Ir ao conteúdo
  • Cadastre-se
mod mark h

EXP/JAVA.Rafold.v.Gen

Recommended Posts

olá pessoal tudo bem?? estou com esse virus, um tal de EXP/JAVA.Rafold.v.Gen, bom.. meu pc começa a travar quando eu entro no bittorrent... não consegui postar a log do dds porque meu pc é windows 8 e está dando problema de compatibilidade creio.

aqui vai a log do gmer.

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-02 20:19:57

Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c ST9500325AS rev.0001SDM1 465,76GB

Running: gmer.exe; Driver: C:\Users\GUILHE~1\AppData\Local\Temp\agldapog.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600020de00 15 bytes [00, 8F, 0F, 02, 40, F0, 6F, ...]

.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600020de10 11 bytes [00, DB, FB, FF, 80, C7, D2, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1576] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff2ab3169a 4 bytes [b3, 2A, FF, 7F]

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1576] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff2ab316a2 4 bytes [b3, 2A, FF, 7F]

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1576] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff2ab3181a 4 bytes [b3, 2A, FF, 7F]

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1576] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff2ab31832 4 bytes [b3, 2A, FF, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[1668] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007fff2ab3169a 4 bytes [b3, 2A, FF, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[1668] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007fff2ab316a2 4 bytes [b3, 2A, FF, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[1668] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007fff2ab3181a 4 bytes [b3, 2A, FF, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[1668] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007fff2ab31832 4 bytes [b3, 2A, FF, 7F]

.text C:\WINDOWS\Explorer.EXE[2604] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff2ab3169a 4 bytes [b3, 2A, FF, 7F]

.text C:\WINDOWS\Explorer.EXE[2604] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff2ab316a2 4 bytes [b3, 2A, FF, 7F]

.text C:\WINDOWS\Explorer.EXE[2604] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff2ab3181a 4 bytes [b3, 2A, FF, 7F]

.text C:\WINDOWS\Explorer.EXE[2604] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff2ab31832 4 bytes [b3, 2A, FF, 7F]

.text C:\WINDOWS\Explorer.EXE[2604] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fff16691f6a 4 bytes [69, 16, FF, 7F]

.text C:\WINDOWS\Explorer.EXE[2604] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fff16691f82 4 bytes [69, 16, FF, 7F]

.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3156] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fff16691f6a 4 bytes [69, 16, FF, 7F]

.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3156] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fff16691f82 4 bytes [69, 16, FF, 7F]

.text C:\Windows\System32\igfxpers.exe[3164] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff2ab3169a 4 bytes [b3, 2A, FF, 7F]

.text C:\Windows\System32\igfxpers.exe[3164] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff2ab316a2 4 bytes [b3, 2A, FF, 7F]

.text C:\Windows\System32\igfxpers.exe[3164] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff2ab3181a 4 bytes [b3, 2A, FF, 7F]

.text C:\Windows\System32\igfxpers.exe[3164] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff2ab31832 4 bytes [b3, 2A, FF, 7F]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [584:608] fffff9600083f4d0

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:3592] 000000006ba86db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:3608] 000000006ba86214

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:3600] 0000000065f2f677

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2868] 0000000065f2f677

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2672] 0000000065f2f677

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2968] 000000006ba86db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2908] 000000006ba86db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2532] 000000006ba86db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2536] 000000006ba86db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2540] 000000006ba86db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2528] 000000006ba86db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2696] 000000006ba86db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2724] 000000006ba86db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2500] 000000006ba86db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2376:2492] 000000006ba86db4

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [3944:1924] 0000000074093b3f

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [3944:3796] 0000000074160093

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [3944:3792] 0000000077355658

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [3944:3616] 0000000076728cde

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [3948:2964] 0000000074093b3f

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [3948:1916] 0000000074160093

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [3948:3572] 0000000076728cde

Thread C:\Windows\System32\SettingSyncHost.exe [1608:1104] 00007fff20234b30

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

obrigado!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

opa, tudo bem!! aqui vai a log do gmer novamente, porém a do dds, não consigo rodar o programa! aqui vai uma screenshot do que acontece! obrigado pela atenção amigo.

http://tinypic.com/r/2zzlq91/5

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-04 13:26:27

Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c ST9500325AS rev.0001SDM1 465,76GB

Running: gmer.exe; Driver: C:\Users\GUILHE~1\AppData\Local\Temp\agldapog.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600018ce00 15 bytes [00, 8F, 0F, 02, 40, F0, 6F, ...]

.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600018ce10 11 bytes [00, DB, FB, FF, 80, C7, D2, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1684] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa155d169a 4 bytes [5D, 15, FA, 7F]

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1684] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa155d16a2 4 bytes [5D, 15, FA, 7F]

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1684] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa155d181a 4 bytes [5D, 15, FA, 7F]

.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1684] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa155d1832 4 bytes [5D, 15, FA, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[1756] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffa155d169a 4 bytes [5D, 15, FA, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[1756] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffa155d16a2 4 bytes [5D, 15, FA, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[1756] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffa155d181a 4 bytes [5D, 15, FA, 7F]

.text C:\Program Files\Windows Defender\MsMpEng.exe[1756] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffa155d1832 4 bytes [5D, 15, FA, 7F]

.text C:\WINDOWS\Explorer.EXE[4140] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa155d169a 4 bytes [5D, 15, FA, 7F]

.text C:\WINDOWS\Explorer.EXE[4140] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa155d16a2 4 bytes [5D, 15, FA, 7F]

.text C:\WINDOWS\Explorer.EXE[4140] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa155d181a 4 bytes [5D, 15, FA, 7F]

.text C:\WINDOWS\Explorer.EXE[4140] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa155d1832 4 bytes [5D, 15, FA, 7F]

.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[2172] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffa0ba91f6a 4 bytes [A9, 0B, FA, 7F]

.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[2172] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffa0ba91f82 4 bytes [A9, 0B, FA, 7F]

.text C:\Windows\System32\igfxpers.exe[2684] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa155d169a 4 bytes [5D, 15, FA, 7F]

