Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
foxr

Meu computador não abre nenhum site de Bancos. Possuo o Windows 8 instalado.

Recommended Posts

O meu problema é idêntico a um tópico já aberto, porém utilizo o windows 8 e o programa combofix não é compatível com o windows 8, impossibilitando que eu utilize este tópico já aberto para a solução do meu problema. Já tentei todos os navegadores que possuo e não consigo acessar nenhum site de bancos, cujos sites eu acessava normalmente até dois meses atrás, já tentei acessar com os antivírus e firewall desativados mas mesmo assim não consigo acessar, aparecendo a seguinte mensagem: "Não foi possível conectar-se ao servidor proxy".

Obs: tentei utilizar o programa DDS.scr conforme orientação do tutorial para posts, mas o programa não é compatível com o windows 8.

Obrigado.

Segue o Gmer:

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-11-30 17:32:15

Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\00000039 ST1000LM024_HN-M101MBB rev.2AR10002 931,51GB

Running: gmer.exe; Driver: C:\Users\RAPOSO~1\AppData\Local\Temp\uxtdypod.sys

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8f78b30e0 7 bytes JMP 00007ff9f6f602d0

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8f78b4478 7 bytes JMP 00007ff9f6f60308

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8f79611a8 7 bytes JMP 00007ff9f6f60340

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff8f796121c 7 bytes JMP 00007ff9f6f603b0

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff8f7961668 7 bytes JMP 00007ff9f6f60378

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8f79672d0 7 bytes JMP 00007ff9f6f60260

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8f798d5a4 7 bytes JMP 00007ff9f6f60228

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8f798d614 7 bytes JMP 00007ff9f6f60298

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8f6fc2124 7 bytes JMP 00007ff9f6f600d8

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff8f6fc50e8 5 bytes JMP 00007ff9f6f60180

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8f6fc52a0 5 bytes JMP 00007ff9f6f60148

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8f6fca9b0 5 bytes JMP 00007ff9f6f60110

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff8f9897b64 10 bytes JMP 00007ff9f6f60490

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff8f98b2910 5 bytes JMP 00007ff9f6f60420

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff8f98b4578 5 bytes JMP 00007ff9f6f60458

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8f98b4980 9 bytes JMP 00007ff9f6f603e8

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8f7f21500 8 bytes JMP 00007ff9f6f601b8

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8f7f21750 8 bytes JMP 00007ff9f6f601f0

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007ff8f4cd705c 5 bytes JMP 00007ff9f4a700d8

.text C:\WINDOWS\system32\dwm.exe[1056] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007ff8f4cd7678 5 bytes JMP 00007ff9f4a70110

.text C:\WINDOWS\system32\nvvsvc.exe[1120] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\nvvsvc.exe[1120] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\nvvsvc.exe[1120] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\nvvsvc.exe[1120] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\WLANExt.exe[1704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\WLANExt.exe[1704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\WLANExt.exe[1704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\WLANExt.exe[1704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\System32\spoolsv.exe[1868] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\System32\spoolsv.exe[1868] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\System32\spoolsv.exe[1868] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\System32\spoolsv.exe[1868] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1636] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1636] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1636] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1636] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1636] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff8ee741f6a 4 bytes [74, EE, F8, 7F]

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1636] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff8ee741f82 4 bytes [74, EE, F8, 7F]

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2392] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2392] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2392] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2392] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2452] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2452] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2452] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2452] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\svchost.exe[2484] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[2508] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[2508] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[2508] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[2508] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2628] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2628] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2628] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2628] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\Windows\System32\igfxpers.exe[4340] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\Windows\System32\igfxpers.exe[4340] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\Windows\System32\igfxpers.exe[4340] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\Windows\System32\igfxpers.exe[4340] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5104] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5104] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5104] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5104] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [876:884] fffff960009394d0

Thread C:\WINDOWS\system32\svchost.exe [1892:3468] 00007ff8e8dd4608

Thread C:\WINDOWS\system32\svchost.exe [1892:3660] 00007ff8e8dc1584

Thread C:\WINDOWS\system32\svchost.exe [1892:3756] 00007ff8e8c31b30

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok. Vou postar o log gmer, pois o DDS eu não consegui nem em modo de compatibilidade, pois possuo o windows 8.

Segue o Gmer e desde já agradeço pela ajuda.

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-04 10:40:36

Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000039 ST1000LM024_HN-M101MBB rev.2AR10002 931,51GB

Running: gmer.exe; Driver: C:\Users\RAPOSO~1\AppData\Local\Temp\uxtdypod.sys

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8f78b30e0 7 bytes JMP 00007ff9f6f602d0

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8f78b4478 7 bytes JMP 00007ff9f6f60308

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8f79611a8 7 bytes JMP 00007ff9f6f60340

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff8f796121c 7 bytes JMP 00007ff9f6f603b0

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff8f7961668 7 bytes JMP 00007ff9f6f60378

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8f79672d0 7 bytes JMP 00007ff9f6f60260

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8f798d5a4 7 bytes JMP 00007ff9f6f60228

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8f798d614 7 bytes JMP 00007ff9f6f60298

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8f6fc2124 7 bytes JMP 00007ff9f6f600d8

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff8f6fc50e8 5 bytes JMP 00007ff9f6f60180

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8f6fc52a0 5 bytes JMP 00007ff9f6f60148

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8f6fca9b0 5 bytes JMP 00007ff9f6f60110

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff8f9897b64 10 bytes JMP 00007ff9f6f60490

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff8f98b2910 5 bytes JMP 00007ff9f6f60420

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff8f98b4578 5 bytes JMP 00007ff9f6f60458

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8f98b4980 9 bytes JMP 00007ff9f6f603e8

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8f7f21500 8 bytes JMP 00007ff9f6f601b8

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8f7f21750 8 bytes JMP 00007ff9f6f601f0

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory 00007ff8f4cd705c 5 bytes JMP 00007ff9f4b500d8

.text C:\WINDOWS\System32\dwm.exe[4972] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1 00007ff8f4cd7678 5 bytes JMP 00007ff9f4b50110

.text C:\WINDOWS\system32\nvvsvc.exe[5568] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\nvvsvc.exe[5568] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\nvvsvc.exe[5568] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\WINDOWS\system32\nvvsvc.exe[5568] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

.text C:\Windows\System32\igfxpers.exe[8216] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8f7d6169a 4 bytes [D6, F7, F8, 7F]

.text C:\Windows\System32\igfxpers.exe[8216] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8f7d616a2 4 bytes [D6, F7, F8, 7F]

.text C:\Windows\System32\igfxpers.exe[8216] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8f7d6181a 4 bytes [D6, F7, F8, 7F]

.text C:\Windows\System32\igfxpers.exe[8216] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8f7d61832 4 bytes [D6, F7, F8, 7F]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [3608:1144] fffff960009af4d0

---- Processes - GMER 2.1 ----

Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76EEFB0B-3D71-4294-BC24-52E0FAEA32BD}\mpengine.dll (*** suspicious ***) @ C:\Program Files\Windows Defender\MsMpEng.exe [2508] (Microsoft Malware Protection Engine/Microsoft Corporation SIGNED)(2013-12-03 22:12:24) 00007ff8d5e80000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro foxr

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o donwload do OTL by OldTimer e salve em seu Desktop.

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Deixe a tela principal configurada conforme figura abaixo:

5369448421_6bf795eb1a_b.jpg

  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dl
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
/md5stop

  • Clique no botão 5370056362_e3d07d5d8a_m.jpg
  • Não interrompa o scan em hipótese alguma;
  • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
  • Reinicie o computador;
  • Poste os dois logs em sua próxima resposta.
  • Não exclua o OTL

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem os logs:

OTL logfile created on: 05/12/2013 12:59:38 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\raposojuliano\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16438)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,89 Gb Total Physical Memory | 5,25 Gb Available Physical Memory | 66,53% Memory free

15,89 Gb Paging File | 12,21 Gb Available in Paging File | 76,83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 907,52 Gb Total Space | 561,58 Gb Free Space | 61,88% Space Free | Partition Type: NTFS

Computer Name: JULIANO | User Name: raposojuliano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/05 12:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

PRC - [2013/12/04 11:00:37 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

PRC - [2013/11/29 14:57:02 | 002,273,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

PRC - [2013/11/29 14:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

PRC - [2013/11/14 09:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/11/12 23:46:10 | 000,194,224 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONENOTEM.EXE

PRC - [2013/11/08 18:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

PRC - [2013/10/23 20:33:38 | 029,770,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/10/21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

PRC - [2013/09/16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2013/09/16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

PRC - [2013/09/16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

PRC - [2013/08/26 14:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2013/08/26 14:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2013/08/07 14:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Arquivos de Programas\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Arquivos de Programas\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2013/07/23 03:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

PRC - [2013/07/15 12:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2013/05/11 08:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/18 12:06:42 | 000,737,616 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

PRC - [2013/04/18 12:06:26 | 000,127,312 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2013/04/18 12:06:24 | 000,158,032 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

PRC - [2013/04/11 17:41:11 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2013/03/06 03:23:50 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

PRC - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012/11/30 05:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

PRC - [2012/11/30 05:26:14 | 000,082,312 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

PRC - [2012/11/30 05:26:06 | 002,621,320 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe

PRC - [2012/11/05 20:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2012/08/15 09:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

PRC - [2012/07/13 13:30:09 | 000,155,488 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/23 17:26:48 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

MOD - [2013/11/14 09:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll

MOD - [2013/11/14 09:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll

MOD - [2013/11/14 09:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll

MOD - [2013/11/14 09:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll

MOD - [2013/11/14 09:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll

MOD - [2013/11/12 23:45:38 | 000,316,584 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\appvisvstream32.dll

MOD - [2013/11/12 23:45:36 | 000,359,592 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\c2r32.dll

MOD - [2013/11/12 22:33:19 | 016,237,448 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll

MOD - [2013/10/23 19:29:06 | 003,558,400 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

MOD - [2013/08/23 17:01:44 | 025,100,288 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\libcef.dll

MOD - [2012/11/30 05:26:20 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll

MOD - [2012/11/30 05:26:14 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll

MOD - [2012/11/30 05:26:08 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll

MOD - [2012/11/30 05:26:00 | 000,103,032 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll

MOD - [2012/11/30 05:26:00 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll

MOD - [2012/07/13 13:30:10 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

MOD - [2012/07/13 13:30:10 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

MOD - [2012/07/13 13:30:09 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

MOD - [2012/07/13 13:30:09 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

MOD - [2012/07/13 13:30:09 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

MOD - [2012/07/13 13:30:09 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

MOD - [2012/07/13 13:30:09 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

MOD - [2012/07/13 13:30:09 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

MOD - [2012/07/13 13:30:08 | 002,281,984 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll

MOD - [2012/07/13 13:30:08 | 000,891,392 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll

MOD - [2012/07/13 13:30:08 | 000,446,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

MOD - [2012/07/13 13:30:08 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll

========== Services (SafeList) ==========

SRV - [2013/11/29 14:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)

SRV - [2013/11/29 14:56:40 | 015,128,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)

SRV - [2013/11/12 22:33:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/10/23 09:06:32 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2013/10/21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService)

SRV - [2013/09/30 02:10:23 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)

SRV - [2013/09/18 22:38:44 | 000,157,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel®

SRV - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)

SRV - [2013/09/16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2013/09/16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2013/09/16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

SRV - [2013/09/11 00:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/09/06 18:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/08/28 16:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV - [2013/08/28 16:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV - [2013/08/28 16:23:40 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2013/08/28 16:23:20 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®

SRV - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV - [2013/08/26 14:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2013/08/26 14:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2013/08/22 10:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2013/08/22 01:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2013/08/22 00:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)

SRV - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2013/07/23 03:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe -- (BBUpdate)

SRV - [2013/07/23 03:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe -- (BBSvc)

SRV - [2013/07/15 12:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2013/05/21 09:14:18 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV - [2013/05/11 08:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/18 12:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/11/30 05:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)

SRV - [2012/11/05 20:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)

SRV - [2012/11/01 05:22:14 | 000,055,120 | ---- | M] (Condusiv Technologies) [Auto | Running] -- C:\Arquivos de Programas\Condusiv Technologies\IntelliMemory\IntelliMem.exe -- (IntelliMemory)

SRV - [2012/09/12 19:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV - [2012/05/22 21:48:42 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)

SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

SRV - [2010/01/09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

========== Driver Services (SafeList) ==========

DRV - [2013/03/01 03:36:26 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{717BBFD1-DAB1-4B78-9E70-EC4985D28522}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.3.1.22

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.3.1.22

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com/

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.oquefazernainternet.com/

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes\{EFA27348-E879-4907-9783-B1D0956D3E33}: "URL" = http://www.oquefazernainternet.com/q/{searchTerms}

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\ProgramData\ppctrl.dat

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/11 17:41:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/11 17:41:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D}: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2013/11/19 23:19:12 | 000,000,000 | ---D | M]

[2013/09/17 23:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\raposojuliano\AppData\Roaming\mozilla\Extensions

[2013/11/07 17:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\raposojuliano\AppData\Roaming\mozilla\Firefox\Profiles\cu2sti8o.default\extensions

[2013/04/12 03:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013/09/17 23:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2013/09/17 23:50:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?hl=en&q={searchTerms}

CHR - default_search_provider: suggest_url = ,

CHR - homepage: about:blank

CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

CHR - plugin: RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

CHR - plugin: RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

CHR - plugin: RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

CHR - plugin: M\u00F3dulo de Prote\u00E7\u00E3o - Banco do Brasil (Enabled) = C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

CHR - plugin: M\u00F3dulo de Prote\u00E7\u00E3o - Caixa Economica Federal (Enabled) = C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Pesquisa do Google = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: RealDownloader = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\

CHR - Extension: Crackle Brazil = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\lflobbippdgfecmbdgjdejahlimggpef\1.0.0_0\

CHR - Extension: Google Wallet = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

CHR - Extension: GBBD Caixa Economica Federal = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei\3.4.0_0\

CHR - Extension: GBBD Banco do Brasil = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh\3.0.0_0\

CHR - Extension: Gmail = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/08 14:34:14 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Unfriend Alerts) - {C1B5BA5E-CF95-4025-857E-7A76BB455DB1} - C:\Program Files (x86)\UnfriendAlerts\unfriendalerts.dll (Buzzbox Media)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)

O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)

O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)

O4 - Startup: C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk = C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Enviar para o Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm File not found

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 177.84.70.1 177.84.70.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41BF3D00-3C70-47C1-9336-BFB78F8B8295}: DhcpNameServer = 177.84.70.1 177.84.70.4

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files (x86)\GbPlugin\gbiehUni.dll) - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - State: "services" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus estender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus estender - Driver Group

SafeBootMin: TBS - Service

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices

SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus estender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdpencdd.sys - Driver

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: SmartcardSimulator - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus estender - Driver Group

SafeBootNet: TBS - Service

SafeBootNet: TDI - Driver Group

SafeBootNet: VirtualSmartcardReader - Driver

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices

SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {49C187D7-91E1-459E-9759-2925384BD397} - .NET Framework

