Boa noite. Log do Oldtimer
Abraços!
OTS logfile created on: 09/12/2014 00:43:49 - Run 1
OTS by OldTimer - Version 3.1.47.2 Folder = C:\Users\User\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 262,94 Gb Free Space | 56,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Users\User\Desktop\OTS.exe -> [2014/12/09 00:41:40 | 000,646,656 | ---- | M] (OldTimer Tools)
netsession_win.exe -> C:\Users\User\AppData\Local\Akamai\netsession_win.exe -> [2014/10/29 23:25:46 | 004,673,432 | ---- | M] (Akamai Technologies, Inc.)
msmpeng.exe -> c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -> [2014/08/22 13:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation)
msseces.exe -> C:\Arquivos de Programas\Microsoft Security Client\msseces.exe -> [2014/08/22 13:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation)
gbpsv.exe -> C:\Arquivos de Programas\GbPlugin\gbpsv.exe -> [2014/07/21 12:23:58 | 000,546,104 | ---- | M] (GAS Tecnologia)
ipoint.exe -> c:\Arquivos de Programas\Microsoft Mouse and Keyboard Center\ipoint.exe -> [2013/05/13 15:33:02 | 001,693,904 | ---- | M] (Microsoft Corporation)
itype.exe -> c:\Arquivos de Programas\Microsoft Mouse and Keyboard Center\itype.exe -> [2013/05/13 15:33:02 | 001,113,296 | ---- | M] (Microsoft Corporation)
taskhost.exe -> C:\Windows\System32\taskhost.exe -> [2012/11/23 00:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation)
acrotray.exe -> C:\Arquivos de Programas\Adobe\Acrobat 10.0\Acrobat\acrotray.exe -> [2012/01/03 11:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.)
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
wmpnetwk.exe -> C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -> [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation)
psiservice_2.exe -> c:\Arquivos de Programas\Common Files\Protexis\License Service\PsiService_2.exe -> [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.)
[Modules - No Company Name]
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll -> [2014/10/23 08:44:08 | 001,593,344 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll -> [2014/10/23 08:43:48 | 007,991,808 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll -> [2014/09/11 17:19:01 | 011,497,984 | ---- | M] ()
office.odf -> C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF -> [2013/09/05 00:14:10 | 004,300,456 | ---- | M] ()
rarext.dll -> C:\Arquivos de Programas\WinRAR\RarExt.dll -> [2010/03/15 12:28:24 | 000,141,824 | ---- | M] ()
expshell.dll -> C:\Arquivos de Programas\ClamWin\bin\ExpShell.dll -> [2008/04/19 18:35:02 | 000,081,920 | ---- | M] ()
icclibdll.dll -> C:\Windows\System32\IccLibDll.dll -> [1999/12/31 22:00:00 | 000,094,208 | ---- | M] ()
[Win32 Services - Safe List]
(IEEtwCollectorService) Internet Explorer ETW Collector Service [On_Demand | Stopped] -> C:\Windows\System32\IEEtwCollector.exe -> [2014/09/18 22:50:15 | 000,108,032 | ---- | M] (Microsoft Corporation)
(MsMpSvc) Microsoft Antimalware Service [Unknown | Running] -> c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -> [2014/08/22 13:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation)
(NisSrv) Inspeção de Rede da Microsoft [Unknown | Stopped] -> c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -> [2014/08/22 13:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation)
(GbpSv) Gbp Service [Unknown | Running] -> C:\Arquivos de Programas\GbPlugin\gbpsv.exe -> [2014/07/21 12:23:58 | 000,546,104 | ---- | M] (GAS Tecnologia)
(McComponentHostService) McAfee Security Scan Component Host Service [On_Demand | Stopped] -> C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -> [2014/04/09 11:12:50 | 000,235,696 | ---- | M] (McAfee, Inc.)
(SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files\Skype\Updater\Updater.exe -> [2014/04/03 20:21:48 | 000,315,008 | ---- | M] (Skype Technologies)
(FlexNet Licensing Service) FlexNet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2014/03/05 13:50:21 | 001,064,312 | ---- | M] (Flexera Software LLC)
(Microsoft SharePoint Workspace Audit Service) Microsoft SharePoint Workspace Audit Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -> [2013/12/19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation)
(cphs) Intel(R) Content Protection HECI Service [On_Demand | Stopped] -> C:\Windows\System32\IntelCpHeciSvc.exe -> [2013/11/07 02:02:20 | 000,279,000 | ---- | M] (Intel Corporation)
(WinDefend) Windows Defender [On_Demand | Stopped] -> C:\Arquivos de Programas\Windows Defender\MpSvc.dll -> [2013/05/27 02:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation)
(WatAdminSvc) Serviço de Tecnologias de Ativação do Windows [Unknown | Stopped] -> C:\Windows\System32\Wat\WatAdminSvc.exe -> [2012/09/13 19:37:14 | 001,343,400 | ---- | M] (Microsoft Corporation)
(PSI_SVC_2) Protexis Licensing V2 [Auto | Running] -> c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.)