.text C:\Windows\System32\igfxpers.exe[2684] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa155d16a2 4 bytes [5D, 15, FA, 7F]

.text C:\Windows\System32\igfxpers.exe[2684] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa155d181a 4 bytes [5D, 15, FA, 7F]

.text C:\Windows\System32\igfxpers.exe[2684] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa155d1832 4 bytes [5D, 15, FA, 7F]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [5720:4524] fffff9600087a4d0

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:5656] 000000006b5b6db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:1820] 000000006b5b6214

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:6048] 000000006491f677

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:2796] 000000006491f677

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:4068] 000000006491f677

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:2100] 000000006b5b6db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:5964] 000000006b5b6db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:4112] 000000006b5b6db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:4888] 000000006b5b6db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:3516] 000000006b5b6db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:4316] 000000006b5b6db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:4968] 000000006b5b6db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:3324] 000000006b5b6db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:4872] 000000006b5b6db4

Thread C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816:2868] 000000006b5b6db4

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [3168:3748] 0000000074283b3f

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [3168:492] 0000000074350093

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [3168:4772] 0000000076578cde

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2208:2440] 0000000074283b3f

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2208:3764] 0000000074350093

Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2208:3972] 0000000076578cde

Thread C:\Windows\System32\SettingSyncHost.exe [2852:2672] 00007ffa0e9e641c

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mod mark h

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o donwload do OTL by OldTimer e salve em seu Desktop.

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Deixe a tela principal configurada conforme figura abaixo:

5369448421_6bf795eb1a_b.jpg

  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dl
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
/md5stop

  • Clique no botão 5370056362_e3d07d5d8a_m.jpg
  • Não interrompa o scan em hipótese alguma;
  • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
  • Reinicie o computador;
  • Poste os dois logs em sua próxima resposta.
  • Não exclua o OTL

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

extras.txt

OTL Extras logfile created on: 05/12/2013 12:55:49 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Guilherme franzoi\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16438)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,82 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 39,62% Memory free

5,94 Gb Paging File | 2,74 Gb Available in Paging File | 46,01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,31 Gb Total Space | 50,06 Gb Free Space | 51,44% Space Free | Partition Type: NTFS

Drive E: | 333,17 Gb Total Space | 10,50 Gb Free Space | 3,15% Space Free | Partition Type: NTFS

Computer Name: PCGUI | User Name: Guilherme franzoi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3378564304-719579385-1281128088-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1A7EF243-4B09-4C99-B151-1A3998D9B060}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0038D44A-5187-4734-B3A2-F60E9EDC2A46}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{01204E8A-5880-4C47-8FFE-FAB9E839A4BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |

"{03C5CE02-6364-4BA5-A0D0-AE5A2D0C4FA8}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{0406B43D-1895-4E44-BDFF-5B42EA647287}" = dir=out | name=windows_ie_ac_001 |

"{05A19053-F30C-4023-8FF7-93A8F8A0EDEB}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |

"{06EC34EF-312B-49E8-AD7F-BE6A5CA3D8AE}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

"{077A1FB3-B623-4344-A23B-FDF94F50C194}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |

"{07EA92F2-5E4D-4454-B3F2-185CF0FDFC4A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |

"{08E6F2B5-E4C1-4CFD-8499-A279EC004C0B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |

"{13DC414C-44C7-48B5-BA99-EFE827899392}" = dir=in | name=skype |

"{19AEB393-9375-4125-BCB3-FF35A65874C8}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |

"{1B63F85D-09F6-481E-B264-586698920EFA}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{1CBABCFA-A411-467D-A1A5-584AAD045CCE}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{2030C561-574C-4C83-906D-DAE9ABE72F2C}" = dir=out | name=windows_ie_ac_001 |

"{20BCDCA6-1C77-4A95-8F18-5047F6EF93FB}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |

"{2B5B5C88-D692-4A80-B366-A959CEBC4184}" = dir=out | name=sonicwall mobile connect |

"{2BD46918-AD7E-41E3-AA5D-6323AF3856D2}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |

"{2F1B10AD-35BE-4E3A-A404-E8E7F2903EFA}" = dir=out | name=fresh paint |

"{30C8D432-1275-453A-AB98-71B6CED24967}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{33DD38F0-814E-4B70-9180-7728BD7D37B8}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{342DC5ED-6A8C-40BB-8CD8-F39B2511B41D}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |

"{35B88B65-3118-4F61-A6AA-BF67F8C69BAB}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{39941656-0703-4748-BB20-8CBED44C0745}" = protocol=6 | dir=in | app=c:\users\guilherme franzoi\appdata\roaming\bittorrent\bittorrent.exe |

"{3EFA7E90-CFE2-4C49-832A-1192F4C8DBF2}" = dir=out | name=acer crystal eye |

"{41712013-4B67-4637-8B6B-10D6FAB74E70}" = dir=in | name=acer explorer |

"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |

"{44EEC514-C31C-4C72-8994-43700BE55BDF}" = protocol=17 | dir=in | app=c:\users\guilherme franzoi\appdata\roaming\bittorrent\bittorrent.exe |

"{453382B2-FDCB-42E3-A36F-1617395C6BCD}" = dir=out | name=netflix |

"{4551DA73-674E-4D62-A65E-A06F7155E778}" = dir=out | name=- games app - |

"{464B93EB-0BF3-4DB3-A6B7-81208D814630}" = dir=in | name=letras.mus.br |

"{4D0AB3A4-E092-4625-9A6B-A3F772A013E6}" = dir=out | name=facebook |

"{4E85D26C-BEB2-453A-A944-4964A13D88ED}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.201_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |

"{4ED162EC-BE17-4F2F-A35A-30B4F42DE364}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |

"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |

"{5836EC87-CFCC-4CF5-B7C9-E7059F80FE4E}" = dir=out | name=skype |

"{5AC850EE-4A09-46E6-9B04-E38F09DF59C8}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |

"{5F0A5F95-0277-4FDD-9AAE-929DE912C4B4}" = dir=out | name=check point vpn |

"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |

"{61BD1AF8-8EF2-4D36-ABA9-36E85969C9D6}" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |