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EC43E638-09F0-38CC-A585-72FCCDDF035C} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\SysWow64\ff_vfw.dll ()

Drivers32: VIDC.FMVC - C:\WINDOWS\SysWow64\fmcodec.DLL (Fox Magic Software)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/05 12:55:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

[2013/12/04 16:26:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2013/12/04 16:25:43 | 000,032,544 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvaudcap32v.dll

[2013/11/30 16:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2013/11/30 16:47:19 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\Desktop\gmer

[2013/11/28 00:25:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\NV

[2013/11/28 00:21:09 | 009,663,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuda.dll

[2013/11/28 00:21:09 | 002,747,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvenc.dll

[2013/11/28 00:21:09 | 001,242,400 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvumdshim.dll

[2013/11/28 00:21:09 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvinit.dll

[2013/11/28 00:21:04 | 000,609,568 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\NvFBC.dll

[2013/11/28 00:21:04 | 000,562,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\NvIFR.dll

[2013/11/28 00:21:02 | 022,951,200 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvoglv32.dll

[2013/11/28 00:21:02 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcompiler.dll

[2013/11/28 00:21:02 | 015,862,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvwgf2um.dll

[2013/11/28 00:21:02 | 015,218,504 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvd3dum.dll

[2013/11/28 00:21:02 | 009,619,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvopencl.dll

[2013/11/28 00:21:02 | 002,947,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvid.dll

[2013/11/28 00:21:02 | 002,697,248 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvapi.dll

[2013/11/28 00:21:02 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvoglshim32.dll

[2013/11/14 12:16:41 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\Documents\Blocos de Anotações do OneNote

[2013/11/13 21:29:59 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\AppData\Local\NVIDIA Corporation

[2013/11/12 23:29:40 | 000,693,240 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

[2013/11/12 23:29:40 | 000,105,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

[2013/11/12 22:39:40 | 005,769,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll

[2013/11/12 22:39:34 | 002,328,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[2013/11/12 22:39:34 | 002,295,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll

[2013/11/12 22:39:33 | 002,065,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe

[2013/11/12 22:39:32 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll

[2013/11/12 22:39:31 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll

[2013/11/12 22:39:31 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll

[2013/11/12 22:39:31 | 000,883,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll

[2013/11/12 22:39:30 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll

[2013/11/12 22:39:29 | 000,380,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll

[2013/11/12 22:39:28 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll

[2013/11/12 22:39:28 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll

[2013/11/12 22:39:26 | 001,204,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll

[2013/11/12 22:39:26 | 000,518,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe

[2013/11/12 22:39:22 | 000,795,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TSWorkspace.dll

[2013/11/12 22:39:21 | 000,345,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsmf.dll

[2013/11/12 22:39:21 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapphost.dll

[2013/11/12 22:39:21 | 000,088,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptsslp.dll

[2013/11/12 22:39:18 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll

[2013/11/12 22:39:18 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\shsetup.dll

[2013/11/12 22:39:17 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl

[2013/11/12 22:39:17 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappcfg.dll

[2013/11/12 22:39:17 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapp3hst.dll

[2013/11/12 22:39:17 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappgnui.dll

[2013/11/12 22:39:17 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ftp.exe

[2013/11/12 22:39:16 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll

[2013/11/12 22:39:16 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

[2013/11/12 22:39:16 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\miutils.dll

[2013/11/12 22:39:02 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll

[2013/11/12 22:38:52 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll

[2013/11/12 22:38:42 | 013,925,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll

[2013/11/12 22:38:40 | 011,674,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll

[2013/11/10 17:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices

[2013/11/05 17:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation

[2013/11/05 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\AppData\Roaming\Intel Corporation

[2013/11/05 16:59:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\RSTLog

[2013/04/28 13:09:04 | 006,724,056 | ---- | C] (Absolute Software Corp.) -- C:\Users\raposojuliano\AppData\Roaming\LoJackSetup.exe

[2013/04/11 23:36:40 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/05 12:57:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/12/05 12:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

[2013/12/05 12:05:00 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/12/05 11:05:00 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/12/05 11:05:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/12/05 09:51:38 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/12/04 17:15:12 | 000,068,379 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Oi 12-2013.pdf

[2013/11/30 17:00:55 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\WINDOWS\SysWow64\drivers\gbpndisrd.sys

[2013/11/30 17:00:55 | 000,010,266 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd.cat

[2013/11/30 17:00:55 | 000,003,641 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd.inf

[2013/11/30 17:00:55 | 000,001,814 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd_m.inf

[2013/11/30 17:00:55 | 000,001,402 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\gas.cer

[2013/11/30 17:00:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/11/30 17:00:30 | 2482,388,991 | -HS- | M] () -- C:\hiberfil.sys

[2013/11/30 16:43:42 | 000,368,554 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gmer.zip

[2013/11/29 14:56:57 | 000,979,744 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvspcap.dll

[2013/11/28 22:45:01 | 000,011,314 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Comprovante SNT.pdf

[2013/11/28 22:26:05 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0003.pdf

[2013/11/28 22:25:53 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0002.pdf

[2013/11/28 22:25:41 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0001.pdf

[2013/11/23 17:26:48 | 022,951,200 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvoglv32.dll

[2013/11/23 17:26:48 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcompiler.dll

[2013/11/23 17:26:48 | 015,862,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvwgf2um.dll

[2013/11/23 17:26:48 | 015,218,504 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvd3dum.dll

[2013/11/23 17:26:48 | 009,663,656 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuda.dll

[2013/11/23 17:26:48 | 009,619,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvopencl.dll

[2013/11/23 17:26:48 | 002,947,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvid.dll

[2013/11/23 17:26:48 | 002,747,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvenc.dll

[2013/11/23 17:26:48 | 002,697,248 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvapi.dll

[2013/11/23 17:26:48 | 001,242,400 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvumdshim.dll

[2013/11/23 17:26:48 | 000,609,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\NvFBC.dll

[2013/11/23 17:26:48 | 000,562,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\NvIFR.dll

[2013/11/23 17:26:48 | 000,266,984 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvoglshim32.dll

[2013/11/23 17:26:48 | 000,141,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvinit.dll

[2013/11/18 11:39:58 | 000,051,338 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gabarito1.jpg

[2013/11/18 11:39:44 | 000,060,176 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gabarito.jpg

[2013/11/15 10:31:03 | 000,001,137 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk

[2013/11/15 00:32:54 | 000,031,228 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Exames pré-admissionais.jpg

[2013/11/14 12:18:59 | 000,193,730 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Recibo do Sacado.pdf

[2013/11/14 12:07:25 | 000,061,764 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Pesquisa Social.pdf

[2013/11/09 01:01:04 | 000,204,726 | ---- | M] () -- C:\Users\raposojuliano\Desktop\OPÇÃO de Lotação (1).pdf

[2013/11/09 01:00:46 | 000,204,725 | ---- | M] () -- C:\Users\raposojuliano\Desktop\OPÇÃO de Lotação.pdf

[2013/11/08 10:55:17 | 000,019,881 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Cancelamento SNT.pdf

[2013/11/07 11:00:32 | 000,222,749 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Prova de SCO.pdf

[2013/11/06 23:13:47 | 000,223,645 | ---- | M] () -- C:\Users\raposojuliano\Documents\Prova de SCO.pdf

[2013/11/06 23:09:55 | 000,085,361 | ---- | M] () -- C:\Users\raposojuliano\Desktop\1460312_1433902150166795_959707458_n.jpg

[2013/11/06 23:09:41 | 000,079,257 | ---- | M] () -- C:\Users\raposojuliano\Desktop\1395153_1433902206833456_1700032882_n.jpg

[2013/11/06 23:09:33 | 000,071,077 | ---- | M] () -- C:\Users\raposojuliano\Desktop\1450889_1433902243500119_1768971359_n.jpg

[2013/11/06 23:09:25 | 000,089,721 | ---- | M] () -- C:\Users\raposojuliano\Desktop\601494_1433902296833447_1224773771_n.jpg

[2013/11/05 21:31:26 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

[2013/11/05 21:31:26 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

[2013/11/05 20:27:43 | 000,734,981 | ---- | M] () -- C:\Users\raposojuliano\Desktop\SIMULADO MÓDULO PROFISSIONALIZATE (2).pdf

[2013/11/05 18:12:55 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl

[2013/11/05 17:00:41 | 001,814,812 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2013/11/05 14:39:49 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk

[2013/11/05 14:20:05 | 013,925,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/04 17:15:10 | 000,068,379 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Oi 12-2013.pdf

[2013/12/04 10:31:41 | 000,377,856 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gmer.exe

[2013/11/30 16:43:29 | 000,368,554 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gmer.zip

[2013/11/28 22:45:01 | 000,011,314 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Comprovante SNT.pdf

[2013/11/28 22:26:05 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0003.pdf

[2013/11/28 22:25:52 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0002.pdf

[2013/11/28 22:25:40 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0001.pdf

[2013/11/18 11:39:58 | 000,051,338 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gabarito1.jpg

[2013/11/18 11:39:43 | 000,060,176 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gabarito.jpg

[2013/11/15 00:29:20 | 000,031,228 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Exames pré-admissionais.jpg

[2013/11/14 12:18:58 | 000,193,730 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Recibo do Sacado.pdf

[2013/11/14 12:16:56 | 000,001,137 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk

[2013/11/14 12:07:24 | 000,061,764 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Pesquisa Social.pdf

[2013/11/09 01:01:04 | 000,204,726 | ---- | C] () -- C:\Users\raposojuliano\Desktop\OPÇÃO de Lotação (1).pdf

[2013/11/09 01:00:46 | 000,204,725 | ---- | C] () -- C:\Users\raposojuliano\Desktop\OPÇÃO de Lotação.pdf

[2013/11/08 10:55:17 | 000,019,881 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Cancelamento SNT.pdf

[2013/11/07 11:00:31 | 000,222,749 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Prova de SCO.pdf

[2013/11/06 23:13:45 | 000,223,645 | ---- | C] () -- C:\Users\raposojuliano\Documents\Prova de SCO.pdf

[2013/11/06 23:09:54 | 000,085,361 | ---- | C] () -- C:\Users\raposojuliano\Desktop\1460312_1433902150166795_959707458_n.jpg

[2013/11/06 23:09:41 | 000,079,257 | ---- | C] () -- C:\Users\raposojuliano\Desktop\1395153_1433902206833456_1700032882_n.jpg

[2013/11/06 23:09:33 | 000,071,077 | ---- | C] () -- C:\Users\raposojuliano\Desktop\1450889_1433902243500119_1768971359_n.jpg

[2013/11/06 23:09:23 | 000,089,721 | ---- | C] () -- C:\Users\raposojuliano\Desktop\601494_1433902296833447_1224773771_n.jpg

[2013/11/05 20:27:43 | 000,734,981 | ---- | C] () -- C:\Users\raposojuliano\Desktop\SIMULADO MÓDULO PROFISSIONALIZATE (2).pdf

[2013/11/05 18:12:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2013/11/05 17:00:41 | 001,814,812 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2013/11/05 14:39:49 | 000,000,728 | ---- | C] () -- C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk

[2013/10/01 23:58:29 | 000,107,832 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe

[2013/09/10 02:45:37 | 000,109,696 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyHook64.dll

[2013/09/10 02:45:37 | 000,091,264 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyHook32.dll

[2013/09/09 10:35:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll

[2013/09/09 10:35:08 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll

[2013/09/09 10:35:06 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll

[2013/09/07 02:21:02 | 000,023,233 | -H-- | C] () -- C:\Users\raposojuliano\AppData\Roaming\windows.vbs

[2013/08/22 13:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2013/08/22 13:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2013/08/22 12:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2013/08/22 05:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2013/08/22 01:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2013/08/22 01:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2013/08/21 21:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2013/08/21 21:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2013/08/18 22:25:47 | 000,002,132 | -H-- | C] () -- C:\ProgramData\ppctrl.dat

[2013/08/18 22:25:47 | 000,000,004 | ---- | C] () -- C:\ProgramData\99

[2013/08/18 22:25:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\0

[2013/07/15 21:58:56 | 000,720,082 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins001.exe

[2013/07/15 21:58:56 | 000,011,358 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins001.dat

[2013/07/14 19:47:10 | 002,250,024 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe

[2013/07/07 19:02:51 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2013/06/08 14:34:53 | 000,720,594 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins000.exe

[2013/06/08 14:34:53 | 000,011,613 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins000.dat

[2013/05/14 23:11:56 | 000,007,607 | ---- | C] () -- C:\Users\raposojuliano\AppData\Local\Resmon.ResmonCfg

[2013/05/09 21:15:12 | 000,004,016 | ---- | C] () -- C:\WINDOWS\SysWow64\PsClikSeguro.ini

[2013/05/09 21:15:12 | 000,002,112 | ---- | C] () -- C:\WINDOWS\SysWow64\PsClikSeguroOff.ini

[2013/04/23 16:06:27 | 000,079,360 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll

[2013/04/15 02:28:45 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe

[2013/04/11 23:36:40 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml

[2013/04/11 23:11:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2013/04/11 03:30:05 | 000,013,857 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\AbsoluteReminder.xml

[2013/01/03 19:26:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini

[2012/04/20 02:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/11/05 18:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/11/05 16:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 07:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 00:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 07:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/13 05:34:06 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\DAEMON Tools Lite

[2013/12/05 09:54:25 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Dropbox

[2013/07/07 15:23:02 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Garmin

[2013/05/30 22:48:55 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\GetRightToGo

[2013/07/02 20:42:15 | 000,000,000 | -H-D | M] -- C:\Users\raposojuliano\AppData\Roaming\InstallJammer Registry

[2013/05/12 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\IsolatedStorage

[2013/05/02 23:21:05 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Nokia

[2013/04/16 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\PC Suite

[2013/05/09 21:15:11 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\PSafe

[2013/10/24 18:54:21 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Samsung

[2013/04/11 03:30:12 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Synaptics

[2013/12/03 21:27:30 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >

[2013/08/22 10:43:41 | 000,026,464 | ---- | M] (Microsoft Corporation) MD5=74B14192CF79A72F7536B27CB8814FBD -- C:\WINDOWS\SysNative\drivers\atapi.sys

[2013/08/22 10:43:41 | 000,026,464 | ---- | M] (Microsoft Corporation) MD5=74B14192CF79A72F7536B27CB8814FBD -- C:\WINDOWS\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_64aa4354da84c2df\atapi.sys

[2013/08/22 10:43:41 | 000,026,464 | ---- | M] (Microsoft Corporation) MD5=74B14192CF79A72F7536B27CB8814FBD -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.3.9600.16384_none_cdf68824f580d510\atapi.sys

< MD5 for: NETLOGON.DLL >

[2013/08/22 00:49:21 | 000,688,640 | ---- | M] (Microsoft Corporation) MD5=CEBE4E2D2C6F3D6E87201C21B877929C -- C:\Windows\SysWOW64\netlogon.dll

[2013/08/22 00:49:21 | 000,688,640 | ---- | M] (Microsoft Corporation) MD5=CEBE4E2D2C6F3D6E87201C21B877929C -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.16384_none_f8cac1a04051b0c6\netlogon.dll