(SwitchBoard) Adobe SwitchBoard [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -> [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated)
(StorSvc) Serviço de Armazenamento [On_Demand | Stopped] -> C:\Windows\System32\StorSvc.dll -> [2009/07/13 23:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation)
(SensrSvc) Brilho Adaptável [On_Demand | Stopped] -> C:\Windows\System32\sensrsvc.dll -> [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation)
(PeerDistSvc) BranchCache [On_Demand | Stopped] -> C:\Windows\System32\PeerDistSvc.dll -> [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation)
(lxcz_device) lxcz_device [Disabled | Stopped] -> C:\Windows\System32\lxczcoms.exe -> [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( )
[Driver Services - Safe List]
(NisDrv) Microsoft Network Inspection System [Kernel | Unknown | Stopped] -> C:\Windows\System32\drivers\NisDrvWFP.sys -> [2014/07/17 19:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation)
(GbpKm) Gbp KernelMode [Kernel | Boot | Running] -> C:\Windows\system32\drivers\gbpkm.sys -> [2014/06/10 11:46:02 | 000,047,192 | ---- | M] (GAS Tecnologia)
(NdisrdMP) NdisrdMP [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\gbpndisrd.sys -> [2014/03/11 09:56:16 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver)
(Ndisrd) GAS Tecnologia Filter Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\gbpndisrdn.sys -> [2014/03/03 10:03:04 | 000,029,400 | ---- | M] (GAS Tecnologia)
(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\TsUsbFlt.sys -> [2013/10/01 22:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation)
(SWDUMon) SWDUMon [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\SWDUMon.sys -> [2012/09/13 10:46:19 | 000,013,024 | ---- | M] ()
(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\rdpvideominiport.sys -> [2012/08/23 12:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation)
(vmbus) Barramento da Máquina Virtual [Kernel | Boot | Running] -> C:\Windows\system32\drivers\vmbus.sys -> [2010/11/20 10:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation)
(storflt) Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco [Kernel | Boot | Running] -> C:\Windows\system32\drivers\vmstorfl.sys -> [2010/11/20 10:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation)
(storvsc) storvsc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\storvsc.sys -> [2010/11/20 10:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation)
(WinUsb) WinUsb [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\winusb.sys -> [2010/11/20 07:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation)
(VMBusHID) VMBusHID [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\VMBusHID.sys -> [2010/11/20 07:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation)
(s3cap) s3cap [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\vms3cap.sys -> [2010/11/20 07:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation)
(ss_bmdm) SAMSUNG USB Mobile Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ss_bmdm.sys -> [2009/09/19 05:30:10 | 000,123,648 | ---- | M] (MCCI Corporation)
(ss_bbus) SAMSUNG USB Mobile Device (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ss_bbus.sys -> [2009/09/19 05:30:10 | 000,098,432 | ---- | M] (MCCI)
(ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ss_bmdfl.sys -> [2009/09/19 05:30:10 | 000,014,848 | ---- | M] (MCCI Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> about:blank ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\] > -> ->
HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\: Main\\"Default_Page_URL" -> about:blank ->
HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\: Main\\"Start Page" -> http://www.google.com ->
HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\: "ProxyOverride" -> <local> ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2014/12/01 00:30:11 | 000,000,748 | ---- | M] - 20 lines) -> C:\Windows\System32\drivers\etc\hosts ->
Reset Hosts
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{C41A1C0E-EA6C-11D4-B1B8-444553540000} [HKLM] -> C:\Arquivos de Programas\GbPlugin\gbieh.dll [GbIehObj Class] -> [2014/07/31 18:37:00 | 001,754,664 | ---- | M] (Banco do Brasil)
{C41A1C0E-EA6C-11D4-B1B8-444553540008} [HKLM] -> C:\Arquivos de Programas\GbPlugin\gbiehuni.dll [GbIehObj Class] -> [2014/08/12 15:19:04 | 001,760,312 | ---- | M] (Banco Itaú Unibanco)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Acrobat Assistant 8.0" -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"] -> [2012/01/03 11:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.)
"AdobeAAMUpdater-1.0" -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe ["C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"] -> [2012/09/20 08:27:44 | 000,444,904 | ---- | M] (Adobe Systems Incorporated)
"AdobeCS6ServiceManager" -> C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe ["C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin] -> [2012/03/09 17:26:58 | 001,073,312 | ---- | M] (Adobe Systems Incorporated)
"BCSSync" -> C:\Program Files\Microsoft Office\Office14\BCSSync.exe ["C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices] -> [2012/11/05 16:27:46 | 000,089,184 | ---- | M] (Microsoft Corporation)
"ClamWin" -> C:\Program Files\ClamWin\bin\ClamTray.exe ["C:\Program Files\ClamWin\bin\ClamTray.exe" --logon] -> [2012/03/22 17:13:16 | 000,086,016 | ---- | M] (alch)
"MSC" -> c:\Program Files\Microsoft Security Client\msseces.exe ["c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2014/08/22 13:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation)