"{642A068E-B8A8-4116-8576-E117C17B2733}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |

"{6642A0B1-909D-48F2-9D89-F0B318A1AEE0}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{669E0DD7-5F79-4A9F-A700-CED484C273CA}" = dir=out | name=letras.mus.br |

"{6837C16B-7BAE-447B-937B-F5438370F306}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |

"{6C2CC8B9-9263-4DD0-A426-D722646C9D66}" = dir=out | name=amazon |

"{7687F659-F075-41C0-B19C-73C1DEF2EB84}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{7688CCD0-7E46-4F24-9421-A50432878FF2}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{7CAB310C-19FD-4A7A-8E59-09804459CC79}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20321_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{82D44228-B4F5-468B-8341-1BE6F6F1976F}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |

"{867AEBF0-EEF7-452E-BB68-F76CB75BE5D9}" = dir=out | name=juniper networks junos pulse |

"{886FB174-8073-4EB6-B300-A6F26C97F8F1}" = dir=out | name=social jogger |

"{8A7BE918-BF32-4E2A-BA52-2E143E391568}" = dir=in | app=c:\users\guilherme franzoi\appdata\local\microsoft\skydrive\skydrive.exe |

"{8B115022-3107-4F8A-B139-AB0095FB794B}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |

"{8BF48C6C-543C-4270-B8AE-3688CCBD6474}" = dir=out | name=@{microsoft.zunevideo_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |

"{8D7E6EAF-37A4-433B-B9A7-A018B8599D0E}" = dir=in | name=microsoft mahjong |

"{92881CAB-4E3B-465A-9231-94CA1AA963C1}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |

"{97ED7DF5-0784-48AA-B209-AF9A6A01E0E0}" = dir=out | name=acer explorer |

"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{9EFD4B87-22E5-4CDB-B7D8-53AFE83D4E33}" = dir=out | name=@{microsoft.zunemusic_2.2.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |

"{A6AAFCC9-98AA-405D-A059-2490A926AE15}" = dir=in | name=sonicwall mobile connect |

"{AA7384B7-AB43-4546-BB02-FED8EC921010}" = dir=out | name=microsoft mahjong |

"{ADA8FAFE-1C4B-40EB-951B-0E5F52426C0C}" = dir=out | name=f5 vpn |

"{ADD3607C-4A57-4458-ACD7-20E28EB83805}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |

"{AE9AA772-A190-4444-929E-3DD030944EE0}" = dir=out | name=kindle |

"{B3471FE1-0BAC-4F0C-8962-B2D4831E7D57}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{B8A7ACC5-6D0F-479E-AA7F-767CDDC50209}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{BB0A1346-723A-4688-A3FD-753E3B0B16F8}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |

"{BB7A704C-ECB8-4E6D-B80E-6AFB850160F9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{C5241C7F-22BB-4B7A-BDC4-81019FCE4392}" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |

"{CBC2D017-C387-4F60-B234-051B23C4BF84}" = dir=in | name=f5 vpn |

"{CC2CD0F5-9580-4CE4-85EC-603C35103EA9}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{CE012CA6-FF21-49FC-9733-A52F68815D6F}" = dir=in | name=juniper networks junos pulse |

"{D14E6C87-E59C-465B-AA96-D5457F9A2E29}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

"{D269AB39-2D6F-409F-9672-74FF53D04237}" = dir=out | name=windows_ie_ac_001 |

"{D3F61145-6848-4D5C-98B0-C001E62CE1B0}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{D5BC5157-C3D1-460A-BAFE-8D6D93D850D5}" = dir=in | name=check point vpn |

"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |

"{D7C75160-CC25-4A51-8D38-ED93B8C4E3FF}" = protocol=1 | dir=in | name=hlsw icmp |

"{DA84C9B9-13B3-4541-9B8C-631505848432}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |

"{DFD83CF0-8A38-42A6-8926-9EA86120C96A}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |

"{E17C6FDD-60ED-4DFC-A210-EBFBE6979111}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{E3784BB5-98D2-4A6A-96DB-1B721FC7FAA4}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |

"{E7282547-B147-4FDA-884A-BB1D0DB07395}" = dir=in | app=c:\users\guilherme franzoi\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{E736F919-2374-48D7-B86A-78A881117CDF}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{E767E521-B4D2-4380-90E5-575B77EFC83F}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{EAF2FDAD-E204-4A0B-97CD-89F2959A282D}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |

"{ED5CAF13-34B8-4D87-8037-0117885C5857}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |

"{ED8652D1-0557-4DC0-8363-3EF0BC7D4C73}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |

"{EF272E07-CABD-4FC5-A744-B2EE30340000}" = dir=out | name=newsxpresso |

"{F383F2C5-EE6E-45F9-8188-5FD360BCF280}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |

"{F406009C-F090-4174-B5C8-694E2D0E9DCE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |

"{F7726C0F-6EC8-4BD6-B9A8-3513C09FA288}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |

"{FB2FE311-EF9B-40B1-A70E-162958DA5EE5}" = dir=in | name=newsxpresso |

"{FCAF5163-C062-488C-8F15-C50E4EA6D0FF}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |

"{FFC748E4-2E81-4CFA-9569-E4D235CE783C}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"TCP Query User{05C1DE5D-4BDE-4964-ABA1-C540B6CDBD90}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |

"TCP Query User{955966FD-652C-45C2-88D5-167905246290}E:\cod4mp\call of duty 4 multiplayer\iw3mp.exe" = protocol=6 | dir=in | app=e:\cod4mp\call of duty 4 multiplayer\iw3mp.exe |

"TCP Query User{DA4F0632-69C2-4EBF-99D0-17AEE0BB1276}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |

"UDP Query User{622A598C-E498-4AEC-A372-EFDB78412595}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |

"UDP Query User{A152B549-401C-4D7C-B7A0-A7F1F82A7FA7}E:\cod4mp\call of duty 4 multiplayer\iw3mp.exe" = protocol=17 | dir=in | app=e:\cod4mp\call of duty 4 multiplayer\iw3mp.exe |