[2013/08/22 07:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) MD5=E01B8CE6646E055D2B806AE4DD5A1202 -- C:\WINDOWS\SysNative\netlogon.dll

[2013/08/22 07:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) MD5=E01B8CE6646E055D2B806AE4DD5A1202 -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.16384_none_ee76174e0bf0eecb\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2013/08/22 10:43:32 | 000,168,288 | ---- | M] (NVIDIA Corporation) MD5=1F43ABFFAC3D6CA356851D517392966E -- C:\WINDOWS\SysNative\drivers\nvstor.sys

[2013/08/22 10:43:32 | 000,168,288 | ---- | M] (NVIDIA Corporation) MD5=1F43ABFFAC3D6CA356851D517392966E -- C:\WINDOWS\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys

[2013/08/22 10:43:32 | 000,168,288 | ---- | M] (NVIDIA Corporation) MD5=1F43ABFFAC3D6CA356851D517392966E -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.3.9600.16384_none_2a99233292f5aadb\nvstor.sys

< MD5 for: SCECLI.DLL >

[2013/08/22 00:48:17 | 000,207,360 | ---- | M] (Microsoft Corporation) MD5=1F142D5BD1C3869C5D902779B6FEC3EF -- C:\Windows\SysWOW64\scecli.dll

[2013/08/22 00:48:17 | 000,207,360 | ---- | M] (Microsoft Corporation) MD5=1F142D5BD1C3869C5D902779B6FEC3EF -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.3.9600.16384_none_3320ecb8e1733781\scecli.dll

[2013/08/22 07:55:43 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=1F1B8D07708E40E54C55B392C78ECCE2 -- C:\WINDOWS\SysNative\scecli.dll

[2013/08/22 07:55:43 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=1F1B8D07708E40E54C55B392C78ECCE2 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.3.9600.16384_none_28cc4266ad127586\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:862BDB1A

< End of report >

OTL Extras logfile created on: 05/12/2013 12:59:38 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\raposojuliano\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16438)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,89 Gb Total Physical Memory | 5,25 Gb Available Physical Memory | 66,53% Memory free

15,89 Gb Paging File | 12,21 Gb Available in Paging File | 76,83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 907,52 Gb Total Space | 561,58 Gb Free Space | 61,88% Space Free | Partition Type: NTFS

Computer Name: JULIANO | User Name: raposojuliano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01409091-9FFC-4C7F-9BB2-BBDCAFFE2F75}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{01947217-70F9-4370-9E20-8ED946E512AC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{09777ECD-FB63-4A55-BBE4-1D6D5DD87031}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{09C2B14E-2C53-477B-B786-0530CF8A9D5C}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{0C0855DA-F8EA-4A46-B3E8-2BE11DBED015}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{0C9922A3-56EF-4A3B-9AB8-BA387E4261F8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{16D0B99E-ED3B-4410-A8AA-861C6745F0A7}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{18197945-6AAD-400E-9F8E-383205E6471D}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |

"{1F76E346-0BC3-401A-88B6-7AC84D002AA5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |

"{21919E09-F81D-4662-897F-68B5C991D4B3}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{27EFC057-C7F4-4E8E-841D-9C1341EC2440}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{2F8E3F4A-C208-439F-A63D-ABDFCA756F90}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{3780E45F-EDDF-4423-BE8F-D581FAC53738}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{39ADB9B4-067E-4212-BFC1-E26C313DAFB4}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{3E3722DE-A21C-4128-AF01-E1A03142F327}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{7838D000-DED7-42C2-893E-597549B9FB0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7DF989FD-9DA3-4C11-A991-44C7570CDAF8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{AF395546-25DB-4153-8051-05B1EF943D64}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{CEA28E72-F721-4B21-8888-8E17756E1CEA}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |

"{D0CEA3EF-17DB-449B-B6DB-6D0284BBAD73}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{D6C8DC37-97AF-462B-9EAC-9CA5877964C7}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{DEEEC7F5-7629-4CEB-BDF2-123BAD01B617}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

"{F28028C1-8211-4D23-8356-D5337ED0EA77}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{F30F7AE3-2FC2-4937-8E1E-67EFD50EA0F6}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{FAF620B5-AFBA-4E34-A1AA-6ED2F08B3388}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

"{FC69DCD2-2C00-472F-8164-1646A7D28157}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FD9CF53F-AFD9-48F6-B2E0-5F9EF0276140}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00B57F47-B86E-4C37-A0EE-1A1B63B4FC62}" = dir=in | name=juniper networks junos pulse |

"{01C5B590-F152-445C-8B0D-F2A8D4BCD05B}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |

"{0286B640-01C9-48E1-8828-71C83795B1CE}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"{04BA3647-A66E-4172-8AC4-716D0243A0DC}" = dir=in | name=onenote |

"{0688FF00-E187-4FD9-9FFB-11B6F222A73B}" = dir=out | name=s camera |

"{0698B136-0A2A-4AC2-A926-3076620BF32F}" = dir=in | name=itaú |

"{07327A4F-D0EC-43FA-AE20-438E89882DC9}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicatorcom.exe |

"{074EA524-5B82-4D4D-9C7D-00607E84EE63}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{078B0707-0651-40D4-9D82-98AD801F39A9}" = dir=in | name=pinball fx2 |

"{094F3868-406A-4D0D-957A-4A1C7B2C648C}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |

"{0FBCD2FB-1CF8-4952-BF0C-767EA4A56081}" = dir=out | name=cifra club |

"{136F498D-7B10-4CC9-B24D-075787469F6E}" = dir=out | name=f5 vpn |

"{14484565-877D-4AAD-A2B8-706BB76DD707}" = dir=in | name=sonicwall mobile connect |

"{15499D75-F4F3-4E81-9366-AC5928B5CA47}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{1686D00A-E722-4DB8-A0EA-773BCC97B6F7}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{1990A32B-3FFE-4E21-B3A0-26B73C817CFB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{1DFBF734-A7AE-4E9B-8ED4-503CB0124804}" = dir=out | name=@{magix.musicmakerjam_1.7.1019.2_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |

"{2030C561-574C-4C83-906D-DAE9ABE72F2C}" = dir=out | name=windows_ie_ac_001 |

"{203EC67B-15FD-45C5-981B-85AFC9602EC6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |

"{2115F98D-6E5B-4E70-A757-E2CF1612C108}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{2337D0F5-63EF-4B46-9B56-BE9E41676C1D}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{248D725C-F63E-4E02-B96C-4246750B7215}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{288E8653-9B46-416A-A34B-89656591E927}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{2B8B98CC-EE3C-4B78-BBD3-88C26883C8CF}" = dir=in | name=bitcasa for samsung |

"{2C810733-9BAE-41AD-B0AB-67772C939615}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{316ED330-E60B-41BB-ADA3-F1975877A8AE}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |

"{31906202-4CB5-4C29-ADC6-4E19BA333C0A}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |

"{31A80EBF-A3EC-4B4C-A09F-F3D672537AF6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{37CABCDA-ABA5-4C80-A50C-7A6E014501D3}" = dir=out | name=jamie's recipes |

"{388A749B-0799-42F6-9EC9-F5D8882BBAE7}" = dir=out | name=taptiles |

"{3A26CF53-6DCB-4995-9682-5303385035E0}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe |

"{3A3B62EB-3533-4822-A020-BFD11DCD30BB}" = dir=out | name=@{microsoft.zunemusic_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |

"{3B7B58CF-277F-4648-919C-47FFB7CDBCFA}" = dir=out | name=s gallery |

"{3E743AC4-2670-492D-BFB7-A6C496683B77}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe |

"{3E856594-4DF7-4F98-9981-6BBF2D6741C9}" = dir=out | name=google search |

"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |

"{4315970B-F351-424A-B288-C70D60FB57E0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |

"{46013A2D-6AE4-46E9-865F-646E3E0A524B}" = dir=in | name=banco do brasil |

"{479E628B-2100-4ED4-AE66-9FD0A57EED1A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{48F7B9FC-7FE5-48B6-B9F9-76EB8D735370}" = protocol=17 | dir=in | app=c:\users\raposojuliano\appdata\roaming\dropbox\bin\dropbox.exe |

"{496B8D08-2BBE-4A5F-82A3-BDE1BF37B976}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{4DF8693B-465D-41F9-9186-4C701DDC24C8}" = dir=in | name=f5 vpn |

"{50E7F550-3E6A-4E1F-B98C-8C22EC4AB4E4}" = dir=out | name=adera |

"{51AA2EB8-7719-42C9-A665-B4675A4E01A1}" = protocol=17 | dir=in | app=c:\program files\condusiv technologies\intellimemory\intellimem.exe |

"{52F0F366-0272-4D11-B25E-CE936D33360D}" = protocol=6 | dir=in | app=c:\program files\condusiv technologies\intellimemory\intellimem.exe |

"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |

"{588D4A24-A3C3-4DE0-B68E-CC1928D1BFDC}" = dir=out | name=crackle |

"{5D62655B-A6E9-412D-B2CE-1FC386E879D9}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |

"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |

"{5FCBEC19-6C66-43C1-A827-2B23A258AFA0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{60D4A5C9-2968-4514-875E-BE4CD265A54E}" = dir=out | name=sonicwall mobile connect |

"{66306BAE-5EC4-4754-8322-9C308E34D030}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{66C23CAA-5D81-4A4C-86D0-F667C888DF39}" = dir=out | name=norton studio |

"{67897D41-CDED-4CF4-BE56-7DBC1075953A}" = dir=out | name=@{microsoft.zunevideo_1.5.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |

"{6D74F64D-91D4-4226-AA65-7FD06017865A}" = dir=in | name=check point vpn |

"{72298743-2BD1-438F-8C15-3FAB1BC6B449}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |

"{7290B3A2-63A9-48E3-AD3A-914A51BC3BB3}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{737577B0-8CD3-4AF9-AD31-E7F33239FE7D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |

"{7627F3BA-EAD5-4BBC-8A34-D423931B9B7B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{78354A03-C7D4-42AF-8908-3496E4B189F6}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |

"{798DB4C0-4185-45E2-8B74-76B028E95FD0}" = dir=out | name=pinball fx2 |

"{7A993572-85F7-4815-ADAA-7C51544A063D}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |

"{7B5B53BD-90EF-4DD6-9DE8-A04D12471F50}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{7D61087E-4BA7-44DD-8B95-5F7AE1D93387}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{7D655867-EBAC-495C-A949-CCC6B31A3C68}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{80E4A9EA-EFFF-4B85-9BBC-D97E0A77F95C}" = protocol=17 | dir=in | app=c:\users\raposojuliano\appdata\roaming\utorrent\utorrent.exe |

"{814494E4-FBDE-4B0E-A3DF-1806A057223C}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{87306891-B1E9-4345-9C77-DFA3DD51FE01}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{87D4FB48-6695-4133-BE93-BD1B590D4433}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{881F1BD9-3601-49A2-91AD-357FD100E987}" = dir=out | name=itaú |

"{8921C1DA-FB8F-4EAE-8E18-CE13CEC2D5F2}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{8978593E-E2D4-4034-84DE-F77A849DAC48}" = dir=out | name=@{microsoft.zunemusic_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |

"{8A623272-62EC-4801-AAA7-CE49EA0A01E1}" = dir=out | name=kindle |

"{8C1124E4-64FC-4446-968E-2C2BE2757646}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{8F979DED-6D17-414B-8785-FA7B37C14BC0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |

"{92D6F7BB-6C13-4043-A30E-6136DF0D7FA2}" = dir=out | name=juniper networks junos pulse |

"{934C0E9F-6C6A-472F-9150-6BB8727F83E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{95C169AA-2B67-4BF9-A354-C32B5030892C}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{9D3CBACC-0A9F-4864-A814-02115C6D28B5}" = protocol=6 | dir=in | app=c:\users\raposojuliano\appdata\roaming\dropbox\bin\dropbox.exe |

"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{9FE41B80-DF82-4890-9BF3-99FBB790219B}" = dir=out | name=skype |

"{A01734BE-53EF-4D20-BABB-62184136CD1B}" = dir=in | name=cifra club |

"{A1A35D86-F7D3-4DF3-8307-F364FD6A3739}" = dir=out | name=evernote touch |

"{A48BB172-C301-4BC3-91A4-E6B4D1CC4994}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |

"{A5518EEA-B555-4223-9677-CBE1152DB7C1}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |

"{A973EDE7-939B-43D9-809E-8713F841BD42}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |

"{AC7BC128-1F9B-412E-B039-74ECE46F930A}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"{AF10743A-63F5-4352-9631-FF2D61AC8AE7}" = dir=out | name=fresh paint |

"{AF42DF4E-C836-48F5-A21E-13456FC5ED41}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |

"{AFBD7B63-624A-472F-A0B2-955700E9394B}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |

"{B150A2EA-615E-4D28-AFDF-A48E5D7246D8}" = dir=in | name=taptiles |

"{B1BE6918-F9E5-4849-BE96-8347F6A07EB1}" = dir=in | name=skype |

"{B2E81092-D690-4A3C-A098-67B00205C803}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |

"{B39D8FA9-D44D-4F25-AE23-DA25EAE4EF0C}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{B9D088CC-F822-4518-B00C-2AE18C3FD8F1}" = protocol=6 | dir=in | app=c:\users\raposojuliano\appdata\roaming\utorrent\utorrent.exe |

"{B9F184D5-61BA-4C68-BC26-87F88038B591}" = dir=out | name=bitcasa for samsung |

"{BAD55E7D-A972-438E-968C-FC85FF3AE563}" = dir=out | name=banco do brasil |

"{BBEADCE3-FEE3-402E-BFD2-E58CB65AFA11}" = dir=out | name=check point vpn |

"{C0122B89-4ED9-463C-A1F8-0608DDB0799D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{C2EA4519-F607-49BE-B8F2-613ACC35D57D}" = dir=in | app=c:\users\raposojuliano\appdata\local\microsoft\skydrive\skydrive.exe |

"{C34CAE29-EF6B-4000-A5C9-A1766812C2C5}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{C52FA439-3EF6-4872-861C-33249F523468}" = dir=out | name=merriam-webster dictionary |

"{C600C358-E998-418E-BA56-479040DAE5AE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{D3E29384-DFCF-4D04-A864-108B1ED70B4B}" = dir=out | name=chaton |

"{D48F6E79-D180-4E87-8651-7346F7715545}" = dir=out | name=shark dash |

"{D674E242-0784-4E2E-A5FB-C2F81228D0DA}" = dir=out | name=@{microsoft.zunevideo_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |

"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |

"{D94EB49A-7522-48C0-89B6-1DBBA0516AA6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |

"{DDFD41EF-0A6C-4CE7-A44F-859975B67287}" = dir=out | name=bradesco |

"{DEAD6B35-66D5-4330-A07E-450D3508E619}" = dir=out | name=onenote |

"{E22FF42D-45F4-415C-895A-1825D62E576C}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{E3377E66-C8D5-4BB6-B668-D18104C9FC67}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |

"{E5DCCB8D-6C1E-421B-AD9C-6A232CE30BFD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{EC3C0081-CC59-464D-817C-4BF2B998D237}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |

"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |

"{EE620053-778B-4F8C-8601-098919AD0528}" = dir=in | name=@{magix.musicmakerjam_1.7.1019.2_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |

"{EECC68E2-B59E-40A8-BA95-81E737D081DB}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{F4E94BF2-00FE-4807-B95A-D8710CC87918}" = dir=in | name=evernote touch |

"{F545433F-9BD8-44A1-B4A0-25F450261B05}" = dir=out | name=s player |

"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |

"{F76F1E58-FB20-44F9-AECA-CD26B1AE33EA}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.201_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |

"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |

"{FE548F91-F7D9-49FF-8FE6-C719BF425D5D}" = dir=out | name=windows_ie_ac_001 |

"{FE90F465-6CE5-4335-A408-CCC5D1884123}" = dir=out | name=windows_ie_ac_001 |

"TCP Query User{153BB1BF-639C-4D69-BF15-A57DA30F51D0}C:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe |

"TCP Query User{6E298AC0-AE63-4085-9A61-087943F40520}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe |

"TCP Query User{CD311456-9EB1-4429-B3A9-A576B578B5AB}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |

"TCP Query User{F7C914CB-9385-460C-B717-A75E99D59E8C}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe |

"UDP Query User{2435F4D0-E038-4541-A699-51DF9409ED80}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe |

"UDP Query User{265F388E-FBC6-4945-BD69-C6E2E21BA5D7}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe |

"UDP Query User{2EB7E5E5-15B1-4890-8B16-7172099A5273}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |

"UDP Query User{652F5584-382A-40AF-AEF3-8C6CDE6194F7}C:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aliens colonial marines\binaries\win32\acm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{016994DE-BD6D-45D2-831A-F71E2AB4DCAB}" = AssinadorRS

"{0357C277-8DF0-4079-8DCD-BDC8B645C3F4}_is1" = Resident Evil Revelations version 5.1

"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club

"{0B5FDC99-E373-4F0F-938D-42AD090BACC0}" = Windows Live UX Platform Language Pack

"{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}" = Intel® Manageability Engine Firmware Recovery Agent

"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery

"{175B4B56-63F1-464E-8286-4309E0A52395}" = Foto-galerija

"{18FE3424-7C22-4EDE-A3FD-414760CC363B}" = Movie Maker

"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack

"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform

"{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver

"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Activision®

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2D598A54-750B-4120-B8AD-ED938F74932C}" = Windows Live Essentials

"{302933F3-E6AD-414D-AB96-A18DBB979B1D}" = Movie Maker

"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common

"{35FA69FA-49DD-4BDF-8140-7DC2C4472C45}" = Fotoğraf Galerisi

"{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1" = Módulo de Segurança - Banco do Brasil

"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder

"{45B29A59-D180-4BFC-A93D-DDD7E65647C8}" = Photo Common

"{46AEE281-3436-46EF-A36D-163F7125A290}" = Galeria de Fotos

"{46B14AF1-EDFA-4088-AB2B-22A8128A1C54}" = Photo Common

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum

"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE

"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions

"{547C128A-691D-4D09-B195-AC5194C07403}" = Windows Live Temel Parçalar

"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

"{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1" = Módulo Adicional de Segurança CAIXA

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker

"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction

"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7AEEF79F-4278-4510-AAD0-23AD14508217}" = Photo Common

"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX

"{803D4B7D-71CD-46B9-8F89-8BFD73920FAF}" = Windows Live UX Platform Language Pack

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}" = Settings

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010

"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component

"{90150000-008C-0416-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component

"{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate

"{93467343-BD37-4643-8A4B-E5463CD9B7E2}" = User Guide

"{959BC6D1-38C8-441F-9466-9ECCD4E68413}" = Galería de fotos

"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth

"{97373E60-D071-418A-87F1-A969EEEEBDAC}" = Windows Live Essentials

"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A15FF85A-065C-4138-A934-113FDF8691EA}" = Windows Live Essentials

"{A48B04B8-12AF-4A71-8B3E-737FDEB0824F}" = S Service

"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Português

"{AEBE7912-AA50-42EB-BBDA-AB352C4D8FAA}" = Movie Maker

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B8FE7CDD-61D0-445D-9209-E809780B51DD}" = 25 to Life

"{B971E050-CFED-4E91-AE96-239F2096CDC0}" = Lost Planet 3

"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform

"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel

"{c9967fbd-e3c3-4ed0-992a-5b33260f2944}" = Software Intel® PROSet/Wireless

"{CE1836A8-3F2B-49BD-8395-93DD414068D2}" = AllSharePlayLink

"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar

"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer

"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker

"{DA06101F-FD76-4BF0-88BD-B26A197005E3}" = SW Update

"{DB5D7E49-A671-4FCD-9708-3B2BC93DA995}" = Windows Live UX Platform Language Pack

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1DA4302-1C06-4533-AF6D-9D68B01FCB34}" = Movie Maker

"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86

"{E3B75D04-2C2B-4423-8800-BF8BF345E504}" = Photo Common

"{E5E19577-2ECC-4C8E-A342-79D160A06097}" = Windows Live UX Platform Language Pack

"{E653AB36-18D7-4FB3-BDAF-024283971050}" = Support Center FAQ

"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader

"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials

"{EDB188F5-D8E8-42EE-89E0-F212DA48CB81}" = Nokia Suite

"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Ajuda

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"«Sleeping Dogs - Limited Edition»_is1" = «Sleeping Dogs - Limited Edition»

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11

"Aliens: Colonial Marines_is1" = Aliens: Colonial Marines

"aTube Catcher" = aTube Catcher

"Deadpool_is1" = Deadpool

"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]

"Freecorder extension for Chrome" = Freecorder extension for Chrome

"Freecorder extension x64" = Freecorder extension x64

"Google Chrome" = Google Chrome

"HaaliMkx" = Haali Media Splitter

"HP Photo Creations" = HP Photo Creations

"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"InstallShield_{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Transformers - War for Cybertron

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"Intel AppUp(SM) center 33070" = Intel AppUp(SM) center

"Mozilla Firefox 24.0 (x86 pt-BR)" = Mozilla Firefox 24.0 (x86 pt-BR)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Nokia PC Suite" = Nokia PC Suite

"Nokia Suite" = Nokia Suite

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"OpenAL" = OpenAL

"Plants vs. Zombies" = Plants vs. Zombies

"PunkBusterSvc" = PunkBuster Services

"RealPlayer 16.0" = RealPlayer

"Rockstar Games Social Club" = Rockstar Games Social Club

"Sniper Elite V2_is1" = Sniper Elite V2

"UnfriendAlerts" = Unfriend Alerts

"uTorrent" = µTorrent

"VirtualCloneDrive" = VirtualCloneDrive

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 04/12/2013 09:05:40 | Computer Name = Juliano | Source = SideBySide | ID = 16842785

Description = Falha na geração de contexto de ativação para "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".

Assembly dependente rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"

não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 04/12/2013 09:22:58 | Computer Name = Juliano | Source = SideBySide | ID = 16842785

Description = Falha na geração de contexto de ativação para "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".

Assembly dependente rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"

não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 04/12/2013 09:26:25 | Computer Name = Juliano | Source = Microsoft-Windows-Defrag | ID = 257

Description =

Error - 04/12/2013 09:29:07 | Computer Name = Juliano | Source = SideBySide | ID = 16842785

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\Nokia\nokia

pc suite 7\TIS_Windows7PIM.dll". Assembly dependente Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 04/12/2013 14:26:48 | Computer Name = Juliano | Source = NvStreamSvc | ID = 131073

Description =

Error - 04/12/2013 14:26:48 | Computer Name = Juliano | Source = NvStreamSvc | ID = 131073

Description =

Error - 04/12/2013 14:37:29 | Computer Name = Juliano | Source = Application Error | ID = 1000

Description = Nome do aplicativo com falha: NvBackend.exe, versão: 10.10.5.1, carimbo

de data/hora: 0x5298c5b1 Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.16408,

carimbo de data/hora: 0x523d45fa Código de exceção: 0xc0000374 Deslocamento da falha:

0x000e2fd8 ID do processo com falha: 0x1290 Hora de início do aplicativo com falha:

0x01cef11e65989b58 Caminho do aplicativo com falha: C:\Program Files (x86)\NVIDIA

Corporation\Update Core\NvBackend.exe Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll

ID

do Relatório: 2069190f-5d13-11e3-bed6-c485089b5a04 Nome completo do pacote com falha:

ID do aplicativo relativo ao pacote com falha:

Error - 04/12/2013 21:32:39 | Computer Name = Juliano | Source = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe | ID = 131073

Description =

Error - 05/12/2013 08:01:39 | Computer Name = Juliano | Source = Office 2013 Licensing Service | ID = 0

Description =

Error - 05/12/2013 08:33:32 | Computer Name = Juliano | Source = Customer Experience Improvement Program | ID = 1008

Description =

[ System Events ]

Error - 04/12/2013 21:26:41 | Computer Name = Juliano | Source = Service Control Manager | ID = 7023

Description = O serviço Gerenciador de conexão de acesso remoto terminou com o erro:

%%87

Error - 04/12/2013 21:28:12 | Computer Name = Juliano | Source = RasMan | ID = 20063

Description = O Gerenciador de conexão de acesso remoto não pôde ser iniciado porque

ocorreu uma falha na inicialização do mecanismo do Protocolo [C:\WINDOWS\system32\rascustom.dll]

. Parâmetro incorreto.

Error - 04/12/2013 21:28:12 | Computer Name = Juliano | Source = Service Control Manager | ID = 7023

Description = O serviço Gerenciador de conexão de acesso remoto terminou com o erro:

%%87

Error - 04/12/2013 21:29:43 | Computer Name = Juliano | Source = RasMan | ID = 20063

Description = O Gerenciador de conexão de acesso remoto não pôde ser iniciado porque

ocorreu uma falha na inicialização do mecanismo do Protocolo [C:\WINDOWS\system32\rascustom.dll]

. Parâmetro incorreto.

Error - 04/12/2013 21:29:43 | Computer Name = Juliano | Source = Service Control Manager | ID = 7023

Description = O serviço Gerenciador de conexão de acesso remoto terminou com o erro:

%%87

Error - 04/12/2013 21:31:14 | Computer Name = Juliano | Source = RasMan | ID = 20063

Description = O Gerenciador de conexão de acesso remoto não pôde ser iniciado porque

ocorreu uma falha na inicialização do mecanismo do Protocolo [C:\WINDOWS\system32\rascustom.dll]

. Parâmetro incorreto.

Error - 04/12/2013 21:31:14 | Computer Name = Juliano | Source = Service Control Manager | ID = 7023

Description = O serviço Gerenciador de conexão de acesso remoto terminou com o erro:

%%87

Error - 04/12/2013 21:32:45 | Computer Name = Juliano | Source = RasMan | ID = 20063

Description = O Gerenciador de conexão de acesso remoto não pôde ser iniciado porque

ocorreu uma falha na inicialização do mecanismo do Protocolo [C:\WINDOWS\system32\rascustom.dll]

. Parâmetro incorreto.

Error - 04/12/2013 21:32:45 | Computer Name = Juliano | Source = Service Control Manager | ID = 7023

Description = O serviço Gerenciador de conexão de acesso remoto terminou com o erro:

%%87

Error - 05/12/2013 08:00:01 | Computer Name = Juliano | Source = DCOM | ID = 10016

Description =

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro foxr

# Etapa nº 1 #

Novamente com o OTL

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

:OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.3.1.22
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.3.1.22
IE - HKLM\..\SearchScopes\{717BBFD1-DAB1-4B78-9E70-EC4985D28522}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes\{EFA27348-E879-4907-9783-B1D0956D3E33}: "URL" = http://www.oquefazernainternet.com/q/{searchTerms}
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "AutoConfigURL" = file://C:\ProgramData\ppctrl.dat
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:862BDB1A

:Commands
[purity]
[emptyflash]
[createrestorepoint]
[emptytemp]

  • Clique no botão 5370056394_358505935a_m.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Poste o conteúdo desse log em sua próxima resposta.
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste mais este log em sua próxima resposta o log gerado.

Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

# Etapa nº 2 #

Faça o download do BankerFix e salve em seu desktop.

  • Importante:A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que precisar antes de executá-la.
  • Clique duas vezes no ícone instalador do BankerFix.
  • Na janela que abrir clique em Executar. Depois clique em Sim.
  • Abrirá uma janela de aviso, certifique que seu computador esteja conectado a Internet. Clique em Ok
  • Vai perceber uma "movimentação" na barra de tarefas... Na janela que abrir em Ok para executar a ferramenta.
  • Abrirá um prompt. Pressione qualquer tecla para continuar.
  • Aguarde...
  • Novamente, pressione qualquer tecla para continuar.
  • Quando terminar, cole o conteúdo do arquivo C:\LinhaDefensiva\relatorio.txt em sua próxima resposta.

Depois de fazer sua resposta você pode apagar a pasta: C:\LinhaDefensiva

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Infelizmente o OTL não rodou com estas configurações e após apertar o botão "Consertar" após dez segundos aparece a mensagem (não está respondendo) após o título do OTL. Desativei o antivirus e o firewall mesmo assim o OTL não rodou com esses códigos, tentei várias vezes. Também tentei baixar o BankerFix, mas a página não abre aparecendo a mesma mensagem que aparece quando não consigo abrir sites dfe bancos "Não foi possível conectar-se ao servidor proxy". Não teria um link alternativo para o BankerFix?

Compartilhar este post


Link para o post
Compartilhar em outros sites

O OTL deu o mesmo problema no modo de segurança e não funcionou.

Seguem os logs do bankerfix:

BankerFix 3.5 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2013-12-07 - 19:35

-------------------------------------------------------

Lista de Definição: 2012-08-22-1 | CORE: 2012-08-22-6

=======================================================

Arquivo infectado detectado: C:\Install.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\Windows\System32\explorer.exe

O arquivo só será removido quando o sistema for reiniciado

----- Fim -------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro foxr

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Executei as etapas 1 e 2. Na etapa 3, o ComboFix não funcionou de nenhuma forma, inclusive em modo de segurança ele não funcionou. Desativei antivírus, firewall, tentei até em modo de compatibilidade, mas sempre aparecia a seguinte mensagem: "ComboFix is not meant to run in "Compatibility Mode". The program shall now exit." e após isso eu apertava em ok e o programa fechava. Lembrando que mesmo eu não executando em modo de compatibilidade esta mensagem aparecia.