"SwitchBoard" -> C:\Arquivos de Programas\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe] -> [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/13 23:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/13 23:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\] > -> HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Akamai NetSession Interface" -> C:\Users\User\AppData\Local\Akamai\netsession_win.exe ["C:\Users\User\AppData\Local\Akamai\netsession_win.exe"] -> [2014/10/29 23:25:46 | 004,673,432 | ---- | M] (Akamai Technologies, Inc.)
"WindowexeAllkiller" -> [C:\Users\User\Desktop\WindowexeAllkiller.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [0] -> File not found
\\"ConsentPromptBehaviorUser" -> [3] -> File not found
\\"EnableLUA" -> [0] -> File not found
\\"PromptOnSecureDesktop" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000] > -> HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"" -> [] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000] > -> HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\] > -> HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Enviar para o OneNote -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105] -> [2013/08/12 20:47:30 | 000,645,336 | ---- | M] (Microsoft Corporation)
Append Link Target to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2012/01/03 11:10:56 | 000,339,872 | ---- | M] (Adobe Systems Incorporated)
E&xportar para o Microsoft Excel -> C:\Arquivos de Programas\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2007/05/31 14:41:06 | 010,352,472 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [Button: Enviar para o OneNote] -> [2013/08/12 20:47:30 | 000,645,336 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll [Menu: &Enviar para o OneNote] -> [2013/08/12 20:47:30 | 000,645,336 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Button: &Anotações Vinculadas do OneNote] -> [2013/03/09 01:04:08 | 000,498,376 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: &Anotações Vinculadas do OneNote] -> [2013/03/09 01:04:08 | 000,498,376 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Pesquisar] -> [2007/04/19 15:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\] > -> HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
www14_bancobrasil.com.br [https] -> Trusted sites ->
www2_bancobrasil.com.br [https] -> Trusted sites ->
seg_bb.com.br [https] -> Trusted sites ->
www_bb.com.br [http] -> Trusted sites ->
bankline_itau.com.br [https] -> Trusted sites ->
clickbanking_itau.com.br [https] -> Trusted sites ->
guardiao_itau.com.br [https] -> Trusted sites ->
www_itau.com.br [http] -> Trusted sites ->
www_itau.com.br [https] -> Trusted sites ->
www_itaupersonnalite.com.br [http] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\] > -> HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{CA21903E-D431-4025-9F75-F35355ADFD89}\\DhcpNameServer -> 192.168.0.1 (Realtek PCIe GBE Family Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> C:\Windows\System32\userinit.exe -> [2010/11/20 10:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009/07/13 23:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
GbPluginBb -> C:\Arquivos de Programas\GbPlugin\gbieh.dll -> [2014/07/31 18:37:00 | 001,754,664 | ---- | M] (Banco do Brasil)
GbPluginUni -> C:\Arquivos de Programas\GbPlugin\gbiehuni.dll -> [2014/08/12 15:19:04 | 001,760,312 | ---- | M] (Banco Itaú Unibanco)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2013/12/19 01:41:02 | 004,171,480 | ---- | M] (Microsoft Corporation)
"{E37CB5F0-51F5-4395-A808-5FA49E399008}" [HKLM] -> C:\Arquivos de Programas\GbPlugin\gbiehuni.dll [GbPlugin ShlObj] -> [2014/08/12 15:19:04 | 001,760,312 | ---- | M] (Banco Itaú Unibanco)
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}" [HKLM] -> C:\Arquivos de Programas\GbPlugin\gbieh.dll [GbPlugin ShlObj] -> [2014/07/31 18:37:00 | 001,754,664 | ---- | M] (Banco do Brasil)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> Driver de CD-ROM ->
"ImagePath" -> C:\Windows\system32\drivers\cdrom.sys [\SystemRoot\system32\drivers\cdrom.sys] -> [2010/11/20 06:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009/06/10 19:42:20 | 000,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{69d3b34a-fd9d-11e1-8b96-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69d3b34a-fd9d-11e1-8b96-806e6f6e6963}\shell\AutoRun\command
\{69d3b34a-fd9d-11e1-8b96-806e6f6e6963}\shell\AutoRun\command\\"" -> [E:\fscommand\LS_Start_Launch.cmd] -> File not found
\{69d3b34a-fd9d-11e1-8b96-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69d3b34a-fd9d-11e1-8b96-806e6f6e6963}\shell\Launcher\command
\{69d3b34a-fd9d-11e1-8b96-806e6f6e6963}\shell\Launcher\command\\"" -> [E:\fscommand\LS_Start_Launch.cmd] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.cpl [@ = cplfile] -> C:\Windows\System32\control.exe -> [2009/07/13 23:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)
.exe [@ = exefile] -> "%1" %* ->
.hlp [@ = hlpfile] -> C:\Windows\winhlp32.exe -> [2009/07/13 23:14:45 | 000,009,728 | ---- | M] (Microsoft Corporation)
.html [@ = SparkSafeHTML] -> Reg Error: Key error. -> File not found
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Classes\<extension>\ ->
.html [@ = SparkSafeHTML] -> Reg Error: Key error. -> File not found
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
FastUserSwitchingCompatibility -> -> File not found
Ias -> C:\Windows\System32\ias.dll -> [2009/07/13 23:15:26 | 000,019,456 | ---- | M] (Microsoft Corporation)
Nla -> -> File not found
Ntmssvc -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
SRService -> -> File not found
WmdmPmSp -> -> File not found
LogonHours -> -> File not found
PCAudit -> -> File not found
helpsvc -> -> File not found
uploadmgr -> -> File not found
*MultiFile Done* -> ->