"UDP Query User{D1BCBAE2-EA47-4903-982C-36E65E945E45}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management

"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane

"{8215A318-CC27-435E-B3EA-2E3443C8998C}" = Acer Instant Update Service

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component

"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management

"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F0A7DF2F-0BE0-470F-B137-D7A19F977189}" = Broadcom Card Reader Driver Installer

"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client

"CCleaner" = CCleaner

"Elantech" = ETDWare PS/2-X64 11.6.16.003_WHQL

"O365HomePremRetail - pt-br" = Microsoft Office 365 Home Premium - pt-br

"ProPlusRetail - pt-br" = Microsoft Office Professional Plus 2013 - pt-br

"Unlocker" = Unlocker 1.9.2

"VLC media player" = VLC media player 2.2.0-git-20130801-0403

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare 1.3 Patch

"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003

"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program

"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4

"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare 1.4 Patch

"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare 1.1 Patch

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{66A7E313-4DBB-4C05-891F-B792DE2870F3}" = BlueStacks Notification Center

"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in

"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare 1.5 Patch

"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch

"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime

"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component

"{90150000-008C-0416-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4

"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud Portal

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4

"{B5AD89F2-03D3-4206-8487-018298007DD0}" = Acer Photo

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = Acer Docs

"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare 1.2 Patch

"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = Acer Media

"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2

"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package

"Avira AntiVir Desktop" = Avira Free Antivirus

"BlueStacks App Player" = BlueStacks App Player

"BSPlayerp" = BS.Player PRO

"DAEMON Tools Ultra" = DAEMON Tools Ultra

"Dev-C++" = Dev-C++

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVDFab 9_is1" = DVDFab 9.0.5.5 (26/07/2013)

"FormatFactory" = FormatFactory 3.1.1

"Free Audio Editor" = Free Audio Editor

"GeoGebra 4.2" = GeoGebra 4.2

"Google Chrome" = Google Chrome

"HijackThis" = HijackThis 1.99.1

"HLSW_is1" = HLSW v1.4.0.2

"ImgBurn" = ImgBurn

"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare 1.3 Patch

"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare 1.4 Patch

"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare 1.1 Patch

"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch

"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager

"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare 1.2 Patch

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Ferramentas do Visual Studio 2005 para Office Second Edition Runtime

"Mp3tag" = Mp3tag v2.57

"NARA" = Norton Online Backup ARA

"RadioController" = Dritek Radio Controller

"Spotify" = Spotify

"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime

"WinRAR archiver" = WinRAR 4.20 (32-bit)

"XfireCodec" = Xfire Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3378564304-719579385-1281128088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent" = BitTorrent

"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 30/11/2013 13:49:59 | Computer Name = PCGUI | Source = Application Error | ID = 1000

Description = Nome do aplicativo com falha: 5222.exe, versão: 0.0.0.0, carimbo de

data/hora: 0x529a2545 Nome do módulo com falha: 5222.exe, versão: 0.0.0.0, carimbo

de data/hora: 0x529a2545 Código de exceção: 0xc0000094 Deslocamento da falha: 0x00000000000015c4

ID

do processo com falha: 0x1ad0 Hora de início do aplicativo com falha: 0x01ceedf4964e69d8

Caminho

do aplicativo com falha: C:\Users\Guilherme franzoi\SkyDrive\Documents\5222.exe

Caminho

do módulo com falha: C:\Users\Guilherme franzoi\SkyDrive\Documents\5222.exe ID do

Relatório: d4720451-59e7-11e3-be8c-20898405fe30 Nome completo do pacote com falha:

ID do aplicativo relativo ao pacote com falha:

Error - 30/11/2013 20:50:36 | Computer Name = PCGUI | Source = SideBySide | ID = 16842824

Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Acer\Office

Addin 2003\WordAddIn2003.dll.Manifest". Erro no arquivo de manifesto ou de política

C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest", na linha

4. O elemento asmv2:clrClassInvocation aparece como filho do elemento urn:schemas-microsoft-com:asm.v1^entryPoint,

o que não tem suporte nesta versão do Windows.

Error - 30/11/2013 20:50:36 | Computer Name = PCGUI | Source = SideBySide | ID = 16842824

Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Acer\Office

Addin 2003\PowerPointAddIn2003.dll.Manifest". Erro no arquivo de manifesto ou de

política C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest",

na linha 4. O elemento asmv2:clrClassInvocation aparece como filho do elemento urn:schemas-microsoft-com:asm.v1^entryPoint,

o que não tem suporte nesta versão do Windows.

Error - 30/11/2013 20:50:36 | Computer Name = PCGUI | Source = SideBySide | ID = 16842824

Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Acer\Office

Addin 2003\ExcelAddIn2003.dll.Manifest". Erro no arquivo de manifesto ou de política

C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest", na

linha 4. O elemento asmv2:clrClassInvocation aparece como filho do elemento urn:schemas-microsoft-com:asm.v1^entryPoint,

o que não tem suporte nesta versão do Windows.

Error - 01/12/2013 06:43:48 | Computer Name = PCGUI | Source = BstHdAndroidSvc | ID = 0

Description = Serviço não pode ser iniciado. System.ApplicationException: Cannot

start service. Service did not stop gracefully the last time it was run. em

BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 01/12/2013 07:56:18 | Computer Name = PCGUI | Source = BstHdAndroidSvc | ID = 0

Description = Serviço não pode ser iniciado. System.ApplicationException: Cannot

start service. Service did not stop gracefully the last time it was run. em

BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 01/12/2013 11:28:39 | Computer Name = PCGUI | Source = MsiInstaller | ID = 11500

Description =

Error - 01/12/2013 11:54:02 | Computer Name = PCGUI | Source = BstHdAndroidSvc | ID = 0

Description = Serviço não pode ser iniciado. System.ApplicationException: Cannot

start service. Service did not stop gracefully the last time it was run. em

BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 01/12/2013 12:22:59 | Computer Name = PCGUI | Source = BstHdAndroidSvc | ID = 0