Seguem os logs, na ordem o JRT.txt e após do AdwCleaner:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 8.1 Single Language x64

Ran by raposojuliano on 08/12/2013 at 11:16:33,78

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08/12/2013 at 11:24:49,46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.014 - Relatório criado 08/12/2013 às 11:34:27

# Atualizado 01/12/2013 por Xplode

# Sistema Operacional : Windows 8.1 Single Language (64 bits)

# Usuário : raposojuliano - JULIANO

# Executando de : C:\Users\raposojuliano\Desktop\AdwCleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16384

-\\ Mozilla Firefox v24.0 (pt-BR)

[ Arquivo : C:\Users\raposojuliano\AppData\Roaming\Mozilla\Firefox\Profiles\cu2sti8o.default\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ Arquivo : C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8488 octets] - [30/11/2013 15:16:51]

AdwCleaner[R1].txt - [1058 octets] - [08/12/2013 11:33:23]

AdwCleaner[s0].txt - [8338 octets] - [30/11/2013 15:18:24]

AdwCleaner[s1].txt - [978 octets] - [08/12/2013 11:34:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1037 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro foxr

Explicado: Windows 8 ;)

Tente novamente com o OTL, tinha um erro no script, agora creio que vai :)

:OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.3.1.22
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.3.1.22
IE - HKLM\..\SearchScopes\{717BBFD1-DAB1-4B78-9E70-EC4985D28522}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.oquefazernainternet.com/
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes\{EFA27348-E879-4907-9783-B1D0956D3E33}: "URL" = http://www.oquefazernainternet.com/q/{searchTerms}
IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\ProgramData\ppctrl.dat
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:862BDB1A

:Commands
[purity]
[emptyflash]
[createrestorepoint]
[emptytemp]

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem os logs OTL. O primeiro é o do "conserto" e o segundo é da "verificação rápida":

All processes killed

========== OTL ==========

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{717BBFD1-DAB1-4B78-9E70-EC4985D28522}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717BBFD1-DAB1-4B78-9E70-EC4985D28522}\ not found.

HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Microsoft\Internet Explorer\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}\ not found.

Registry key HKEY_USERS\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EFA27348-E879-4907-9783-B1D0956D3E33}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFA27348-E879-4907-9783-B1D0956D3E33}\ not found.

Registry value HKEY_USERS\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.

ADS C:\ProgramData\Temp:862BDB1A deleted successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Default.migrated

User: EasySurvey

User: Public

User: raposojuliano

->Flash cache emptied: 833 bytes

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: EasySurvey

User: Public

User: raposojuliano

->Temp folder emptied: 1619390 bytes

->Temporary Internet Files folder emptied: 5289479 bytes

->Java cache emptied: 984630 bytes

->FireFox cache emptied: 3877893 bytes

->Google Chrome cache emptied: 42843542 bytes

->Flash cache emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1074688 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 29984 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 90764 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 53,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12102013_182818

Files\Folders moved on Reboot...

C:\Users\raposojuliano\AppData\Local\Temp\winstore.log moved successfully.

C:\Users\raposojuliano\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

C:\WINDOWS\temp\FireFly(20131209162418B3C).log moved successfully.

C:\WINDOWS\temp\integratedoffice.exe_c2ruidll(20131209162418B3C).log moved successfully.

C:\WINDOWS\temp\integratedoffice.exe_streamserver(20131209162420B3C).log moved successfully.

File move failed. C:\WINDOWS\temp\ood_stream.x86.pt-br.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 10/12/2013 18:35:44 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\raposojuliano\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16438)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,89 Gb Total Physical Memory | 6,30 Gb Available Physical Memory | 79,87% Memory free

15,89 Gb Paging File | 14,33 Gb Available in Paging File | 90,17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 907,52 Gb Total Space | 563,31 Gb Free Space | 62,07% Space Free | Partition Type: NTFS

Computer Name: JULIANO | User Name: raposojuliano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/05 12:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

PRC - [2013/12/04 11:00:37 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

PRC - [2013/11/29 14:57:02 | 002,273,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

PRC - [2013/11/29 14:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

PRC - [2013/11/12 23:46:10 | 000,194,224 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONENOTEM.EXE

PRC - [2013/11/08 18:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

PRC - [2013/10/23 20:33:38 | 029,770,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/10/21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

PRC - [2013/09/16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2013/09/16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

PRC - [2013/09/16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

PRC - [2013/08/26 14:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2013/08/26 14:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2013/08/07 14:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Arquivos de Programas\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Arquivos de Programas\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2013/07/23 03:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe

PRC - [2013/07/15 12:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2013/05/11 08:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/11 17:41:11 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012/11/30 05:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

PRC - [2012/11/30 05:26:14 | 000,082,312 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

PRC - [2012/11/30 05:26:06 | 002,621,320 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe

PRC - [2012/11/05 20:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2012/08/15 09:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

PRC - [2012/07/13 13:30:09 | 000,155,488 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/12 23:45:38 | 000,316,584 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\appvisvstream32.dll

MOD - [2013/11/12 23:45:36 | 000,359,592 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\c2r32.dll

MOD - [2013/10/23 19:29:06 | 003,558,400 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

MOD - [2013/08/23 17:01:44 | 025,100,288 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\libcef.dll

MOD - [2012/11/30 05:26:20 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll

MOD - [2012/11/30 05:26:08 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll

MOD - [2012/11/30 05:26:00 | 000,103,032 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll

MOD - [2012/11/30 05:26:00 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll

MOD - [2012/07/13 13:30:10 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

MOD - [2012/07/13 13:30:10 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

MOD - [2012/07/13 13:30:09 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

MOD - [2012/07/13 13:30:09 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

MOD - [2012/07/13 13:30:09 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

MOD - [2012/07/13 13:30:09 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

MOD - [2012/07/13 13:30:09 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

MOD - [2012/07/13 13:30:09 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

MOD - [2012/07/13 13:30:08 | 002,281,984 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll

MOD - [2012/07/13 13:30:08 | 000,891,392 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll

MOD - [2012/07/13 13:30:08 | 000,446,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

MOD - [2012/07/13 13:30:08 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll

========== Services (SafeList) ==========

SRV - [2013/12/10 17:57:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/11/29 14:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)

SRV - [2013/11/29 14:56:40 | 015,128,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)

SRV - [2013/10/23 09:06:32 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2013/10/21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService)

SRV - [2013/09/30 02:10:23 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)

SRV - [2013/09/18 22:38:44 | 000,157,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel®

SRV - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)

SRV - [2013/09/16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2013/09/16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2013/09/16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

SRV - [2013/09/11 00:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/09/06 18:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/08/28 16:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV - [2013/08/28 16:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV - [2013/08/28 16:23:40 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2013/08/28 16:23:20 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®

SRV - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV - [2013/08/26 14:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2013/08/26 14:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2013/08/22 10:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2013/08/22 01:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2013/08/22 00:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)

SRV - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2013/07/23 03:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe -- (BBUpdate)

SRV - [2013/07/23 03:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe -- (BBSvc)

SRV - [2013/07/15 12:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2013/05/21 09:14:18 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV - [2013/05/11 08:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/18 12:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/11/30 05:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)

SRV - [2012/11/05 20:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)

SRV - [2012/11/01 05:22:14 | 000,055,120 | ---- | M] (Condusiv Technologies) [Auto | Running] -- C:\Arquivos de Programas\Condusiv Technologies\IntelliMemory\IntelliMem.exe -- (IntelliMemory)

SRV - [2012/09/12 19:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV - [2012/05/22 21:48:42 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)

SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

SRV - [2010/01/09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

========== Driver Services (SafeList) ==========

DRV - [2013/03/01 03:36:26 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com/

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/11 17:41:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/11 17:41:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D}: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2013/11/19 23:19:12 | 000,000,000 | ---D | M]

[2013/09/17 23:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\raposojuliano\AppData\Roaming\mozilla\Extensions

[2013/11/07 17:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\raposojuliano\AppData\Roaming\mozilla\Firefox\Profiles\cu2sti8o.default\extensions

[2013/04/12 03:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013/09/17 23:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2013/09/17 23:50:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?hl=en&q={searchTerms}

CHR - default_search_provider: suggest_url = ,

CHR - homepage: about:blank

CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

CHR - plugin: RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

CHR - plugin: RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

CHR - plugin: RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

CHR - plugin: M\u00F3dulo de Prote\u00E7\u00E3o - Banco do Brasil (Enabled) = C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

CHR - plugin: M\u00F3dulo de Prote\u00E7\u00E3o - Caixa Economica Federal (Enabled) = C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Pesquisa do Google = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: RealDownloader = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\

CHR - Extension: Crackle Brazil = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\lflobbippdgfecmbdgjdejahlimggpef\1.0.0_0\

CHR - Extension: Google Wallet = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

CHR - Extension: GBBD Caixa Economica Federal = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei\3.4.0_0\

CHR - Extension: GBBD Banco do Brasil = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh\3.0.0_0\

CHR - Extension: Gmail = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/07 19:35:50 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Unfriend Alerts) - {C1B5BA5E-CF95-4025-857E-7A76BB455DB1} - C:\Program Files (x86)\UnfriendAlerts\unfriendalerts.dll (Buzzbox Media)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)

O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)

O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat File not found

O4 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)

O4 - Startup: C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk = C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Enviar para o Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm File not found

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 177.84.70.1 177.84.70.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41BF3D00-3C70-47C1-9336-BFB78F8B8295}: DhcpNameServer = 177.84.70.1 177.84.70.4

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files (x86)\GbPlugin\gbiehUni.dll) - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/08 10:57:36 | 005,153,293 | ---- | C] (Swearware) -- C:\Users\raposojuliano\Desktop\ComboFix.exe

[2013/12/08 10:51:54 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\raposojuliano\Desktop\JRT.exe

[2013/12/07 16:08:11 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/12/05 12:55:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

[2013/11/30 16:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2013/11/30 16:47:19 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\Desktop\gmer

[2013/11/28 00:25:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\NV

[2013/11/14 12:16:41 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\Documents\Blocos de Anotações do OneNote

[2013/11/13 21:29:59 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\AppData\Local\NVIDIA Corporation

[2013/04/28 13:09:04 | 006,724,056 | ---- | C] (Absolute Software Corp.) -- C:\Users\raposojuliano\AppData\Roaming\LoJackSetup.exe

[2013/04/11 23:36:40 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/10 18:35:35 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/12/10 18:35:03 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/12/10 18:33:43 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/12/10 18:32:33 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/12/10 18:32:20 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\WINDOWS\SysWow64\drivers\gbpndisrd.sys

[2013/12/10 18:32:20 | 000,010,266 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd.cat

[2013/12/10 18:32:20 | 000,003,641 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd.inf

[2013/12/10 18:32:20 | 000,001,814 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd_m.inf

[2013/12/10 18:32:20 | 000,001,402 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\gas.cer

[2013/12/10 18:31:31 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/12/10 18:31:15 | 2482,388,991 | -HS- | M] () -- C:\hiberfil.sys

[2013/12/10 18:12:52 | 000,015,965 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Porta distintivo.jpg

[2013/12/10 18:05:40 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/12/08 10:58:01 | 005,153,293 | ---- | M] (Swearware) -- C:\Users\raposojuliano\Desktop\ComboFix.exe

[2013/12/08 10:57:06 | 001,110,034 | ---- | M] () -- C:\Users\raposojuliano\Desktop\AdwCleaner.exe

[2013/12/08 10:52:08 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\raposojuliano\Desktop\JRT.exe

[2013/12/05 12:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

[2013/11/30 16:43:42 | 000,368,554 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gmer.zip

[2013/11/28 22:45:01 | 000,011,314 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Comprovante SNT.pdf

[2013/11/28 22:26:05 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0003.pdf

[2013/11/28 22:25:53 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0002.pdf

[2013/11/28 22:25:41 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0001.pdf

[2013/11/18 11:39:58 | 000,051,338 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gabarito1.jpg

[2013/11/18 11:39:44 | 000,060,176 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gabarito.jpg

[2013/11/15 10:31:03 | 000,001,137 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk

[2013/11/15 00:32:54 | 000,031,228 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Exames pré-admissionais.jpg

[2013/11/14 12:18:59 | 000,193,730 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Recibo do Sacado.pdf

[2013/11/14 12:07:25 | 000,061,764 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Pesquisa Social.pdf

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/10 18:11:58 | 000,015,965 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Porta distintivo.jpg

[2013/12/08 10:56:48 | 001,110,034 | ---- | C] () -- C:\Users\raposojuliano\Desktop\AdwCleaner.exe

[2013/12/04 10:31:41 | 000,377,856 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gmer.exe

[2013/11/30 16:43:29 | 000,368,554 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gmer.zip

[2013/11/28 22:45:01 | 000,011,314 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Comprovante SNT.pdf

[2013/11/28 22:26:05 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0003.pdf

[2013/11/28 22:25:52 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0002.pdf

[2013/11/28 22:25:40 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0001.pdf

[2013/11/18 11:39:58 | 000,051,338 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gabarito1.jpg

[2013/11/18 11:39:43 | 000,060,176 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gabarito.jpg

[2013/11/15 00:29:20 | 000,031,228 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Exames pré-admissionais.jpg

[2013/11/14 12:18:58 | 000,193,730 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Recibo do Sacado.pdf

[2013/11/14 12:16:56 | 000,001,137 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk

[2013/11/14 12:07:24 | 000,061,764 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Pesquisa Social.pdf

[2013/11/05 18:12:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2013/11/05 17:00:41 | 001,814,812 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2013/10/01 23:58:29 | 000,107,832 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe

[2013/09/10 02:45:37 | 000,109,696 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyHook64.dll

[2013/09/10 02:45:37 | 000,091,264 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyHook32.dll

[2013/09/09 10:35:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll

[2013/09/09 10:35:08 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll

[2013/09/09 10:35:06 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll

[2013/09/07 02:21:02 | 000,023,233 | -H-- | C] () -- C:\Users\raposojuliano\AppData\Roaming\windows.vbs

[2013/08/22 13:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2013/08/22 13:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2013/08/22 12:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2013/08/22 05:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2013/08/22 01:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2013/08/22 01:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2013/08/21 21:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2013/08/21 21:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2013/08/18 22:25:47 | 000,002,132 | -H-- | C] () -- C:\ProgramData\ppctrl.dat

[2013/08/18 22:25:47 | 000,000,004 | ---- | C] () -- C:\ProgramData\99

[2013/08/18 22:25:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\0

[2013/07/15 21:58:56 | 000,720,082 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins001.exe

[2013/07/15 21:58:56 | 000,011,358 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins001.dat

[2013/07/14 19:47:10 | 002,250,024 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe

[2013/07/07 19:02:51 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2013/06/08 14:34:53 | 000,720,594 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins000.exe

[2013/06/08 14:34:53 | 000,011,613 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins000.dat

[2013/05/14 23:11:56 | 000,007,607 | ---- | C] () -- C:\Users\raposojuliano\AppData\Local\Resmon.ResmonCfg

[2013/05/09 21:15:12 | 000,004,016 | ---- | C] () -- C:\WINDOWS\SysWow64\PsClikSeguro.ini

[2013/05/09 21:15:12 | 000,002,112 | ---- | C] () -- C:\WINDOWS\SysWow64\PsClikSeguroOff.ini

[2013/04/23 16:06:27 | 000,079,360 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll

[2013/04/15 02:28:45 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe

[2013/04/11 23:36:40 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml

[2013/04/11 23:11:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2013/04/11 03:30:05 | 000,013,857 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\AbsoluteReminder.xml

[2013/01/03 19:26:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini

[2012/04/20 02:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/11/05 18:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/11/05 16:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 07:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 00:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 07:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/13 05:34:06 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\DAEMON Tools Lite

[2013/12/10 18:34:52 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Dropbox

[2013/07/07 15:23:02 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Garmin

[2013/05/30 22:48:55 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\GetRightToGo

[2013/07/02 20:42:15 | 000,000,000 | -H-D | M] -- C:\Users\raposojuliano\AppData\Roaming\InstallJammer Registry

[2013/05/12 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\IsolatedStorage

[2013/05/02 23:21:05 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Nokia

[2013/04/16 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\PC Suite

[2013/05/09 21:15:11 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\PSafe

[2013/10/24 18:54:21 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Samsung

[2013/04/11 03:30:12 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Synaptics

[2013/12/09 23:33:28 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro foxr

Novamente com o OTL

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

:OTL
[2013/08/18 22:25:47 | 000,002,132 | -H-- | C] () -- C:\ProgramData\ppctrl.dat
[2013/08/18 22:25:47 | 000,000,004 | ---- | C] () -- C:\ProgramData\99
[2013/08/18 22:25:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\0
[2013/06/08 14:34:53 | 000,720,594 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins000.exe
[2013/06/08 14:34:53 | 000,011,613 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins000.dat
[2013/07/15 21:58:56 | 000,720,082 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins001.exe
[2013/07/15 21:58:56 | 000,011,358 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\unins001.dat

:Commands
[reboot]

  • Clique no botão 5370056394_358505935a_m.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Poste o conteúdo desse log em sua próxima resposta.
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste mais este log em sua próxima resposta o log gerado.

Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Primeiramente gostaria de te agradecer dizendo que após quase quatro meses consigo novamente acessar sites de bancos.

Quanto ao procedimento passado, após clicar em "consertar" aparece uma tela dizendo que precisa ser reiniciado e manda clicar em "OK". Após fazer isso, e o computador reiniciar, não apareceu o log. Mesmo assim, fiz a outra etapa clicando em "Verificação Rápida" e após foram gerados os logs que posto à seguir:

OTL logfile created on: 12/12/2013 19:30:02 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\raposojuliano\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16476)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,89 Gb Total Physical Memory | 6,36 Gb Available Physical Memory | 80,66% Memory free

15,89 Gb Paging File | 14,38 Gb Available in Paging File | 90,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 907,52 Gb Total Space | 561,78 Gb Free Space | 61,90% Space Free | Partition Type: NTFS

Computer Name: JULIANO | User Name: raposojuliano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/05 12:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

PRC - [2013/12/04 11:00:37 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

PRC - [2013/11/29 14:57:02 | 002,273,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

PRC - [2013/11/29 14:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

PRC - [2013/11/12 23:46:10 | 000,194,224 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONENOTEM.EXE

PRC - [2013/11/08 18:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

PRC - [2013/10/23 20:33:38 | 029,770,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/08/26 14:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2013/08/07 14:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Arquivos de Programas\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2013/07/23 03:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe

PRC - [2013/07/15 12:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2013/05/11 08:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/11 17:41:11 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012/11/30 05:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

PRC - [2012/11/30 05:26:14 | 000,082,312 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

PRC - [2012/11/30 05:26:06 | 002,621,320 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe

PRC - [2012/11/05 20:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2012/08/15 09:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

PRC - [2012/07/13 13:30:09 | 000,155,488 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/12 23:45:38 | 000,316,584 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\appvisvstream32.dll

MOD - [2013/11/12 23:45:36 | 000,359,592 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\c2r32.dll

MOD - [2013/10/23 19:29:06 | 003,558,400 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

MOD - [2013/08/23 17:01:44 | 025,100,288 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\libcef.dll

MOD - [2012/11/30 05:26:20 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll

MOD - [2012/11/30 05:26:14 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll

MOD - [2012/11/30 05:26:08 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll

MOD - [2012/11/30 05:26:00 | 000,103,032 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll

MOD - [2012/11/30 05:26:00 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll

MOD - [2012/07/13 13:30:10 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

MOD - [2012/07/13 13:30:10 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

MOD - [2012/07/13 13:30:09 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

MOD - [2012/07/13 13:30:09 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

MOD - [2012/07/13 13:30:09 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

MOD - [2012/07/13 13:30:09 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

MOD - [2012/07/13 13:30:09 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

MOD - [2012/07/13 13:30:09 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

MOD - [2012/07/13 13:30:08 | 002,281,984 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll

MOD - [2012/07/13 13:30:08 | 000,891,392 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll

MOD - [2012/07/13 13:30:08 | 000,446,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

MOD - [2012/07/13 13:30:08 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/10/21 23:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)

SRV:64bit: - [2013/10/19 03:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/10/10 14:23:32 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2013/10/10 08:40:53 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)

SRV:64bit: - [2013/10/04 06:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)

SRV:64bit: - [2013/09/30 02:10:25 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013/09/30 02:10:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)

SRV:64bit: - [2013/09/30 02:10:25 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2013/09/30 02:10:25 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2013/08/22 10:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2013/08/22 09:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)

SRV:64bit: - [2013/08/22 09:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2013/08/22 09:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2013/08/22 09:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2013/08/22 09:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2013/08/22 08:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)

SRV:64bit: - [2013/08/22 08:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2013/08/22 08:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)

SRV:64bit: - [2013/08/22 07:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2013/08/22 07:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013/08/22 07:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)

SRV:64bit: - [2013/08/22 07:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2013/08/22 07:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/08/22 07:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/08/22 07:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)

SRV:64bit: - [2013/08/22 07:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2013/08/22 07:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2013/08/22 07:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013/08/22 07:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/08/22 07:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV - [2013/12/10 17:57:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/11/29 14:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)

SRV - [2013/11/29 14:56:40 | 015,128,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)

SRV - [2013/10/23 09:06:32 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2013/10/21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService)

SRV - [2013/09/30 02:10:23 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)

SRV - [2013/09/18 22:38:44 | 000,157,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel®

SRV - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)

SRV - [2013/09/16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2013/09/16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2013/09/16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

SRV - [2013/09/11 00:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/09/06 18:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/08/28 16:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV - [2013/08/28 16:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV - [2013/08/28 16:23:40 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2013/08/28 16:23:20 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®

SRV - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV - [2013/08/26 14:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2013/08/26 14:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2013/08/22 10:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2013/08/22 01:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2013/08/22 00:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)

SRV - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2013/07/23 03:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe -- (BBUpdate)

SRV - [2013/07/23 03:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe -- (BBSvc)

SRV - [2013/07/15 12:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2013/05/21 09:14:18 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV - [2013/05/11 08:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/18 12:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/11/30 05:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)

SRV - [2012/11/05 20:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)

SRV - [2012/11/01 05:22:14 | 000,055,120 | ---- | M] (Condusiv Technologies) [Auto | Running] -- C:\Arquivos de Programas\Condusiv Technologies\IntelliMemory\IntelliMem.exe -- (IntelliMemory)

SRV - [2012/09/12 19:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV - [2012/05/22 21:48:42 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)

SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

SRV - [2010/01/09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/23 17:26:48 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2013/10/30 15:03:12 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)

DRV:64bit: - [2013/10/13 00:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2013/10/08 22:12:46 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)

DRV:64bit: - [2013/10/08 09:07:14 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)

DRV:64bit: - [2013/10/05 13:25:54 | 000,371,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013/10/05 13:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)

DRV:64bit: - [2013/09/30 02:10:23 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013/09/30 02:10:23 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013/09/30 02:10:23 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2013/09/30 02:10:23 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013/09/30 01:58:52 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2013/09/30 01:58:47 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2013/09/26 07:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2013/09/16 12:20:12 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)

DRV:64bit: - [2013/09/11 10:46:25 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013/09/09 10:41:06 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2013/09/09 10:35:40 | 004,170,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2013/09/05 16:37:40 | 001,390,904 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2013/08/22 20:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2013/08/22 11:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)

DRV:64bit: - [2013/08/22 11:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2013/08/22 10:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)

DRV:64bit: - [2013/08/22 10:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2013/08/22 10:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/08/22 10:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2013/08/22 10:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2013/08/22 10:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2013/08/22 10:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2013/08/22 10:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2013/08/22 10:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2013/08/22 10:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2013/08/22 10:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)

DRV:64bit: - [2013/08/22 10:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)

DRV:64bit: - [2013/08/22 10:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2013/08/22 10:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2013/08/22 10:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)

DRV:64bit: - [2013/08/22 10:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2013/08/22 10:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2013/08/22 10:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2013/08/22 10:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2013/08/22 10:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2013/08/22 10:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2013/08/22 10:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2013/08/22 10:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2013/08/22 10:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2013/08/22 10:43:31 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)

DRV:64bit: - [2013/08/22 10:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/08/22 10:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2013/08/22 10:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2013/08/22 10:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2013/08/22 10:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2013/08/22 10:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)

DRV:64bit: - [2013/08/22 10:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)

DRV:64bit: - [2013/08/22 10:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)

DRV:64bit: - [2013/08/22 10:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2013/08/22 10:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013/08/22 10:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)

DRV:64bit: - [2013/08/22 10:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013/08/22 09:40:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2013/08/22 09:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)

DRV:64bit: - [2013/08/22 09:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2013/08/22 09:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2013/08/22 09:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2013/08/22 09:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2013/08/22 09:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2013/08/22 09:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2013/08/22 09:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/08/22 09:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2013/08/22 09:38:24 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum)

DRV:64bit: - [2013/08/22 09:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2013/08/22 09:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2013/08/22 09:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2013/08/22 09:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2013/08/22 09:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2013/08/22 09:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2013/08/22 09:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/08/22 09:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2013/08/22 09:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2013/08/22 09:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)

DRV:64bit: - [2013/08/22 09:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)

DRV:64bit: - [2013/08/22 09:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)

DRV:64bit: - [2013/08/22 09:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2013/08/22 09:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2013/08/22 09:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2013/08/22 06:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2013/08/12 21:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)

DRV:64bit: - [2013/08/09 22:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)

DRV:64bit: - [2013/08/07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)

DRV:64bit: - [2013/07/30 16:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)

DRV:64bit: - [2013/07/26 15:07:30 | 000,827,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2013/07/25 17:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)

DRV:64bit: - [2013/07/22 18:56:48 | 000,140,600 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2013/05/21 09:14:00 | 000,165,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)

DRV:64bit: - [2013/04/23 13:24:26 | 000,069,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)

DRV:64bit: - [2013/03/10 22:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2013/03/04 10:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2013/01/23 11:31:52 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)

DRV:64bit: - [2013/01/23 11:31:52 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)

DRV:64bit: - [2013/01/23 11:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)

DRV:64bit: - [2013/01/23 11:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2012/11/01 05:22:22 | 000,104,272 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intmsd.sys -- (intmsd)

DRV:64bit: - [2012/11/01 05:22:22 | 000,028,496 | ---- | M] (Condusiv Technologies) [File_System | System | Running] -- C:\Windows\SysNative\drivers\intmfs.sys -- (intmfs)

DRV:64bit: - [2012/10/16 08:02:04 | 000,457,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/10/09 19:48:48 | 000,188,896 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)

DRV:64bit: - [2012/10/09 19:48:48 | 000,047,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub)

DRV:64bit: - [2012/08/09 16:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2012/08/06 01:37:08 | 000,352,456 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)

DRV:64bit: - [2012/07/27 10:00:03 | 000,023,408 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioHIDMini.sys -- (RadioHIDMini)

DRV:64bit: - [2012/06/24 23:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)

DRV - [2013/03/01 03:36:26 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {717BBFD1-DAB1-4B78-9E70-EC4985D28522}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{717BBFD1-DAB1-4B78-9E70-EC4985D28522}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com/

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/11 17:41:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/11 17:41:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D}: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2013/11/19 23:19:12 | 000,000,000 | ---D | M]

[2013/09/17 23:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\raposojuliano\AppData\Roaming\mozilla\Extensions

[2013/11/07 17:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\raposojuliano\AppData\Roaming\mozilla\Firefox\Profiles\cu2sti8o.default\extensions

[2013/04/12 03:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013/09/17 23:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2013/09/17 23:50:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?hl=en&q={searchTerms}

CHR - default_search_provider: suggest_url = ,

CHR - homepage: about:blank

CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

CHR - plugin: RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

CHR - plugin: RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

CHR - plugin: RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

CHR - plugin: M\u00F3dulo de Prote\u00E7\u00E3o - Banco do Brasil (Enabled) = C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

CHR - plugin: M\u00F3dulo de Prote\u00E7\u00E3o - Caixa Economica Federal (Enabled) = C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Pesquisa do Google = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: RealDownloader = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\

CHR - Extension: Crackle Brazil = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\lflobbippdgfecmbdgjdejahlimggpef\1.0.0_0\

CHR - Extension: Google Wallet = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

CHR - Extension: GBBD Caixa Economica Federal = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei\3.4.0_0\

CHR - Extension: GBBD Banco do Brasil = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh\3.0.0_0\

CHR - Extension: Gmail = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/07 19:35:50 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Unfriend Alerts) - {C1B5BA5E-CF95-4025-857E-7A76BB455DB1} - C:\Program Files (x86)\UnfriendAlerts\unfriendalerts.dll (Buzzbox Media)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe (Bitcasa, Inc)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [shadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)

O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)

O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat File not found

O4 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)

O4 - Startup: C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk = C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Enviar para o Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm File not found

O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Enviar para o Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm File not found

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 177.84.70.1 177.84.70.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41BF3D00-3C70-47C1-9336-BFB78F8B8295}: DhcpNameServer = 177.84.70.1 177.84.70.4

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20:64bit: - AppInit_DLLs: (C:\Program Files\NVIDIA) - File not found

O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files (x86)\GbPlugin\gbiehUni.dll) - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)

O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)

O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/10 22:14:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH

[2013/12/08 10:57:36 | 005,153,293 | ---- | C] (Swearware) -- C:\Users\raposojuliano\Desktop\ComboFix.exe

[2013/12/08 10:51:54 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\raposojuliano\Desktop\JRT.exe

[2013/12/07 16:08:11 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/12/05 12:55:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

[2013/11/30 16:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2013/11/30 16:47:19 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\Desktop\gmer

[2013/11/28 00:25:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\NV

[2013/11/28 00:25:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\NV

[2013/11/14 12:16:41 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\Documents\Blocos de Anotações do OneNote

[2013/11/13 21:29:59 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\AppData\Local\NVIDIA Corporation

[2013/04/28 13:09:04 | 006,724,056 | ---- | C] (Absolute Software Corp.) -- C:\Users\raposojuliano\AppData\Roaming\LoJackSetup.exe

[2013/04/11 23:36:40 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/12 19:34:56 | 000,775,938 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0416.dat

[2013/12/12 19:34:56 | 000,723,514 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat

[2013/12/12 19:34:56 | 000,159,030 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0416.dat

[2013/12/12 19:34:56 | 000,136,128 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat

[2013/12/12 19:34:55 | 001,800,588 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI