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807573E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2012/10/31 13:21:48 | 000,049,776 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2005/09/20 13:33:58 | 000,843,984 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2005/09/20 13:33:58 | 000,843,984 | ---- | M] (Microsoft Corporation)
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll[HxProtocol Class] -> [2012/11/10 18:20:34 | 000,957,048 | ---- | M] (Microsoft Corporation)
mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> [2007/03/14 14:10:22 | 007,255,384 | ---- | M] (Microsoft Corporation)
mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\11\OWC11.DLL[Data Page Plugable Protocal mso-offdap11 Handler] -> [2007/05/10 14:45:34 | 008,069,464 | ---- | M] (Microsoft Corporation)
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll[IEProtocolHandler Class] -> [2014/05/02 13:46:36 | 002,399,872 | R--- | M] (Skype Technologies)
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"cval" -> [1] -> File not found
\\"AutoUpdateDisableNotify" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
\Svc\\"VistaSp1" -> Reg Error: Unknown registry data type [Reg Error: Unknown registry data type] -> File not found
\Svc\\"AntiVirusOverride" -> [0] -> File not found
\Svc\\"AntiSpywareOverride" -> [0] -> File not found
\Svc\\"FirewallOverride" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol\ -> ->
< Windows DomainProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
\\"DisableNotifications" -> [0] -> File not found
\\"EnableFirewall" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\ -> ->
< Windows StandardProfile Firewall Policy Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"DisableNotifications" -> [0] -> File not found
\\"EnableFirewall" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
knownfolder -> 0 = Computer (Not a Default Protocol) ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
@ivt -> @ivt protocol not assigned ->
file -> file protocol not assigned ->
ftp -> ftp protocol not assigned ->
http -> http protocol not assigned ->
https -> https protocol not assigned ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
@ivt -> @ivt protocol not assigned ->
file -> file protocol not assigned ->
ftp -> ftp protocol not assigned ->
http -> http protocol not assigned ->
https -> https protocol not assigned ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\] - Select to Repair > -> HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
knownfolder -> 0 = Computer (Not a Default Protocol) ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822} -> CorelDRAW Graphics Suite X6
_{B92076C0-C5FE-4DB1-AA8D-855430CDF098} -> Corel Graphics - Windows Shell Extension
_{C221B72F-C0AC-4DD7-B27E-701B1E9DE23A} -> CorelDRAW Graphics Suite X6 - Content
{0084B0C3-F376-42E3-804A-885D249282BD} -> CorelDRAW Graphics Suite X6 - IPM
{08D2E121-7F6A-43EB-97FD-629B44903403} -> Microsoft_VC90_CRT_x86
{107F27B7-8EE4-4B3A-9CE5-497B120369DC} -> Microsoft Security Client
{121634B0-2F4B-11D3-ADA3-00C04F52DD52} -> Windows Installer Clean Up
{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} -> Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} -> AdobeColorCommonSetRGB
{1C93D216-E9C1-4089-807F-D2E10ED1630E} -> CorelDRAW Graphics Suite X6 - EN
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7} -> Skype™ 6.22
{25D69CEE-3EE2-47FD-9A0E-5013240EC953} -> CorelDRAW Graphics Suite X6 - Common
{26A24AE4-039D-4CA4-87B4-2F83216024FF} -> Java(TM) 6 Update 24
{299C0434-4F4E-341F-A916-4E07AEB35E79} -> Microsoft Visual Studio Tools for Applications 2.0 Runtime
{31495D38-0A7A-3D27-845B-9210E6ED8CFE} -> Microsoft .NET Framework 4.5.1 (PTB)
{318FF3D7-0C40-483B-AF92-AF36416B0AC6} -> CorelDRAW Graphics Suite X6 - Writing Tools
{39F6E2B4-CFE8-C30A-66E8-489651F0F34C} -> Adobe Media Player
{45BEB6EA-E4DA-4796-8E3F-D817C0AB9D1D} -> CorelDRAW Graphics Suite X6 - FR
{461C0377-D2EC-4FB0-B038-847BC6455432}_is1 -> Legendas 3.0
{4903D172-DCCB-392F-93A3-34CA9D47FE3D} -> Microsoft .NET Framework 4.5.1
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{4F41AD68-89F2-4262-A32C-2F70B01FCE9E} -> Photo Story 3 for Windows
{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822} -> CorelDRAW Graphics Suite X6 - Setup Files
{579CA850-B2C3-43F3-A3F6-3A0AE42E8225} -> CorelDRAW Graphics Suite X6 - FontNav
{603C6570-2BA1-4FC6-8735-7EFA6D1F6F61} -> CorelDRAW Graphics Suite X6 - Custom Data
{62BEC144-7029-4BF4-B3F2-FA231FB9F84B} -> CorelDRAW Graphics Suite X6 - Redist
{63C24A08-70F3-4C8E-B9FB-9F21A903801D} -> Adobe Color Video Profiles CS CS4
{6F53FB68-6620-423E-B7CD-B8205655B421} -> CorelDRAW Graphics Suite X6 - PHOTO-PAINT
{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} -> Microsoft Visual C++ 2005 Redistributable
{74FA94F1-9566-4252-9372-E7EAFFEFE209} -> CorelDRAW Graphics Suite X6 - Capture
{7A2FF332-E4F6-4D87-9EBD-EDFF1216490F} -> CorelDRAW Graphics Suite X6 - Filters
{7CCD75BD-5528-4FE1-90D2-392D661A2BF1} -> CorelDRAW Graphics Suite X6 - VSTA
{80D0E22C-24CA-4CAA-A49A-991CC56D3A65} -> CorelDRAW Graphics Suite X6
{879E2460-18F9-48F2-B736-4E814A699504} -> CorelDRAW Graphics Suite X6 - VBA
{8833FFB6-5B0C-4764-81AA-06DFEED9A476} -> Realtek Ethernet Controller Driver
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{90120000-0070-0000-0000-4000000FF1CE} -> Microsoft Visual Basic for Applications 7.1 (x86)
{90140000-0011-0000-0000-0000000FF1CE} -> Microsoft Office Professional Plus 2010
{90140000-0015-0416-0000-0000000FF1CE} -> Microsoft Office Access MUI (Portuguese (Brazil)) 2010
{90140000-0016-0416-0000-0000000FF1CE} -> Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
{90140000-0018-0416-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
{90140000-0019-0416-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
{90140000-001A-0416-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
{90140000-001B-0416-0000-0000000FF1CE} -> Microsoft Office Word MUI (Portuguese (Brazil)) 2010