Description = Serviço não pode ser iniciado. System.ApplicationException: Cannot

start service. Service did not stop gracefully the last time it was run. em

BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

Error - 01/12/2013 15:01:39 | Computer Name = PCGUI | Source = BstHdAndroidSvc | ID = 0

Description = Serviço não pode ser iniciado. System.ApplicationException: Cannot

start service. Service did not stop gracefully the last time it was run. em

BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object

state)

[ System Events ]

Error - 25/10/2013 12:19:16 | Computer Name = PCGUI | Source = Service Control Manager | ID = 7001

Description = O serviço Wrapper e Mecanismo Mini-Redirecionador do SMB depende do

serviço Subsistema de Buffer Redirecionado, mas não foi possível iniciá-lo devido

ao seguinte erro: %%31

Error - 25/10/2013 12:19:16 | Computer Name = PCGUI | Source = Service Control Manager | ID = 7001

Description = O serviço Mini-Redirecionador do SMB 1.x depende do serviço Wrapper

e Mecanismo Mini-Redirecionador do SMB, mas não foi possível iniciá-lo devido ao

seguinte erro: %%1068

Error - 25/10/2013 12:19:16 | Computer Name = PCGUI | Source = Service Control Manager | ID = 7001

Description = O serviço Mini-Redirecionador do SMB 2.0 depende do serviço Wrapper

e Mecanismo Mini-Redirecionador do SMB, mas não foi possível iniciá-lo devido ao

seguinte erro: %%1068

Error - 25/10/2013 12:19:16 | Computer Name = PCGUI | Source = Service Control Manager | ID = 7001

Description = O serviço Reconhecimento de Locais de Rede depende do serviço Cliente

DHCP, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 25/10/2013 12:19:20 | Computer Name = PCGUI | Source = Service Control Manager | ID = 7001

Description = O serviço Reconhecimento de Locais de Rede depende do serviço Cliente

DHCP, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 25/10/2013 12:19:20 | Computer Name = PCGUI | Source = Service Control Manager | ID = 7001

Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento

de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 25/10/2013 12:19:21 | Computer Name = PCGUI | Source = DCOM | ID = 10005

Description =

Error - 25/10/2013 12:20:41 | Computer Name = PCGUI | Source = DCOM | ID = 10005

Description =

Error - 25/10/2013 12:20:41 | Computer Name = PCGUI | Source = DCOM | ID = 10005

Description =

Error - 25/10/2013 12:21:22 | Computer Name = PCGUI | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço McAfee AP Service devido ao seguinte

erro: %%2

< End of report >

otl.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTL logfile created on: 05/12/2013 17:52:15 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Guilherme franzoi\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16438)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,82 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 49,21% Memory free

5,94 Gb Paging File | 3,13 Gb Available in Paging File | 52,73% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,31 Gb Total Space | 50,01 Gb Free Space | 51,39% Space Free | Partition Type: NTFS

Drive E: | 333,17 Gb Total Space | 10,50 Gb Free Space | 3,15% Space Free | Partition Type: NTFS

Computer Name: PCGUI | User Name: Guilherme franzoi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/05 16:26:28 | 001,751,392 | ---- | M] () -- C:\Program Files (x86)\Google\Update\Install\{50E1A6EA-D6DE-4A48-9D51-C1BD24CFF16D}\31.0.1650.63_31.0.1650.57_chrome_updater.exe

PRC - [2013/12/05 12:53:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Guilherme franzoi\Desktop\OTL.exe

PRC - [2013/11/30 22:29:36 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2013/11/30 22:28:14 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2013/11/30 22:28:11 | 000,683,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2013/11/18 23:07:50 | 000,623,376 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe

PRC - [2013/11/18 23:06:54 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

PRC - [2013/11/15 09:18:36 | 001,210,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\setup.exe

PRC - [2013/11/14 09:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/11/13 13:36:52 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\MSOSYNC.EXE

PRC - [2013/10/17 21:13:11 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/08/22 21:04:22 | 000,025,232 | ---- | M] () -- C:\Arquivos de Programas\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

PRC - [2012/08/22 21:04:20 | 000,044,176 | ---- | M] () -- C:\Arquivos de Programas\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/13 13:21:27 | 000,359,592 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\c2r32.dll

MOD - [2013/11/13 13:21:27 | 000,316,584 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\appvisvstream32.dll

MOD - [2012/08/22 21:04:22 | 000,025,232 | ---- | M] () -- C:\Arquivos de Programas\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

MOD - [2012/08/22 21:04:20 | 000,044,176 | ---- | M] () -- C:\Arquivos de Programas\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

========== Services (SafeList) ==========

SRV:64bit: - [2013/10/21 23:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)

SRV:64bit: - [2013/10/19 03:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/10/10 14:23:32 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2013/10/10 08:40:53 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)

SRV:64bit: - [2013/10/04 06:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)

SRV:64bit: - [2013/09/30 02:10:25 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013/09/30 02:10:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)

SRV:64bit: - [2013/09/30 02:10:25 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2013/09/30 02:10:25 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2013/08/22 10:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2013/08/22 09:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)

SRV:64bit: - [2013/08/22 09:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2013/08/22 09:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2013/08/22 09:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2013/08/22 09:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2013/08/22 08:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2013/08/22 08:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)

SRV:64bit: - [2013/08/22 08:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2013/08/22 08:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)

SRV:64bit: - [2013/08/22 07:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2013/08/22 07:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013/08/22 07:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)

SRV:64bit: - [2013/08/22 07:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2013/08/22 07:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/08/22 07:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/08/22 07:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)

SRV:64bit: - [2013/08/22 07:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2013/08/22 07:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2013/08/22 07:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013/08/22 07:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/08/22 07:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV - [2013/11/30 22:29:36 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2013/11/30 22:28:36 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)

SRV - [2013/11/30 22:28:14 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2013/11/18 23:06:54 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)

SRV - [2013/11/18 23:06:28 | 000,398,096 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)

SRV - [2013/10/03 23:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2013/09/30 02:10:23 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)

SRV - [2013/09/23 12:22:04 | 000,654,552 | ---- | M] (Disc Soft Ltd) [Disabled | Stopped] -- C:\Arquivos de Programas\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)