[2013/12/12 19:30:09 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/12/12 19:29:30 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/12/12 19:28:25 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/12/12 19:26:52 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\WINDOWS\SysWow64\drivers\gbpndisrd.sys

[2013/12/12 19:26:52 | 000,010,266 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd.cat

[2013/12/12 19:26:52 | 000,003,641 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd.inf

[2013/12/12 19:26:52 | 000,001,814 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd_m.inf

[2013/12/12 19:26:52 | 000,001,402 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\gas.cer

[2013/12/12 19:26:15 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/12/12 19:26:11 | 2482,388,991 | -HS- | M] () -- C:\hiberfil.sys

[2013/12/12 19:05:00 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/12/12 18:57:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/12/11 12:53:06 | 003,487,088 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2013/12/10 18:12:52 | 000,015,965 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Porta distintivo.jpg

[2013/12/08 10:58:01 | 005,153,293 | ---- | M] (Swearware) -- C:\Users\raposojuliano\Desktop\ComboFix.exe

[2013/12/08 10:57:06 | 001,110,034 | ---- | M] () -- C:\Users\raposojuliano\Desktop\AdwCleaner.exe

[2013/12/08 10:52:08 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\raposojuliano\Desktop\JRT.exe

[2013/12/05 12:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

[2013/11/30 16:43:42 | 000,368,554 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gmer.zip

[2013/11/28 22:45:01 | 000,011,314 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Comprovante SNT.pdf

[2013/11/28 22:26:05 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0003.pdf

[2013/11/28 22:25:53 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0002.pdf

[2013/11/28 22:25:41 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0001.pdf

[2013/11/26 16:29:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf

[2013/11/23 17:26:48 | 000,023,754 | ---- | M] () -- C:\WINDOWS\SysNative\nvinfo.pb

[2013/11/22 14:28:31 | 003,498,475 | ---- | M] () -- C:\WINDOWS\SysNative\nvcoproc.bin

[2013/11/18 11:39:58 | 000,051,338 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gabarito1.jpg

[2013/11/18 11:39:44 | 000,060,176 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gabarito.jpg

[2013/11/15 10:31:03 | 000,001,137 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk

[2013/11/15 00:32:54 | 000,031,228 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Exames pré-admissionais.jpg

[2013/11/14 12:18:59 | 000,193,730 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Recibo do Sacado.pdf

[2013/11/14 12:07:25 | 000,061,764 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Pesquisa Social.pdf

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/10 18:11:58 | 000,015,965 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Porta distintivo.jpg

[2013/12/08 10:56:48 | 001,110,034 | ---- | C] () -- C:\Users\raposojuliano\Desktop\AdwCleaner.exe

[2013/12/04 10:31:41 | 000,377,856 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gmer.exe

[2013/11/30 16:43:29 | 000,368,554 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gmer.zip

[2013/11/28 22:45:01 | 000,011,314 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Comprovante SNT.pdf

[2013/11/28 22:26:05 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0003.pdf

[2013/11/28 22:25:52 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0002.pdf

[2013/11/28 22:25:40 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0001.pdf

[2013/11/28 00:25:23 | 003,498,475 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin

[2013/11/28 00:21:02 | 000,023,754 | ---- | C] () -- C:\WINDOWS\SysNative\nvinfo.pb

[2013/11/26 16:29:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf

[2013/11/18 11:39:58 | 000,051,338 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gabarito1.jpg

[2013/11/18 11:39:43 | 000,060,176 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gabarito.jpg

[2013/11/15 00:29:20 | 000,031,228 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Exames pré-admissionais.jpg

[2013/11/14 12:18:58 | 000,193,730 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Recibo do Sacado.pdf

[2013/11/14 12:16:56 | 000,001,137 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk

[2013/11/14 12:07:24 | 000,061,764 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Pesquisa Social.pdf

[2013/11/12 22:39:19 | 000,385,528 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml

[2013/11/05 18:12:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2013/11/05 17:00:41 | 001,814,812 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2013/10/01 23:58:29 | 000,107,832 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe

[2013/09/10 02:45:37 | 000,109,696 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyHook64.dll

[2013/09/10 02:45:37 | 000,091,264 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyHook32.dll

[2013/09/09 10:35:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll

[2013/09/09 10:35:08 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll

[2013/09/09 10:35:06 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll

[2013/09/07 02:21:02 | 000,023,233 | -H-- | C] () -- C:\Users\raposojuliano\AppData\Roaming\windows.vbs

[2013/08/22 13:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2013/08/22 13:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2013/08/22 12:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2013/08/22 05:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2013/08/22 01:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2013/08/22 01:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2013/08/21 21:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2013/08/21 21:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2013/07/14 19:47:10 | 002,250,024 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe

[2013/07/07 19:02:51 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2013/05/14 23:11:56 | 000,007,607 | ---- | C] () -- C:\Users\raposojuliano\AppData\Local\Resmon.ResmonCfg

[2013/05/09 21:15:12 | 000,004,016 | ---- | C] () -- C:\WINDOWS\SysWow64\PsClikSeguro.ini

[2013/05/09 21:15:12 | 000,002,112 | ---- | C] () -- C:\WINDOWS\SysWow64\PsClikSeguroOff.ini

[2013/04/23 16:06:27 | 000,079,360 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll

[2013/04/15 02:28:45 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe

[2013/04/11 23:36:40 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml

[2013/04/11 23:11:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2013/04/11 03:30:05 | 000,013,857 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\AbsoluteReminder.xml

[2013/01/03 19:26:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini

[2012/04/20 02:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/11/05 18:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/11/05 16:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 07:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 00:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 07:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/13 05:34:06 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\DAEMON Tools Lite

[2013/12/12 19:29:11 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Dropbox

[2013/07/07 15:23:02 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Garmin

[2013/05/30 22:48:55 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\GetRightToGo

[2013/07/02 20:42:15 | 000,000,000 | -H-D | M] -- C:\Users\raposojuliano\AppData\Roaming\InstallJammer Registry

[2013/05/12 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\IsolatedStorage

[2013/05/02 23:21:05 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Nokia

[2013/04/16 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\PC Suite

[2013/05/09 21:15:11 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\PSafe

[2013/10/24 18:54:21 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Samsung

[2013/04/11 03:30:12 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Synaptics

[2013/12/09 23:33:28 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Primeiramente gostaria de te agradecer dizendo que após quase quatro meses consigo novamente acessar sites de bancos.

Quanto ao procedimento passado, após clicar em "consertar" aparece uma tela dizendo que precisa ser reiniciado e manda clicar em "OK". Após fazer isso, e o computador reiniciar, não apareceu o log. Mesmo assim, fiz a outra etapa clicando em "Verificação Rápida" e após foram gerados os logs que posto à seguir:

OTL logfile created on: 12/12/2013 19:30:02 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\raposojuliano\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16476)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,89 Gb Total Physical Memory | 6,36 Gb Available Physical Memory | 80,66% Memory free

15,89 Gb Paging File | 14,38 Gb Available in Paging File | 90,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 907,52 Gb Total Space | 561,78 Gb Free Space | 61,90% Space Free | Partition Type: NTFS

Computer Name: JULIANO | User Name: raposojuliano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/05 12:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

PRC - [2013/12/04 11:00:37 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

PRC - [2013/11/29 14:57:02 | 002,273,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

PRC - [2013/11/29 14:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

PRC - [2013/11/12 23:46:10 | 000,194,224 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONENOTEM.EXE

PRC - [2013/11/08 18:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

PRC - [2013/10/23 20:33:38 | 029,770,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/08/26 14:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2013/08/07 14:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Arquivos de Programas\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2013/07/23 03:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe

PRC - [2013/07/15 12:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2013/05/11 08:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/11 17:41:11 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012/11/30 05:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

PRC - [2012/11/30 05:26:14 | 000,082,312 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

PRC - [2012/11/30 05:26:06 | 002,621,320 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe

PRC - [2012/11/05 20:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2012/08/15 09:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

PRC - [2012/07/13 13:30:09 | 000,155,488 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/12 23:45:38 | 000,316,584 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\appvisvstream32.dll

MOD - [2013/11/12 23:45:36 | 000,359,592 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\c2r32.dll

MOD - [2013/10/23 19:29:06 | 003,558,400 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

MOD - [2013/08/23 17:01:44 | 025,100,288 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\libcef.dll

MOD - [2012/11/30 05:26:20 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll

MOD - [2012/11/30 05:26:14 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll

MOD - [2012/11/30 05:26:08 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll

MOD - [2012/11/30 05:26:00 | 000,103,032 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll

MOD - [2012/11/30 05:26:00 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll

MOD - [2012/07/13 13:30:10 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

MOD - [2012/07/13 13:30:10 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

MOD - [2012/07/13 13:30:09 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

MOD - [2012/07/13 13:30:09 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

MOD - [2012/07/13 13:30:09 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

MOD - [2012/07/13 13:30:09 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

MOD - [2012/07/13 13:30:09 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

MOD - [2012/07/13 13:30:09 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

MOD - [2012/07/13 13:30:08 | 002,281,984 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll

MOD - [2012/07/13 13:30:08 | 000,891,392 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll

MOD - [2012/07/13 13:30:08 | 000,446,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

MOD - [2012/07/13 13:30:08 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/10/21 23:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)

SRV:64bit: - [2013/10/19 03:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/10/10 14:23:32 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2013/10/10 08:40:53 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)

SRV:64bit: - [2013/10/04 06:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)

SRV:64bit: - [2013/09/30 02:10:25 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013/09/30 02:10:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)

SRV:64bit: - [2013/09/30 02:10:25 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2013/09/30 02:10:25 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2013/08/22 10:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2013/08/22 09:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)

SRV:64bit: - [2013/08/22 09:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2013/08/22 09:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2013/08/22 09:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2013/08/22 09:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2013/08/22 08:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)

SRV:64bit: - [2013/08/22 08:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2013/08/22 08:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)

SRV:64bit: - [2013/08/22 07:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2013/08/22 07:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013/08/22 07:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)

SRV:64bit: - [2013/08/22 07:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2013/08/22 07:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/08/22 07:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/08/22 07:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)

SRV:64bit: - [2013/08/22 07:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2013/08/22 07:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2013/08/22 07:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013/08/22 07:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/08/22 07:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV - [2013/12/10 17:57:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/11/29 14:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)

SRV - [2013/11/29 14:56:40 | 015,128,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)

SRV - [2013/10/23 09:06:32 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2013/10/21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService)

SRV - [2013/09/30 02:10:23 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)

SRV - [2013/09/18 22:38:44 | 000,157,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel®

SRV - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)

SRV - [2013/09/16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2013/09/16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2013/09/16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

SRV - [2013/09/11 00:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/09/06 18:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/08/28 16:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV - [2013/08/28 16:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV - [2013/08/28 16:23:40 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2013/08/28 16:23:20 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®

SRV - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV - [2013/08/26 14:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2013/08/26 14:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2013/08/22 10:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2013/08/22 01:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2013/08/22 00:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)

SRV - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2013/07/23 03:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe -- (BBUpdate)

SRV - [2013/07/23 03:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe -- (BBSvc)

SRV - [2013/07/15 12:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2013/05/21 09:14:18 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV - [2013/05/11 08:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/18 12:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/11/30 05:26:18 | 001,591,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)

SRV - [2012/11/05 20:18:56 | 000,171,664 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)

SRV - [2012/11/01 05:22:14 | 000,055,120 | ---- | M] (Condusiv Technologies) [Auto | Running] -- C:\Arquivos de Programas\Condusiv Technologies\IntelliMemory\IntelliMem.exe -- (IntelliMemory)

SRV - [2012/09/12 19:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV - [2012/05/22 21:48:42 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)

SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

SRV - [2010/01/09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/23 17:26:48 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2013/10/30 15:03:12 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)

DRV:64bit: - [2013/10/13 00:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2013/10/08 22:12:46 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)

DRV:64bit: - [2013/10/08 09:07:14 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)

DRV:64bit: - [2013/10/05 13:25:54 | 000,371,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013/10/05 13:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)

DRV:64bit: - [2013/09/30 02:10:23 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013/09/30 02:10:23 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013/09/30 02:10:23 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2013/09/30 02:10:23 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013/09/30 01:58:52 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2013/09/30 01:58:47 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2013/09/26 07:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2013/09/16 12:20:12 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)

DRV:64bit: - [2013/09/11 10:46:25 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013/09/09 10:41:06 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2013/09/09 10:35:40 | 004,170,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2013/09/05 16:37:40 | 001,390,904 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2013/08/22 20:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2013/08/22 11:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)

DRV:64bit: - [2013/08/22 11:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2013/08/22 10:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)

DRV:64bit: - [2013/08/22 10:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2013/08/22 10:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/08/22 10:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2013/08/22 10:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2013/08/22 10:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2013/08/22 10:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2013/08/22 10:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2013/08/22 10:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2013/08/22 10:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2013/08/22 10:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)

DRV:64bit: - [2013/08/22 10:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)

DRV:64bit: - [2013/08/22 10:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2013/08/22 10:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2013/08/22 10:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)

DRV:64bit: - [2013/08/22 10:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2013/08/22 10:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2013/08/22 10:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2013/08/22 10:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2013/08/22 10:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2013/08/22 10:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2013/08/22 10:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2013/08/22 10:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2013/08/22 10:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2013/08/22 10:43:31 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)

DRV:64bit: - [2013/08/22 10:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/08/22 10:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2013/08/22 10:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2013/08/22 10:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2013/08/22 10:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2013/08/22 10:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)

DRV:64bit: - [2013/08/22 10:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)

DRV:64bit: - [2013/08/22 10:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)

DRV:64bit: - [2013/08/22 10:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2013/08/22 10:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013/08/22 10:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)

DRV:64bit: - [2013/08/22 10:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013/08/22 09:40:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2013/08/22 09:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)

DRV:64bit: - [2013/08/22 09:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2013/08/22 09:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2013/08/22 09:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2013/08/22 09:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2013/08/22 09:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2013/08/22 09:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2013/08/22 09:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/08/22 09:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2013/08/22 09:38:24 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum)

DRV:64bit: - [2013/08/22 09:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2013/08/22 09:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2013/08/22 09:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2013/08/22 09:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2013/08/22 09:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2013/08/22 09:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2013/08/22 09:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/08/22 09:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2013/08/22 09:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2013/08/22 09:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)

DRV:64bit: - [2013/08/22 09:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)

DRV:64bit: - [2013/08/22 09:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)

DRV:64bit: - [2013/08/22 09:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2013/08/22 09:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2013/08/22 09:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2013/08/22 06:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2013/08/12 21:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)

DRV:64bit: - [2013/08/09 22:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)

DRV:64bit: - [2013/08/07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)

DRV:64bit: - [2013/07/30 16:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)

DRV:64bit: - [2013/07/26 15:07:30 | 000,827,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2013/07/25 17:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)

DRV:64bit: - [2013/07/22 18:56:48 | 000,140,600 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2013/05/21 09:14:00 | 000,165,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)

DRV:64bit: - [2013/04/23 13:24:26 | 000,069,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)

DRV:64bit: - [2013/03/10 22:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2013/03/04 10:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2013/01/23 11:31:52 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)