{90140000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2010
{90140000-001F-0416-0000-0000000FF1CE} -> Microsoft Office Proof (Portuguese (Brazil)) 2010
{90140000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2010
{90140000-002C-0416-0000-0000000FF1CE} -> Microsoft Office Proofing (Portuguese (Brazil)) 2010
{90140000-0044-0416-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
{90140000-006E-0416-0000-0000000FF1CE} -> Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
{90140000-00A1-0416-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
{90140000-00BA-0416-0000-0000000FF1CE} -> Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
{92D58719-BBC1-4CC3-A08B-56C9E884CC2C} -> Microsoft_VC80_CRT_x86
{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 -> Microsoft .NET Framework 4.5.1
{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046 -> Microsoft .NET Framework 4.5.1 (Português do Brasil)
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{9BE518E6-ECC6-35A9-88E4-87755C07200F} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
{9FE75E68-96A2-48F3-90AB-34E6B8C9989D} -> Central de Mouse e Teclado da Microsoft
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} -> Microsoft Visual Studio Tools for Applications 2.0 - ENU
{AC76BA86-1033-F400-7760-000000000005} -> Adobe Acrobat X Pro - English, Français, Deutsch
{AD47115F-4E26-4344-941A-10635B6E65ED} -> Microsoft Visual Basic for Applications 7.1 (x86) Portuguese (Brazil)
{AF37176A-78CA-545B-34EF-8B6A21514DD1} -> Adobe Help Manager
{B92076C0-C5FE-4DB1-AA8D-855430CDF098} -> Corel Graphics - Windows Shell Extension
{BAB89D31-4C55-472B-8909-6CBE2CC276B1} -> Microsoft Visual Basic for Applications 7.1 (x86) English
{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1} -> PDF Settings CS6
{C221B72F-C0AC-4DD7-B27E-701B1E9DE23A} -> CorelDRAW Graphics Suite X6 - Content
{C5262276-0075-498B-B80F-7D997482E4DB} -> CorelDRAW Graphics Suite X6 - Draw
{ce085a78-074e-4823-8dc1-8a721b94b76d} -> Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
{CFB770D7-8D43-1014-922B-CC2715FADE3F} -> Adobe InDesign CS6
{D4A17D31-2F7B-4682-AD57-467021452909} -> CorelDRAW Graphics Suite X6 - Photozoom Plugin
{D4EFC6B7-3DA5-400D-9682-9BE287A5440E} -> CorelDRAW Graphics Suite X6 - Connect
{DDFEB503-D662-4224-82C9-37A5698FDC25} -> CorelDRAW Graphics Suite X6 - VideoBrowser
{DF3C88FB-50BF-4C31-836F-5962DEFBD191} -> CorelDRAW Graphics Suite X6 - ES
{E44BD161-C6E2-4ADB-9545-BDD586D0E7BE} -> CorelDRAW Graphics Suite X6 - BR
{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1 -> FotoSketcher 2.60
{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0} -> Adobe Creative Suite 6 Master Collection
{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} -> Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} -> Intel(R) Processor Graphics
{FE23D063-934D-4829-A0D8-00634CE79B4A} -> Adobe AIR
Adobe AIR -> Adobe AIR
Adobe Digital Editions 3.0 -> Adobe Digital Editions 3.0
Adobe Flash Player ActiveX -> Adobe Flash Player 13 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 14 Plugin
aTube Catcher -> aTube Catcher
CCleaner -> CCleaner
chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Adobe Help Manager
ClamWin Free Antivirus_is1 -> ClamWin Free Antivirus 0.97.4
com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Adobe Media Player
Google Chrome -> Google Chrome
KLiteCodecPack_is1 -> K-Lite Mega Codec Pack 9.5.5
Lexmark 1200 Series -> Lexmark 1200 Series
Malwarebytes Anti-Malware_is1 -> Malwarebytes Anti-Malware versão 2.0.4.1028
McAfee Security Scan -> McAfee Security Scan Plus
Microsoft Mouse and Keyboard Center -> Central de Mouse e Teclado da Microsoft
Microsoft Security Client -> Microsoft Security Essentials
Office14.PROPLUS -> Microsoft Office Professional Plus 2010
Rainlendar2 -> Rainlendar2 (remove only)
Revo Uninstaller -> Revo Uninstaller 1.95
uTorrent -> µTorrent
WinRAR archiver -> Arquivo do WinRAR
ZHPDiag_is1 -> ZHPDiag 2014
< Uninstall List [HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\] > -> HKEY_USERS\S-1-5-21-2280996496-2547309230-2409872793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
Akamai -> Akamai NetSession Interface
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 03/12/2014 09:25:47 Computer Name = User-PC | Source = VSS | ID = 8194 -> Description =
Application [ Error ] 03/12/2014 15:27:00 Computer Name = User-PC | Source = ESENT | ID = 623 -> Description = wuaueng.dll (1152) SUS20ClientDataStore: O armazenamento de versão desta instância (0) atingiu seu tamanho máximo de 32 Mb. É possível que uma transação de execução demorada esteja evitando a limpeza do armazenamento de versão e causando o seu aumento de tamanho. As atualizações serão rejeitadas até que a transação de execução demorada tenha sido completamente confirmada ou revertida. Provável transação de execução demorada: SessionId: 0x00FD0320 Contexto de sessão: 0x00000000 ThreadId do contexto de sessão: 0x00000468 Cleanup: 1
Application [ Error ] 04/12/2014 07:27:00 Computer Name = User-PC | Source = System Restore | ID = 8193 -> Description =
Application [ Error ] 04/12/2014 13:41:28 Computer Name = User-PC | Source = System Restore | ID = 8193 -> Description =
Application [ Error ] 08/12/2014 21:05:53 Computer Name = User-PC | Source = System Restore | ID = 8193 -> Description =
System [ Error ] 08/12/2014 21:02:43 Computer Name = User-PC | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 08/12/2014 21:02:46 Computer Name = User-PC | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 08/12/2014 21:02:46 Computer Name = User-PC | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 08/12/2014 21:02:46 Computer Name = User-PC | Source = Service Control Manager | ID = 7001 -> Description = O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068
