d0820d63-130f-11e6-a2ca-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2016/05/05 19:32:40 | 000,524,288 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat{d0820d63-130f-11e6-a2ca-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2016/05/05 19:32:40 | 000,065,536 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat{d0820d63-130f-11e6-a2ca-806e6f6e6963}.TM.blf
[2016/05/05 19:21:58 | 004,194,304 | -HS- | M] () -- C:\Users\Eduardo\ntuser.dat.bak
[2016/05/05 15:26:01 | 000,723,671 | ---- | M] () -- C:\Users\Eduardo\Desktop\A PLATAFORMA ARDUÍNO E SUAS APLICAÇÕES.pdf
[2016/05/05 14:32:17 | 002,639,822 | ---- | M] () -- C:\Users\Eduardo\Desktop\Tese_Caio_Augustus_Morais_Bolzani.pdf
[2016/05/03 10:12:26 | 000,000,288 | ---- | M] () -- C:\Users\Eduardo\AppData\Roaming\.backup.dm
[2016/04/24 09:27:11 | 000,073,728 | ---- | M] () -- C:\Windows\SysWow64\tasks.dll
[2016/04/23 22:42:34 | 000,002,588 | ---- | M] () -- C:\Windows\unins000.dat
[2016/04/23 22:42:30 | 000,707,354 | ---- | M] () -- C:\Windows\unins000.exe
[2016/04/23 11:36:33 | 000,170,432 | ---- | M] () -- C:\Users\Eduardo\Desktop\Garage_marcos.dwg
[2016/04/22 20:19:36 | 000,000,001 | ---- | M] () -- C:\Windows\SysWow64\br.html
[2016/04/20 10:14:55 | 000,019,856 | ---- | M] () -- C:\Windows\EProtect_amd64.sys
[2016/04/17 15:56:01 | 000,018,360 | ---- | M] () -- C:\Users\Eduardo\Documents\Multiplex.pdsprj
[2016/04/17 15:35:55 | 000,000,393 | ---- | M] () -- C:\Users\Eduardo\Documents\Backup Of Multiplex.pdsbak
[2016/04/14 22:53:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2 C:\Users\Eduardo\AppData\Roaming\*.tmp files -> C:\Users\Eduardo\AppData\Roaming\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2016/05/07 12:31:07 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - Eduardo).job
[2016/05/07 11:49:24 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2016/05/05 21:56:50 | 001,947,195 | -H-- | C] () -- C:\Users\Eduardo\AppData\Local\IconCache.db
[2016/05/05 21:43:33 | 000,280,064 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2016/05/05 21:43:32 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2016/05/05 19:45:27 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUSER.DAT{b6e1c5cc-1311-11e6-b4ed-24f5aa5a03ed}.TMContainer00000000000000000002.regtrans-ms
[2016/05/05 19:45:27 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUSER.DAT{b6e1c5cc-1311-11e6-b4ed-24f5aa5a03ed}.TMContainer00000000000000000001.regtrans-ms
[2016/05/05 19:45:27 | 000,262,144 | ---- | C] () -- C:\ProgramData\NTUSER.DAT
[2016/05/05 19:45:27 | 000,065,536 | -HS- | C] () -- C:\ProgramData\NTUSER.DAT{b6e1c5cc-1311-11e6-b4ed-24f5aa5a03ed}.TM.blf
[2016/05/05 19:25:49 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{d0820d63-130f-11e6-a2ca-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2016/05/05 19:25:49 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{d0820d63-130f-11e6-a2ca-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2016/05/05 19:25:49 | 000,065,536 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{d0820d63-130f-11e6-a2ca-806e6f6e6963}.TM.blf
[2016/05/05 15:25:37 | 000,723,671 | ---- | C] () -- C:\Users\Eduardo\Desktop\A PLATAFORMA ARDUÍNO E SUAS APLICAÇÕES.pdf
[2016/05/05 14:32:12 | 002,639,822 | ---- | C] () -- C:\Users\Eduardo\Desktop\Tese_Caio_Augustus_Morais_Bolzani.pdf
[2016/05/03 10:12:26 | 000,000,288 | ---- | C] () -- C:\Users\Eduardo\AppData\Roaming\.backup.dm
[2016/04/23 22:41:45 | 000,034,871 | ---- | C] () -- C:\Windows\SysWow64\gpedit.msc
[2016/04/23 22:41:41 | 000,707,354 | ---- | C] () -- C:\Windows\unins000.exe
[2016/04/23 22:41:41 | 000,002,588 | ---- | C] () -- C:\Windows\unins000.dat
[2016/04/23 14:32:51 | 000,001,752 | ---- | C] () -- C:\Google Chrome.lnk
[2016/04/22 13:09:52 | 000,002,112 | ---- | C] () -- C:\Users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2016/04/21 18:37:41 | 000,170,432 | ---- | C] () -- C:\Users\Eduardo\Desktop\Garage_marcos.dwg
[2016/04/17 15:35:55 | 000,018,360 | ---- | C] () -- C:\Users\Eduardo\Documents\Multiplex.pdsprj
[2016/04/17 15:35:55 | 000,000,393 | ---- | C] () -- C:\Users\Eduardo\Documents\Backup Of Multiplex.pdsbak
[2016/04/15 12:02:26 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\br.html
[2016/04/12 20:36:32 | 000,019,856 | ---- | C] () -- C:\Windows\EProtect_amd64.sys
[2016/02/16 12:55:41 | 000,016,984 | ---- | C] () -- C:\Windows\DelYAC_x64.sys
[2016/02/03 12:07:09 | 000,000,000 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\{679BC0DA-4054-4B30-8B0A-C04D8526A3C9}