DRV:64bit: - [2013/01/23 11:31:52 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)

DRV:64bit: - [2013/01/23 11:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)

DRV:64bit: - [2013/01/23 11:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2012/11/01 05:22:22 | 000,104,272 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intmsd.sys -- (intmsd)

DRV:64bit: - [2012/11/01 05:22:22 | 000,028,496 | ---- | M] (Condusiv Technologies) [File_System | System | Running] -- C:\Windows\SysNative\drivers\intmfs.sys -- (intmfs)

DRV:64bit: - [2012/10/16 08:02:04 | 000,457,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/10/09 19:48:48 | 000,188,896 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)

DRV:64bit: - [2012/10/09 19:48:48 | 000,047,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub)

DRV:64bit: - [2012/08/09 16:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2012/08/06 01:37:08 | 000,352,456 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)

DRV:64bit: - [2012/07/27 10:00:03 | 000,023,408 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioHIDMini.sys -- (RadioHIDMini)

DRV:64bit: - [2012/06/24 23:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)

DRV - [2013/03/01 03:36:26 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {717BBFD1-DAB1-4B78-9E70-EC4985D28522}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{717BBFD1-DAB1-4B78-9E70-EC4985D28522}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com/

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

IE - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/11 17:41:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/11 17:41:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D}: C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2013/11/19 23:19:12 | 000,000,000 | ---D | M]

[2013/09/17 23:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\raposojuliano\AppData\Roaming\mozilla\Extensions

[2013/11/07 17:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\raposojuliano\AppData\Roaming\mozilla\Firefox\Profiles\cu2sti8o.default\extensions

[2013/04/12 03:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013/09/17 23:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2013/09/17 23:50:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?hl=en&q={searchTerms}

CHR - default_search_provider: suggest_url = ,

CHR - homepage: about:blank

CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

CHR - plugin: RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

CHR - plugin: RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

CHR - plugin: RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

CHR - plugin: M\u00F3dulo de Prote\u00E7\u00E3o - Banco do Brasil (Enabled) = C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

CHR - plugin: M\u00F3dulo de Prote\u00E7\u00E3o - Caixa Economica Federal (Enabled) = C:\Users\raposojuliano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Pesquisa do Google = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: RealDownloader = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\

CHR - Extension: Crackle Brazil = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\lflobbippdgfecmbdgjdejahlimggpef\1.0.0_0\

CHR - Extension: Google Wallet = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

CHR - Extension: GBBD Caixa Economica Federal = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei\3.4.0_0\

CHR - Extension: GBBD Banco do Brasil = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh\3.0.0_0\

CHR - Extension: Gmail = C:\Users\raposojuliano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/07 19:35:50 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Unfriend Alerts) - {C1B5BA5E-CF95-4025-857E-7A76BB455DB1} - C:\Program Files (x86)\UnfriendAlerts\unfriendalerts.dll (Buzzbox Media)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe (Bitcasa, Inc)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [shadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)

O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)

O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat File not found

O4 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)

O4 - Startup: C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\raposojuliano\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk = C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Enviar para o Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm File not found

O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Enviar para o Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm File not found

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)

O15 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 177.84.70.1 177.84.70.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41BF3D00-3C70-47C1-9336-BFB78F8B8295}: DhcpNameServer = 177.84.70.1 177.84.70.4

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20:64bit: - AppInit_DLLs: (C:\Program Files\NVIDIA) - File not found

O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-3040202017-829934666-1125082906-1002 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files (x86)\GbPlugin\gbiehUni.dll) - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)

O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)

O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/10 22:14:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH

[2013/12/08 10:57:36 | 005,153,293 | ---- | C] (Swearware) -- C:\Users\raposojuliano\Desktop\ComboFix.exe

[2013/12/08 10:51:54 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\raposojuliano\Desktop\JRT.exe

[2013/12/07 16:08:11 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/12/05 12:55:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

[2013/11/30 16:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2013/11/30 16:47:19 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\Desktop\gmer

[2013/11/28 00:25:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\NV

[2013/11/28 00:25:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\NV

[2013/11/14 12:16:41 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\Documents\Blocos de Anotações do OneNote

[2013/11/13 21:29:59 | 000,000,000 | ---D | C] -- C:\Users\raposojuliano\AppData\Local\NVIDIA Corporation

[2013/04/28 13:09:04 | 006,724,056 | ---- | C] (Absolute Software Corp.) -- C:\Users\raposojuliano\AppData\Roaming\LoJackSetup.exe

[2013/04/11 23:36:40 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/12 19:34:56 | 000,775,938 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0416.dat

[2013/12/12 19:34:56 | 000,723,514 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat

[2013/12/12 19:34:56 | 000,159,030 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0416.dat

[2013/12/12 19:34:56 | 000,136,128 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat

[2013/12/12 19:34:55 | 001,800,588 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI

[2013/12/12 19:30:09 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/12/12 19:29:30 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/12/12 19:28:25 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/12/12 19:26:52 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\WINDOWS\SysWow64\drivers\gbpndisrd.sys

[2013/12/12 19:26:52 | 000,010,266 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd.cat

[2013/12/12 19:26:52 | 000,003,641 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd.inf

[2013/12/12 19:26:52 | 000,001,814 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\ndisrd_m.inf

[2013/12/12 19:26:52 | 000,001,402 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\gas.cer

[2013/12/12 19:26:15 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/12/12 19:26:11 | 2482,388,991 | -HS- | M] () -- C:\hiberfil.sys

[2013/12/12 19:05:00 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/12/12 18:57:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/12/11 12:53:06 | 003,487,088 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2013/12/10 18:12:52 | 000,015,965 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Porta distintivo.jpg

[2013/12/08 10:58:01 | 005,153,293 | ---- | M] (Swearware) -- C:\Users\raposojuliano\Desktop\ComboFix.exe

[2013/12/08 10:57:06 | 001,110,034 | ---- | M] () -- C:\Users\raposojuliano\Desktop\AdwCleaner.exe

[2013/12/08 10:52:08 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\raposojuliano\Desktop\JRT.exe

[2013/12/05 12:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\raposojuliano\Desktop\OTL.exe

[2013/11/30 16:43:42 | 000,368,554 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gmer.zip

[2013/11/28 22:45:01 | 000,011,314 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Comprovante SNT.pdf

[2013/11/28 22:26:05 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0003.pdf

[2013/11/28 22:25:53 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0002.pdf

[2013/11/28 22:25:41 | 000,643,980 | ---- | M] () -- C:\Users\raposojuliano\Documents\Scan0001.pdf

[2013/11/26 16:29:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf

[2013/11/23 17:26:48 | 000,023,754 | ---- | M] () -- C:\WINDOWS\SysNative\nvinfo.pb

[2013/11/22 14:28:31 | 003,498,475 | ---- | M] () -- C:\WINDOWS\SysNative\nvcoproc.bin

[2013/11/18 11:39:58 | 000,051,338 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gabarito1.jpg

[2013/11/18 11:39:44 | 000,060,176 | ---- | M] () -- C:\Users\raposojuliano\Desktop\gabarito.jpg

[2013/11/15 10:31:03 | 000,001,137 | ---- | M] () -- C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk

[2013/11/15 00:32:54 | 000,031,228 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Exames pré-admissionais.jpg

[2013/11/14 12:18:59 | 000,193,730 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Recibo do Sacado.pdf

[2013/11/14 12:07:25 | 000,061,764 | ---- | M] () -- C:\Users\raposojuliano\Desktop\Pesquisa Social.pdf

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/10 18:11:58 | 000,015,965 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Porta distintivo.jpg

[2013/12/08 10:56:48 | 001,110,034 | ---- | C] () -- C:\Users\raposojuliano\Desktop\AdwCleaner.exe

[2013/12/04 10:31:41 | 000,377,856 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gmer.exe

[2013/11/30 16:43:29 | 000,368,554 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gmer.zip

[2013/11/28 22:45:01 | 000,011,314 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Comprovante SNT.pdf

[2013/11/28 22:26:05 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0003.pdf

[2013/11/28 22:25:52 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0002.pdf

[2013/11/28 22:25:40 | 000,643,980 | ---- | C] () -- C:\Users\raposojuliano\Documents\Scan0001.pdf

[2013/11/28 00:25:23 | 003,498,475 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin

[2013/11/28 00:21:02 | 000,023,754 | ---- | C] () -- C:\WINDOWS\SysNative\nvinfo.pb

[2013/11/26 16:29:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf

[2013/11/18 11:39:58 | 000,051,338 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gabarito1.jpg

[2013/11/18 11:39:43 | 000,060,176 | ---- | C] () -- C:\Users\raposojuliano\Desktop\gabarito.jpg

[2013/11/15 00:29:20 | 000,031,228 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Exames pré-admissionais.jpg

[2013/11/14 12:18:58 | 000,193,730 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Recibo do Sacado.pdf

[2013/11/14 12:16:56 | 000,001,137 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk

[2013/11/14 12:07:24 | 000,061,764 | ---- | C] () -- C:\Users\raposojuliano\Desktop\Pesquisa Social.pdf

[2013/11/12 22:39:19 | 000,385,528 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml

[2013/11/05 18:12:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2013/11/05 17:00:41 | 001,814,812 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2013/10/01 23:58:29 | 000,107,832 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe

[2013/09/10 02:45:37 | 000,109,696 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyHook64.dll

[2013/09/10 02:45:37 | 000,091,264 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyHook32.dll

[2013/09/09 10:35:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll

[2013/09/09 10:35:08 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll

[2013/09/09 10:35:06 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll

[2013/09/07 02:21:02 | 000,023,233 | -H-- | C] () -- C:\Users\raposojuliano\AppData\Roaming\windows.vbs

[2013/08/22 13:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2013/08/22 13:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2013/08/22 12:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2013/08/22 05:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2013/08/22 01:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2013/08/22 01:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2013/08/21 21:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2013/08/21 21:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2013/07/14 19:47:10 | 002,250,024 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe

[2013/07/07 19:02:51 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2013/05/14 23:11:56 | 000,007,607 | ---- | C] () -- C:\Users\raposojuliano\AppData\Local\Resmon.ResmonCfg

[2013/05/09 21:15:12 | 000,004,016 | ---- | C] () -- C:\WINDOWS\SysWow64\PsClikSeguro.ini

[2013/05/09 21:15:12 | 000,002,112 | ---- | C] () -- C:\WINDOWS\SysWow64\PsClikSeguroOff.ini

[2013/04/23 16:06:27 | 000,079,360 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll

[2013/04/15 02:28:45 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe

[2013/04/11 23:36:40 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml

[2013/04/11 23:11:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2013/04/11 03:30:05 | 000,013,857 | ---- | C] () -- C:\Users\raposojuliano\AppData\Roaming\AbsoluteReminder.xml

[2013/01/03 19:26:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini

[2012/04/20 02:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/11/05 18:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/11/05 16:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 07:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 00:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 07:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/13 05:34:06 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\DAEMON Tools Lite

[2013/12/12 19:29:11 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Dropbox

[2013/07/07 15:23:02 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Garmin

[2013/05/30 22:48:55 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\GetRightToGo

[2013/07/02 20:42:15 | 000,000,000 | -H-D | M] -- C:\Users\raposojuliano\AppData\Roaming\InstallJammer Registry

[2013/05/12 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\IsolatedStorage

[2013/05/02 23:21:05 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Nokia

[2013/04/16 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\PC Suite

[2013/05/09 21:15:11 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\PSafe

[2013/10/24 18:54:21 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Samsung

[2013/04/11 03:30:12 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\Synaptics

[2013/12/09 23:33:28 | 000,000,000 | ---D | M] -- C:\Users\raposojuliano\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro foxr

Primeiramente gostaria de te agradecer dizendo que após quase quatro meses consigo novamente acessar sites de bancos.
Que ótimo... boa notícia :)
Após fazer isso, e o computador reiniciar, não apareceu o log.
Não será necessário, foram removidos ;)

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro foxr

Primeiramente gostaria de te agradecer dizendo que após quase quatro meses consigo novamente acessar sites de bancos.
Que ótimo... boa notícia :)
Após fazer isso, e o computador reiniciar, não apareceu o log.
Não será necessário, foram removidos ;)

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mais uma vez muitíssimo obrigado em resolver esse problema, seguem os logs:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.12.13.06

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16476

raposojuliano :: JULIANO [administrador]

13/12/2013 15:35:50

mbam-log-2013-12-13 (15-35-50).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 219255

Tempo decorrido: 8 minuto(s), 30 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 2

C:\Users\raposojuliano\Downloads\aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\raposojuliano\AppData\Roaming\windows.vbs (Trojan.Agent.Gen) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro foxr

# Etapa nº 1 #

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

# Etapa nº 2 #

Faça o download do SecurityCheck e salve em seu Desktop

  • Clique duas vezes no SecurityCheck.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Pressione qualquer tecla para continuar... será aberto um relatório
  • Copie todo seu conteúdo e cole em sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite, quando tento instalar o Kaspersky Version 11 (11.0.0.1245) o computador reinicia e aparece o seguinte erro: ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (93927441.sys). Quando eu tentei instalar a versão mais antiga do Kaspersky Version 10 (9.0.0.722) ele instalou. Posso rodar essa versão? Terei que pedir que me oriente, pois parece um pouco diferente. Eu printei e vou postar:

Kaper_Sky_Version_10_9_0_0_722.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro foxr

Faça o download do SUPERAntiSpyware e salve em seu Desktop

  • Clique duas vezes no SUPERAntiSpyware.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Express Install e depois em Start Trial
  • À direita clique no botão Check for Updates, aguarde e OK
  • Deixe marcado Quick Scan e clique em Scan Your Computer
  • Quando o scan terminar clique em Continue
  • Para remover as ameaças encontradas clique no botão Remove Threats
  • Clique em OK, depois em Finished e View Scan Logs
  • Selecione o log e clique no botão View Selected Log
  • Copie todo seu conteúdo e cole em sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem os Logs:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/18/2013 at 11:33 AM

Application Version : 5.7.1014

Core Rules Database Version : 10931

Trace Rules Database Version: 8743

Scan type : Quick Scan

Total Scan Time : 00:05:31

Operating System Information

64 Edition 64-bit (Build 6.02.9200)

UAC On - Administrator

Memory items scanned : 770

Memory threats detected : 0

Registry items scanned : 58957

Registry threats detected : 0

File items scanned : 12361

File threats detected : 20

Adware.Tracking Cookie

accounts.google.com [ C:\USERS\RAPOSOJULIANO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CU2STI8O.DEFAULT\COOKIES.SQLITE ]

accounts.google.com [ C:\USERS\RAPOSOJULIANO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CU2STI8O.DEFAULT\COOKIES.SQLITE ]

accounts.google.com [ C:\USERS\RAPOSOJULIANO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CU2STI8O.DEFAULT\COOKIES.SQLITE ]

accounts.google.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.c.atdmt.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.c.atdmt.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.doubleclick.net [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.legolas-media.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.legolas-media.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.doubleclick.net [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.bs.serving-sys.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.serving-sys.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ru4.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.ad.mlnadvertising.com [ C:\USERS\RAPOSOJULIANO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×