SRV - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)

SRV - [2013/08/22 10:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2013/08/22 01:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2013/08/22 00:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)

SRV - [2013/07/10 15:41:20 | 002,650,696 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService)

SRV - [2013/04/11 18:04:52 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2013/04/11 17:47:40 | 000,096,880 | ---- | M] (Dritek System INC.) [Disabled | Stopped] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/01/28 15:47:24 | 000,227,456 | ---- | M] (Qualcomm Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe -- (AtherosSvc)

SRV - [2012/12/10 06:39:09 | 000,350,544 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2012/11/16 20:07:20 | 000,469,648 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Arquivos de Programas\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService)

SRV - [2012/11/02 22:36:52 | 000,259,136 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2012/10/23 12:26:26 | 000,658,064 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Arquivos de Programas\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)

SRV - [2012/08/20 17:36:22 | 000,176,640 | ---- | M] (Broadcom Corp.) [Disabled | Stopped] -- C:\Arquivos de Programas\Broadcom\MemoryCard\BrcmCardReader.exe -- (BrcmCardReader)

SRV - [2012/08/15 12:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2012/07/17 22:10:33 | 000,364,416 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/07/17 22:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/07/17 22:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

SRV - [2012/07/12 02:10:24 | 000,174,160 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)

SRV - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel®

Compartilhar este post


Link para o post
Compartilhar em outros sites

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/05 15:59:51 | 000,107,416 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2013/11/30 22:29:55 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2013/11/30 22:29:55 | 000,083,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avnetflt.sys -- (avnetflt)

DRV:64bit: - [2013/11/30 22:29:55 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2013/10/13 00:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2013/10/08 09:07:14 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)

DRV:64bit: - [2013/10/05 13:25:54 | 000,371,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013/10/05 13:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)

DRV:64bit: - [2013/10/03 23:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2013/09/30 02:10:23 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013/09/30 02:10:23 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013/09/30 02:10:23 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2013/09/30 02:10:23 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013/09/30 01:58:52 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2013/09/30 01:58:47 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2013/09/29 17:30:20 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus)

DRV:64bit: - [2013/09/26 07:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2013/09/26 07:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2013/09/11 10:46:25 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013/08/22 11:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)

DRV:64bit: - [2013/08/22 11:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2013/08/22 10:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)

DRV:64bit: - [2013/08/22 10:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2013/08/22 10:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/08/22 10:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2013/08/22 10:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2013/08/22 10:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2013/08/22 10:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2013/08/22 10:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2013/08/22 10:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2013/08/22 10:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2013/08/22 10:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)

DRV:64bit: - [2013/08/22 10:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)

DRV:64bit: - [2013/08/22 10:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2013/08/22 10:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2013/08/22 10:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)

DRV:64bit: - [2013/08/22 10:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2013/08/22 10:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2013/08/22 10:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2013/08/22 10:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2013/08/22 10:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2013/08/22 10:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2013/08/22 10:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2013/08/22 10:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2013/08/22 10:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2013/08/22 10:43:31 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)

DRV:64bit: - [2013/08/22 10:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/08/22 10:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2013/08/22 10:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2013/08/22 10:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2013/08/22 10:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2013/08/22 10:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)

DRV:64bit: - [2013/08/22 10:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)

DRV:64bit: - [2013/08/22 10:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)

DRV:64bit: - [2013/08/22 10:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2013/08/22 10:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013/08/22 10:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)

DRV:64bit: - [2013/08/22 10:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013/08/22 09:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)

DRV:64bit: - [2013/08/22 09:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2013/08/22 09:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2013/08/22 09:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2013/08/22 09:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2013/08/22 09:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2013/08/22 09:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2013/08/22 09:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/08/22 09:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2013/08/22 09:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2013/08/22 09:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2013/08/22 09:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2013/08/22 09:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2013/08/22 09:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2013/08/22 09:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2013/08/22 09:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/08/22 09:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2013/08/22 09:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2013/08/22 09:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)

DRV:64bit: - [2013/08/22 09:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)

DRV:64bit: - [2013/08/22 09:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2013/08/22 09:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2013/08/22 09:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2013/08/22 06:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2013/08/12 21:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)

DRV:64bit: - [2013/08/09 22:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)

DRV:64bit: - [2013/07/30 16:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)

DRV:64bit: - [2013/07/25 17:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)

DRV:64bit: - [2013/06/18 12:45:14 | 000,425,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2013/06/18 12:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)

DRV:64bit: - [2013/04/11 17:47:40 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/12/17 16:55:32 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2012/12/17 16:55:32 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2012/12/17 16:55:32 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2012/11/20 08:48:40 | 000,331,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2012/08/16 14:33:42 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)

DRV:64bit: - [2012/08/14 12:15:36 | 000,070,744 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)

DRV:64bit: - [2012/08/13 11:59:42 | 000,072,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)

DRV:64bit: - [2012/08/13 11:59:42 | 000,021,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)

DRV:64bit: - [2012/07/02 20:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012/06/19 12:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2012/06/18 17:20:52 | 000,055,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)

DRV:64bit: - [2012/05/25 22:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA)

DRV:64bit: - [2010/07/09 01:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2010/04/20 00:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV - [2013/11/18 23:06:44 | 000,077,584 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)

DRV - [2013/03/14 15:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Xfire2\XFDriver64.sys -- (XFDriver64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5E712125-1247-4363-9C6B-804E3CAF1613}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{5E712125-1247-4363-9C6B-804E3CAF1613}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{5E712125-1247-4363-9C6B-804E3CAF1613}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {5E712125-1247-4363-9C6B-804E3CAF1613}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

IE - HKCU\..\SearchScopes\{476AC7E8-A640-4A0D-93C4-2048A285AF0C}: "URL" = http://search.us.com/serp?guid={92EAC795-A755-41F7-8AFD-3F8F19F68926}&action=default_search&serpv=5&k={searchTerms}

IE - HKCU\..\SearchScopes\{FBCA3035-7E25-4986-B9FC-51ED29CE1563}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10671

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

Compartilhar este post


Link para o post
Compartilhar em outros sites

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0-git-20130801-0403: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Guilherme franzoi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

[2013/08/07 21:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: Google Docs = C:\Users\Guilherme franzoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Guilherme franzoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Guilherme franzoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Pesquisa do Google = C:\Users\Guilherme franzoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: AdBlock = C:\Users\Guilherme franzoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\

CHR - Extension: Google Wallet = C:\Users\Guilherme franzoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

CHR - Extension: Outlook.com = C:\Users\Guilherme franzoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\

CHR - Extension: Gmail = C:\Users\Guilherme franzoi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/22 11:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Arquivos de Programas\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)

O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)

O4 - HKLM..\Run: [LManager] File not found

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [RadioController] C:\Program Files (x86)\RadioController\RfBtnHelper.exe (Dritek System Inc.)