System [ Error ] 08/12/2014 21:10:40 Computer Name = User-PC | Source = Service Control Manager | ID = 7030 -> Description = O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
System [ Error ] 08/12/2014 21:10:40 Computer Name = User-PC | Source = Service Control Manager | ID = 7030 -> Description = O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
System [ Error ] 08/12/2014 21:10:40 Computer Name = User-PC | Source = Service Control Manager | ID = 7030 -> Description = O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
System [ Error ] 08/12/2014 21:10:41 Computer Name = User-PC | Source = Service Control Manager | ID = 7030 -> Description = O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
System [ Error ] 08/12/2014 21:10:41 Computer Name = User-PC | Source = Service Control Manager | ID = 7030 -> Description = O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
System [ Error ] 08/12/2014 21:20:40 Computer Name = User-PC | Source = Service Control Manager | ID = 7000 -> Description = Não foi possível iniciar o serviço adfs devido ao seguinte erro: %%2
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\User\Desktop\OTS.exe -> [2014/12/09 00:41:37 | 000,646,656 | ---- | C] (OldTimer Tools)
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2014/12/08 23:21:00 | 000,000,000 | -HSD | C]
Temp -> C:\Windows\Temp -> [2014/12/08 23:13:07 | 000,000,000 | ---D | C]
Temp -> C:\Users\User\AppData\Local\Temp -> [2014/12/08 23:13:07 | 000,000,000 | ---D | C]
Media Player Classic -> C:\Users\User\AppData\Roaming\Media Player Classic -> [2014/12/08 19:48:32 | 000,000,000 | ---D | C]
limpeza -> C:\Users\User\Desktop\limpeza -> [2014/12/07 18:47:55 | 000,000,000 | ---D | C]
_OTM -> C:\_OTM -> [2014/12/06 10:12:17 | 000,000,000 | ---D | C]
zoek_backup -> C:\zoek_backup -> [2014/12/04 09:21:50 | 000,000,000 | ---D | C]
Videos -> C:\Users\User\Videos -> [2014/12/03 19:31:02 | 000,000,000 | R--D | C]
Pictures -> C:\Users\User\Pictures -> [2014/12/03 19:31:02 | 000,000,000 | R--D | C]
FRST -> C:\FRST -> [2014/12/03 17:42:17 | 000,000,000 | ---D | C]
Prefetch -> C:\Windows\Prefetch -> [2014/12/03 11:28:57 | 000,000,000 | ---D | C]
MBAMSwissArmy.sys -> C:\Windows\System32\drivers\MBAMSwissArmy.sys -> [2014/12/02 21:07:24 | 000,114,904 | ---- | C] (Malwarebytes Corporation)
Malwarebytes Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware -> [2014/12/02 21:07:20 | 000,000,000 | ---D | C]
mbamchameleon.sys -> C:\Windows\System32\drivers\mbamchameleon.sys -> [2014/12/02 21:07:18 | 000,075,480 | ---- | C] (Malwarebytes Corporation)
mwac.sys -> C:\Windows\System32\drivers\mwac.sys -> [2014/12/02 21:07:18 | 000,051,928 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2014/12/02 21:07:18 | 000,023,256 | ---- | C] (Malwarebytes Corporation)
Malwarebytes Anti-Malware -> C:\Program Files\Malwarebytes Anti-Malware -> [2014/12/02 21:07:17 | 000,000,000 | ---D | C]
ERUNT -> C:\Windows\ERUNT -> [2014/12/02 20:05:37 | 000,000,000 | ---D | C]
Minhas paletas -> C:\Users\User\Documents\Minhas paletas -> [2014/12/02 00:35:30 | 000,000,000 | ---D | C]
Corel -> C:\Users\User\Documents\Corel -> [2014/12/02 00:35:17 | 000,000,000 | ---D | C]
Documents -> C:\Users\User\Documents -> [2014/12/01 19:05:04 | 000,000,000 | R--D | C]
Favorites -> C:\Users\User\Favorites -> [2014/12/01 00:12:47 | 000,000,000 | R--D | C]
VS Revo Group -> C:\Program Files\VS Revo Group -> [2014/11/30 23:56:58 | 000,000,000 | ---D | C]
Revo Uninstaller -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller -> [2014/11/30 23:56:58 | 000,000,000 | ---D | C]
inkscape -> C:\Users\User\AppData\Roaming\inkscape -> [2014/11/10 16:26:02 | 000,000,000 | ---D | C]
[Files/Folders - Modified Within 30 Days]
NTUSER.DAT -> C:\Users\User\NTUSER.DAT -> [2014/12/09 00:45:05 | 015,204,352 | -HS- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2014/12/09 00:43:00 | 000,001,058 | ---- | M] ()
OTS.exe -> C:\Users\User\Desktop\OTS.exe -> [2014/12/09 00:41:40 | 000,646,656 | ---- | M] (OldTimer Tools)
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2014/12/08 23:27:52 | 000,025,616 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2014/12/08 23:27:52 | 000,025,616 | -H-- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2014/12/08 23:20:52 | 000,001,054 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2014/12/08 23:20:40 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2014/12/08 23:20:29 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2014/12/08 23:20:24 | 2591,883,264 | -HS- | M] ()
zoek-delete.exe -> C:\Windows\zoek-delete.exe -> [2014/12/08 23:04:06 | 000,024,064 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2014/12/06 09:58:41 | 005,498,256 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT -> [2014/12/05 16:55:28 | 000,184,272 | ---- | M] ()
FontData.fdb -> C:\Windows\FontData.fdb -> [2014/12/05 13:51:22 | 000,141,779 | ---- | M] ()
ntuser.pol -> C:\ProgramData\ntuser.pol -> [2014/12/04 09:19:46 | 000,000,008 | RHS- | M] ()
MBAMSwissArmy.sys -> C:\Windows\System32\drivers\MBAMSwissArmy.sys -> [2014/12/02 22:49:31 | 000,114,904 | ---- | M] (Malwarebytes Corporation)
Wix.pdf -> C:\Users\User\Desktop\Wix.pdf -> [2014/12/02 01:43:45 | 000,126,572 | ---- | M] ()
.rnd -> C:\.rnd -> [2014/12/01 00:31:10 | 000,001,024 | ---- | M] ()
hosts -> C:\Windows\System32\drivers\etc\hosts -> [2014/12/01 00:30:11 | 000,000,748 | ---- | M] ()
local.cfg -> C:\Windows\System32\local.cfg -> [2014/11/21 15:45:47 | 000,000,047 | ---- | M] ()
mwac.sys -> C:\Windows\System32\drivers\mwac.sys -> [2014/11/21 06:14:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation)
mbamchameleon.sys -> C:\Windows\System32\drivers\mbamchameleon.sys -> [2014/11/21 06:14:10 | 000,075,480 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation)