[2016/01/20 09:22:40 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2016/01/20 08:07:36 | 000,000,025 | ---- | C] () -- C:\Windows\emcore.INI
[2015/12/03 10:06:30 | 000,015,464 | ---- | C] () -- C:\Windows\DelYac64.sys
[2015/11/24 21:57:04 | 000,000,182 | ---- | C] () -- C:\Users\Eduardo\AppData\Roaming\WB.CFG
[2015/10/27 14:25:54 | 000,094,720 | ---- | C] () -- C:\Users\Eduardo\AppData\Roaming\rp.dll
[2015/09/05 23:54:49 | 000,002,990 | ---- | C] () -- C:\Windows\HotFixList.ini
[2015/08/16 22:30:17 | 000,000,084 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\VG6AKSI.BIZ
[2015/08/16 22:30:02 | 000,000,000 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\B5S.dat
[2015/08/09 21:10:29 | 000,007,600 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\Resmon.ResmonCfg
[2015/07/15 16:13:16 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{6f414160-2b25-11e5-95c4-24f5aa63ca4f}.TMContainer00000000000000000002.regtrans-ms
[2015/07/15 16:13:16 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{6f414160-2b25-11e5-95c4-24f5aa63ca4f}.TMContainer00000000000000000001.regtrans-ms
[2015/07/15 16:13:16 | 000,065,536 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{6f414160-2b25-11e5-95c4-24f5aa63ca4f}.TM.blf
[2015/06/03 23:50:43 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{85a5a93b-0a61-11e5-b7ae-24f5aa63ca4f}.TMContainer00000000000000000002.regtrans-ms
[2015/06/03 23:50:43 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{85a5a93b-0a61-11e5-b7ae-24f5aa63ca4f}.TMContainer00000000000000000001.regtrans-ms
[2015/06/03 23:50:43 | 000,065,536 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat{85a5a93b-0a61-11e5-b7ae-24f5aa63ca4f}.TM.blf
[2015/05/13 11:56:30 | 000,105,423 | ---- | C] () -- C:\Users\Eduardo\Fluxo_Carga.pdf
[2015/05/07 08:14:04 | 001,068,612 | ---- | C] () -- C:\Users\Eduardo\08_Interface.pdf
[2015/05/06 17:00:18 | 000,507,889 | ---- | C] () -- C:\Users\Eduardo\01_104629.pdf
[2015/05/05 07:56:50 | 002,425,406 | ---- | C] () -- C:\Users\Eduardo\EAP DISCIPLINA2.jpg
[2015/05/05 07:56:41 | 001,980,381 | ---- | C] () -- C:\Users\Eduardo\EAP DISCIPLINA.jpg
[2015/05/05 07:56:36 | 001,847,669 | ---- | C] () -- C:\Users\Eduardo\INTRODUCAO1.jpg
[2015/05/05 07:56:32 | 001,882,109 | ---- | C] () -- C:\Users\Eduardo\INTRODUCAO2.jpg
[2015/04/30 09:56:34 | 000,000,936 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/04/17 08:45:54 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2015/04/17 08:45:53 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[2015/04/14 10:42:10 | 000,000,095 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\fusioncache.dat
[2015/04/14 10:39:24 | 000,136,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/03/28 10:28:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\tasks.dll
[2015/02/04 19:30:13 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2015/02/04 19:22:28 | 000,142,376 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\GDIPFONTCACHEV1.DAT
[2015/02/04 19:08:41 | 004,194,304 | -HS- | C] () -- C:\Users\Eduardo\ntuser.dat.bak
[2015/02/04 19:08:41 | 004,194,304 | ---- | C] () -- C:\Users\Eduardo\ntuser.dat
[2015/02/04 19:08:41 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2015/02/04 19:08:41 | 000,524,288 | -HS- | C] () -- C:\Users\Eduardo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2015/02/04 19:08:41 | 000,065,536 | -HS- | C] () -- C:\Users\Eduardo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2015/02/04 19:08:41 | 000,000,020 | -HS- | C] () -- C:\Users\Eduardo\ntuser.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 15:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 14:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >[/color]
"DefaultConnectionSettings" = 46 00 00 00 DB 10 00 00 03 00 00 00 28 00 00 00 68 74 74 70 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 3B 68 74 74 70 73 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 15 00 00 00 68 74 74 70 3A 2F 2F 6C 6F 63 61 6C 68 6F 73 74 3A 38 30 39 32 00 00 00 00 00 00 00 00 00 00 00 00 E0 2A 60 2B 31 5C D0 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 B2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 0C 22 00 00 03 00 00 00 28 00 00 00 68 74 74 70 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 3B 68 74 74 70 73 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 15 00 00 00 68 74 74 70 3A 2F 2F 6C 6F 63 61 6C 68 6F 73 74 3A 38 30 39 32 00 00 00 00 00 00 00 00 00 00 00 00 E0 2A 60 2B 31 5C D0 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 B2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt

< End of report >