O4 - HKCU..\Run: [DAEMON Tools Ultra Agent] C:\Program Files\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)

O4 - HKCU..\Run: [Facebook Update] C:\Users\Guilherme franzoi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [skyDrive] C:\Users\Guilherme franzoi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Atheros Communications)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.9.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A38261C-DE99-4D33-8C63-4051348D4FC7}: DhcpNameServer = 192.168.9.1

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)

NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)

NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)

MsConfig:64bit - State: "services" - Reg Error: Key error.

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.tsc2 - C:\WINDOWS\SysWOW64\tsc2_codec64.dll (TechSmith Corporation)

Drivers32:64bit: vidc.tscc - C:\WINDOWS\SysWOW64\tsccvid64.dll (TechSmith Corporation)

Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\WINDOWS\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.tsc2 - C:\Windows\SysWOW64\tsc2_codec32.dll (TechSmith Corporation)

Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)

Drivers32: VIDC.XFR1 - C:\WINDOWS\SysWow64\xfcodec.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2013/12/05 12:53:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Guilherme franzoi\Desktop\OTL.exe

[2013/12/04 18:07:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/12/03 19:54:42 | 000,360,881 | ---- | C] (Farbar) -- C:\Users\Guilherme franzoi\Desktop\FSS.exe

[2013/12/03 19:54:25 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\Guilherme franzoi\Desktop\MbrScan.exe

[2013/12/03 19:54:18 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\Guilherme franzoi\Desktop\HijackThis.exe

[2013/12/02 20:12:25 | 000,000,000 | ---D | C] -- C:\Users\Guilherme franzoi\Desktop\gmer

[2013/12/02 20:06:08 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Guilherme franzoi\Desktop\dds.scr

[2013/12/02 12:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/12/02 12:49:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys

[2013/12/02 12:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/12/01 19:34:14 | 000,000,000 | ---D | C] -- C:\Users\Guilherme franzoi\AppData\Roaming\TechSmith

[2013/12/01 19:33:19 | 000,000,000 | ---D | C] -- C:\Users\Guilherme franzoi\AppData\Local\TechSmith

[2013/12/01 19:32:30 | 000,000,000 | ---D | C] -- C:\Users\Guilherme franzoi\Documents\Camtasia Studio

[2013/12/01 13:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith

[2013/12/01 13:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2013/12/01 13:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared

[2013/12/01 13:28:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/12/01 13:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith

[2013/12/01 13:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith

[2013/12/01 08:53:07 | 000,000,000 | ---D | C] -- C:\Users\Guilherme franzoi\Desktop\ARQUIVOS

[2013/11/30 13:51:48 | 000,000,000 | ---D | C] -- C:\Users\Guilherme franzoi\Documents\pre

[2013/11/26 21:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks

[2013/11/26 21:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks

[2013/11/26 21:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks

[2013/11/25 20:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup

[2013/11/21 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\Guilherme franzoi\jagexcache

[2013/11/19 22:20:15 | 000,000,000 | ---D | C] -- C:\Users\Guilherme franzoi\AppData\Roaming\Dev-Cpp

[2013/11/19 22:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++

[2013/11/19 22:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dev-Cpp

[2013/11/16 22:28:42 | 002,801,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll

[2013/11/16 22:28:42 | 001,085,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll

[2013/11/16 22:28:42 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll

[2013/11/16 22:28:26 | 018,577,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll

[2013/11/16 22:28:24 | 013,925,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll

[2013/11/16 22:28:23 | 013,176,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll

[2013/11/16 22:28:20 | 011,674,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll

[2013/11/16 22:28:06 | 003,395,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll

[2013/11/16 22:28:01 | 006,639,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll

[2013/11/16 22:28:00 | 007,399,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe

[2013/11/16 22:27:59 | 005,769,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll

[2013/11/16 22:27:57 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll

[2013/11/16 22:27:56 | 004,104,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll

[2013/11/16 22:27:55 | 002,617,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll

[2013/11/16 22:27:55 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll

[2013/11/16 22:27:54 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll

[2013/11/16 22:27:53 | 002,328,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[2013/11/16 22:27:53 | 002,295,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll

[2013/11/16 22:27:53 | 001,231,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll

[2013/11/16 22:27:53 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll

[2013/11/16 22:27:52 | 002,065,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe

[2013/11/16 22:27:52 | 001,584,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\workfolderssvc.dll

[2013/11/16 22:27:51 | 001,067,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll

[2013/11/16 22:27:51 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll

[2013/11/16 22:27:51 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll

[2013/11/16 22:27:50 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll

[2013/11/16 22:27:50 | 000,883,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll

[2013/11/16 22:27:50 | 000,839,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll

[2013/11/16 22:27:50 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll

[2013/11/16 22:27:50 | 000,481,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll

[2013/11/16 22:27:49 | 002,134,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d9.dll

[2013/11/16 22:27:49 | 001,287,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll

[2013/11/16 22:27:49 | 000,699,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10level9.dll

[2013/11/16 22:27:49 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll

[2013/11/16 22:27:49 | 000,380,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll

[2013/11/16 22:27:48 | 004,599,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll

[2013/11/16 22:27:48 | 001,399,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll

[2013/11/16 22:27:48 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Http.dll