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2014/11/12 13:33:51 | 001,635,826 | ---- | M] ()
prfh0416.dat -> C:\Windows\System32\prfh0416.dat -> [2014/11/12 13:33:51 | 000,705,798 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2014/11/12 13:33:51 | 000,654,254 | ---- | M] ()
prfc0416.dat -> C:\Windows\System32\prfc0416.dat -> [2014/11/12 13:33:51 | 000,147,638 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2014/11/12 13:33:51 | 000,122,126 | ---- | M] ()
recently-used.xbel -> C:\Users\User\AppData\Local\recently-used.xbel -> [2014/11/10 16:32:56 | 000,000,722 | ---- | M] ()
[Files - No Company Name]
zoek-delete.exe -> C:\Windows\zoek-delete.exe -> [2014/12/08 23:13:07 | 000,024,064 | ---- | C] ()
Wix.pdf -> C:\Users\User\Desktop\Wix.pdf -> [2014/12/02 01:43:45 | 000,126,572 | ---- | C] ()
local.cfg -> C:\Windows\System32\local.cfg -> [2014/11/18 09:07:40 | 000,000,047 | ---- | C] ()
recently-used.xbel -> C:\Users\User\AppData\Local\recently-used.xbel -> [2014/11/10 16:32:56 | 000,000,722 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2014/09/10 12:22:48 | 000,000,418 | ---- | C] ()
lp3codec32win.dll -> C:\Windows\System32\lp3codec32win.dll -> [2014/07/14 22:54:05 | 000,000,070 | ---- | C] ()
ntuser.pol -> C:\ProgramData\ntuser.pol -> [2014/01/31 13:28:09 | 000,000,008 | RHS- | C] ()
lxczserv.dll -> C:\Windows\System32\lxczserv.dll -> [2013/12/27 16:16:03 | 001,224,704 | ---- | C] ( )
lxczusb1.dll -> C:\Windows\System32\lxczusb1.dll -> [2013/12/27 16:16:03 | 000,991,232 | ---- | C] ( )
lxczhbn3.dll -> C:\Windows\System32\lxczhbn3.dll -> [2013/12/27 16:16:03 | 000,696,320 | ---- | C] ( )
lxczcomc.dll -> C:\Windows\System32\lxczcomc.dll -> [2013/12/27 16:16:03 | 000,684,032 | ---- | C] ( )
lxczpmui.dll -> C:\Windows\System32\lxczpmui.dll -> [2013/12/27 16:16:03 | 000,643,072 | ---- | C] ( )
lxczlmpm.dll -> C:\Windows\System32\lxczlmpm.dll -> [2013/12/27 16:16:03 | 000,585,728 | ---- | C] ( )
lxczcoms.exe -> C:\Windows\System32\lxczcoms.exe -> [2013/12/27 16:16:03 | 000,537,520 | ---- | C] ( )
lxczcomm.dll -> C:\Windows\System32\lxczcomm.dll -> [2013/12/27 16:16:03 | 000,421,888 | ---- | C] ( )
lxczutil.dll -> C:\Windows\System32\lxczutil.dll -> [2013/12/27 16:16:03 | 000,413,696 | ---- | C] ()
lxczinpa.dll -> C:\Windows\System32\lxczinpa.dll -> [2013/12/27 16:16:03 | 000,413,696 | ---- | C] ( )
lxcziesc.dll -> C:\Windows\System32\lxcziesc.dll -> [2013/12/27 16:16:03 | 000,397,312 | ---- | C] ( )
lxczih.exe -> C:\Windows\System32\lxczih.exe -> [2013/12/27 16:16:03 | 000,385,968 | ---- | C] ( )
lxczcfg.exe -> C:\Windows\System32\lxczcfg.exe -> [2013/12/27 16:16:03 | 000,381,872 | ---- | C] ( )
LXCZhcp.dll -> C:\Windows\System32\LXCZhcp.dll -> [2013/12/27 16:16:03 | 000,323,584 | ---- | C] ( )
LXCZinst.dll -> C:\Windows\System32\LXCZinst.dll -> [2013/12/27 16:16:03 | 000,274,432 | ---- | C] ()
lxczprox.dll -> C:\Windows\System32\lxczprox.dll -> [2013/12/27 16:16:03 | 000,163,840 | ---- | C] ( )
lxczpplc.dll -> C:\Windows\System32\lxczpplc.dll -> [2013/12/27 16:16:03 | 000,094,208 | ---- | C] ( )
resmon.resmoncfg -> C:\Users\User\AppData\Local\resmon.resmoncfg -> [2013/12/20 16:40:41 | 000,000,017 | ---- | C] ()
IGFXDEVLib.dll -> C:\Windows\System32\IGFXDEVLib.dll -> [2013/11/07 02:02:16 | 000,009,728 | ---- | C] ( )
igdde32.dll -> C:\Windows\System32\igdde32.dll -> [2013/11/07 02:02:12 | 000,077,312 | ---- | C] ()
Adobe PNG Format CS6 Prefs -> C:\Users\User\AppData\Roaming\Adobe PNG Format CS6 Prefs -> [2013/10/31 16:42:48 | 000,000,132 | ---- | C] ()
ACCCx183.zip.aamdownload -> C:\Users\User\AppData\Local\ACCCx183.zip.aamdownload -> [2013/07/15 12:52:48 | 145,388,814 | ---- | C] ()
ACCCx183.zip.aamdownload.aamd -> C:\Users\User\AppData\Local\ACCCx183.zip.aamdownload.aamd -> [2013/07/15 12:52:48 | 000,001,726 | ---- | C] ()
igcodeckrng600.bin -> C:\Windows\System32\igcodeckrng600.bin -> [2012/12/14 03:02:20 | 000,963,452 | ---- | C] ()
GfxUI.exe.config -> C:\Windows\System32\GfxUI.exe.config -> [2012/12/14 03:02:20 | 000,000,268 | ---- | C] ()
igvpkrng600.bin -> C:\Windows\System32\igvpkrng600.bin -> [2012/12/14 03:02:16 | 000,272,928 | ---- | C] ()
xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2012/12/12 09:29:55 | 000,650,752 | ---- | C] ()
xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2012/12/12 09:29:55 | 000,243,200 | ---- | C] ()
lagarith.dll -> C:\Windows\System32\lagarith.dll -> [2012/12/12 09:29:55 | 000,216,064 | ---- | C] ( )
ff_vfw.dll -> C:\Windows\System32\ff_vfw.dll -> [2012/12/12 09:29:54 | 000,112,640 | ---- | C] ()
[File - Lop Check]
Autodesk -> C:\Users\User\AppData\Roaming\Autodesk -> [2014/04/12 12:02:38 | 000,000,000 | ---D | M]
chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> C:\Users\User\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> [2014/10/05 21:42:56 | 000,000,000 | ---D | M]
Dropbox -> C:\Users\User\AppData\Roaming\Dropbox -> [2013/12/23 16:00:37 | 000,000,000 | ---D | M]
FontCreator -> C:\Users\User\AppData\Roaming\FontCreator -> [2014/04/23 16:05:39 | 000,000,000 | ---D | M]
inkscape -> C:\Users\User\AppData\Roaming\inkscape -> [2014/11/17 09:00:24 | 000,000,000 | ---D | M]
StageManager.BD092818F67280F4B42B04877600987F0111B594.1 -> C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 -> [2012/09/14 11:05:28 | 000,000,000 | ---D | M]
uTorrent -> C:\Users\User\AppData\Roaming\uTorrent -> [2014/12/08 23:01:01 | 000,000,000 | ---D | M]
Windows Live Writer -> C:\Users\User\AppData\Roaming\Windows Live Writer -> [2012/09/13 18:53:03 | 000,000,000 | ---D | M]
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2014/10/14 13:31:20 | 000,032,608 | ---- | M] ()
[Custom Scans]
< %systemdrive%\*.* >
.rnd -> C:\.rnd -> [2014/12/01 00:31:10 | 000,001,024 | ---- | M] ()
autoexec.bat -> C:\autoexec.bat -> [2009/06/10 19:42:20 | 000,000,024 | ---- | M] ()
config.sys -> C:\config.sys -> [2009/06/10 19:42:20 | 000,000,010 | ---- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2014/12/08 23:20:24 | 2591,883,264 | -HS- | M] ()
lots.ini -> C:\lots.ini -> [2014/07/14 23:30:24 | 000,000,034 | ---- | M] ()
lxcz.log -> C:\lxcz.log -> [2014/12/08 23:01:20 | 000,036,260 | ---- | M] ()
pagefile.sys -> C:\pagefile.sys -> [2014/12/08 23:20:24 | 3455,844,352 | -HS- | M] ()
zoek-results.log -> C:\zoek-results.log -> [2014/12/08 23:20:52 | 000,005,975 | ---- | M] ()
zoek-results2014-12-04-113746.log -> C:\zoek-results2014-12-04-113746.log -> [2014/12/04 09:37:46 | 000,025,643 | ---- | M] ()
zoek-results2014-12-04-174128.log -> C:\zoek-results2014-12-04-174128.log -> [2014/12/04 15:41:28 | 000,000,436 | ---- | M] ()
< %systemdrive%\drivers\*.exe >
< %systemroot%\system32\drivers\*.* /90 >
mbam.sys -> C:\Windows\system32\drivers\mbam.sys -> [2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation)
mbamchameleon.sys -> C:\Windows\system32\drivers\mbamchameleon.sys -> [2014/11/21 06:14:10 | 000,075,480 | ---- | M] (Malwarebytes Corporation)
MBAMSwissArmy.sys -> C:\Windows\system32\drivers\MBAMSwissArmy.sys -> [2014/12/02 22:49:31 | 000,114,904 | ---- | M] (Malwarebytes Corporation)
mwac.sys -> C:\Windows\system32\drivers\mwac.sys -> [2014/11/21 06:14:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation)
< %programfiles%\*.* >
desktop.ini -> C:\Program Files\desktop.ini -> [2009/07/14 02:41:57 | 000,000,174 | -HS- | M] ()
< %localappdata%\*.exe >
< %localappdata%\*.txt >
< %localappdata%\*.ini >
< %localappdata%\*.dll >
< %localappdata%\*.dat >
GDIPFONTCACHEV1.DAT -> C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT -> [2014/12/05 16:55:28 | 000,184,272 | ---- | M] ()
< %userprofile%\*.exe >
< %userprofile%\*.txt >
< %userprofile%\*.ini >
ntuser.ini -> C:\Users\User\ntuser.ini -> [2012/09/12 18:19:06 | 000,000,020 | -HS- | M] ()
< %userprofile%\*.dll >
< %userprofile%\*.dat /30 >
NTUSER.DAT -> C:\Users\User\NTUSER.DAT -> [2014/12/09 00:45:05 | 015,204,352 | -HS- | M] ()
< %appdata%\*.* >
Adobe PNG Format CS6 Prefs -> C:\Users\User\AppData\Roaming\Adobe PNG Format CS6 Prefs -> [2014/05/13 16:01:13 | 000,000,132 | ---- | M] ()
< %systemroot%\system32\tasks\*.* >
CCleanerSkipUAC -> C:\Windows\system32\tasks\CCleanerSkipUAC -> [2013/12/26 14:56:47 | 000,002,770 | ---- | M] ()
GoogleUpdateTaskMachineCore -> C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore -> [2014/11/14 12:38:42 | 000,003,802 | ---- | M] ()
GoogleUpdateTaskMachineUA -> C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA -> [2014/11/14 12:38:50 | 000,004,054 | ---- | M] ()
Microsoft_Hardware_Launch_ipoint_exe -> C:\Windows\system32\tasks\Microsoft_Hardware_Launch_ipoint_exe -> [2013/12/10 09:39:22 | 000,003,092 | ---- | M] ()
Microsoft_Hardware_Launch_itype_exe -> C:\Windows\system32\tasks\Microsoft_Hardware_Launch_itype_exe -> [2013/12/10 09:39:21 | 000,003,090 | ---- | M] ()
Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> C:\Windows\system32\tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> [2013/12/10 09:39:25 | 000,003,118 | ---- | M] ()
Microsoft_MKC_Logon_Task_ipoint.exe -> C:\Windows\system32\tasks\Microsoft_MKC_Logon_Task_ipoint.exe -> [2013/12/10 09:39:19 | 000,003,062 | ---- | M] ()
Microsoft_MKC_Logon_Task_itype.exe -> C:\Windows\system32\tasks\Microsoft_MKC_Logon_Task_itype.exe -> [2013/12/10 09:39:14 | 000,003,060 | ---- | M] ()
{0DD6E2EB-95BB-4896-A00C-38821E4D7870} -> C:\Windows\system32\tasks\{0DD6E2EB-95BB-4896-A00C-38821E4D7870} -> [2014/01/02 17:04:20 | 000,002,928 | ---- | M] ()
{9CDD84A3-4746-42E2-9568-A1C8E6255D82} -> C:\Windows\system32\tasks\{9CDD84A3-4746-42E2-9568-A1C8E6255D82} -> [2013/11/27 14:34:48 | 000,003,110 | ---- | M] ()
{AC65F617-25FE-49BC-B98D-BB3EC3A9C51E} -> C:\Windows\system32\tasks\{AC65F617-25FE-49BC-B98D-BB3EC3A9C51E} -> [2013/12/20 16:23:43 | 000,003,112 | ---- | M] ()
{D84C7656-826F-41A6-829F-12E36B14E54C} -> C:\Windows\system32\tasks\{D84C7656-826F-41A6-829F-12E36B14E54C} -> [2014/11/02 11:25:02 | 000,003,080 | ---- | M] ()
< %windir%\tasks\*.* >
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2014/12/08 23:20:52 | 000,001,054 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2014/12/09 00:43:00 | 000,001,058 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2014/12/08 23:20:40 | 000,000,006 | -H-- | M] ()
SCHEDLGU.TXT -> C:\Windows\tasks\SCHEDLGU.TXT -> [2014/10/14 13:31:20 | 000,032,608 | ---- | M] ()
< HKLM\System\CCS\Services\Tcpip\Parameters >
Reg Error: Key HKEY_LOCAL_MACHINE\System\CCS\Services\Tcpip\Parameters\ not found. -> ->
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
\\"DefaultConnectionSettings" -> [[Binary data over 100 bytes]] -> File not found
\\"SavedLegacySettings" -> [[Binary data over 100 bytes]] -> File not found
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
Reg Error: Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\ not found. -> ->
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
Reg Error: Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ not found. -> ->
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT
\\"devenv.exe" -> [1] -> File not found
\\"dexplore.exe" -> [1] -> File not found
\\"helppane.exe" -> [1] -> File not found
\\"sllauncher.exe" -> [0] -> File not found
\\"PresentationHost.exe" -> [0] -> File not found
[Alternate Data Streams]
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:F0E9F896_Bb.gbp
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:F0E9F896_Uni.gbp
@Alternate Data Stream - 310 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
< End of report >
Agora vamos remover as ferramentas utilizadas na desinfecção.