[2013/11/16 22:27:47 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll

[2013/11/16 22:27:47 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll

[2013/11/16 22:27:46 | 001,373,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll

[2013/11/16 22:27:46 | 001,011,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWorkspace.dll

[2013/11/16 22:27:46 | 000,708,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iuilp.dll

[2013/11/16 22:27:45 | 000,761,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkfoldersControl.dll

[2013/11/16 22:27:45 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll

[2013/11/16 22:27:45 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppReadiness.dll

[2013/11/16 22:27:44 | 001,204,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll

[2013/11/16 22:27:44 | 000,631,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe

[2013/11/16 22:27:43 | 000,518,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe

[2013/11/16 22:27:43 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapphost.dll

[2013/11/16 22:27:43 | 000,171,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kd_02_8086.dll

[2013/11/16 22:27:43 | 000,031,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ploptin.dll

[2013/11/16 22:27:42 | 000,465,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll

[2013/11/16 22:27:39 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll

[2013/11/16 22:27:39 | 000,391,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsmf.dll

[2013/11/16 22:27:38 | 000,795,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TSWorkspace.dll

[2013/11/16 22:27:38 | 000,558,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apphelp.dll

[2013/11/16 22:27:38 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapp3hst.dll

[2013/11/16 22:27:38 | 000,317,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll

[2013/11/16 22:27:37 | 000,345,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsmf.dll

[2013/11/16 22:27:37 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll

[2013/11/16 22:27:37 | 000,104,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncryptsslp.dll

[2013/11/16 22:27:36 | 000,371,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys

[2013/11/16 22:27:36 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcsvDevice.dll

[2013/11/16 22:27:36 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapphost.dll

[2013/11/16 22:27:36 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msched.dll

[2013/11/16 22:27:36 | 000,088,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptsslp.dll

[2013/11/16 22:27:35 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samsrv.dll

[2013/11/16 22:27:34 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS

[2013/11/16 22:27:34 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafBth.dll

[2013/11/16 22:27:34 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWbPrxy.exe

[2013/11/16 22:27:34 | 000,057,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\stornvme.sys

[2013/11/16 22:27:34 | 000,054,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe

[2013/11/16 22:27:34 | 000,044,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wldp.dll

[2013/11/16 22:27:33 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll

[2013/11/16 22:27:33 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll

[2013/11/16 22:27:33 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll

[2013/11/16 22:27:33 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWfdProvider.dll

[2013/11/16 22:27:33 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shsetup.dll

[2013/11/16 22:27:33 | 000,039,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys

[2013/11/16 22:27:32 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll

[2013/11/16 22:27:32 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappcfg.dll

[2013/11/16 22:27:32 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappcfg.dll

[2013/11/16 22:27:32 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapp3hst.dll

[2013/11/16 22:27:32 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WiFiDisplay.dll

[2013/11/16 22:27:32 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappgnui.dll

[2013/11/16 22:27:32 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\shsetup.dll

[2013/11/16 22:27:32 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappgnui.dll

[2013/11/16 22:27:31 | 001,704,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll

[2013/11/16 22:27:31 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkFoldersShell.dll

[2013/11/16 22:27:31 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ftp.exe

[2013/11/16 22:27:30 | 000,909,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll

[2013/11/16 22:27:30 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpclip.exe

[2013/11/16 22:27:30 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll

[2013/11/16 22:27:30 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

[2013/11/16 22:27:30 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ftp.exe

[2013/11/16 22:27:29 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll

[2013/11/16 22:27:29 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\miutils.dll

[2013/11/16 22:27:28 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\miutils.dll

[2013/11/16 22:27:28 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll

[2013/11/16 22:27:28 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll

[2013/11/15 08:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle

[2013/11/15 08:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013/11/15 08:56:50 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe

[2013/11/15 08:56:44 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe

[2013/11/15 08:56:44 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe

[2013/11/15 08:56:44 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll

[2013/11/15 08:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2013/11/14 11:07:07 | 001,341,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll

[2013/11/14 11:07:06 | 000,136,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys

[2013/11/14 11:07:01 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll

[2013/11/14 11:07:01 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl

[2013/11/14 11:07:01 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl

[2013/11/14 11:07:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe

[2013/11/14 11:07:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe

[2013/11/14 11:06:16 | 001,943,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll

[2013/11/10 18:26:45 | 000,000,000 | ---D | C] -- C:\Users\Guilherme franzoi\AppData\Local\assembly

[2013/11/10 18:26:41 | 000,000,000 | ---D | C] -- C:\Users\Guilherme franzoi\AppData\Local\Deployment

[2013/11/09 22:53:57 | 000,000,000 | ---D | C] -- C:\peanut

[2013/11/09 13:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.2

[2013/11/09 13:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeoGebra 4.2

[1 C:\Users\Guilherme franzoi\*.tmp files -> C:\Users\Guilherme franzoi\*.tmp -> ]

Compartilhar este post


Link para o post
Compartilhar em outros sites

========== Files - Modified Within 30 Days ==========

[2013/12/05 17:18:50 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/12/05 17:18:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/12/05 17:17:49 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/12/05 16:34:04 | 000,000,988 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3378564304-719579385-1281128088-1001UA.job

[2013/12/05 16:34:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3378564304-719579385-1281128088-1001Core.job

[2013/12/05 15:59:51 | 000,107,416 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys

[2013/12/05 13:25:08 | 001,797,166 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI

[2013/12/05 13:25:08 | 000,774,900 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0416.dat

[2013/12/05 13:25:08 | 000,722,476 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat

[2013/12/05 13:25:08 | 000,158,494 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0416.dat

[2013/12/05 13:25:08 | 000,135,592 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat

[2013/12/05 13:20:19 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/12/05 13:20:17 | 3281,010,688 | -HS- | M] () -- C:\hiberfil.sys

[2013/12/05 12:53:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Guilherme franzoi\Desktop\OTL.exe

[2013/12/04 18:07:02 | 001,110,034 | ---- | M] () -- C:\Users\Guilherme franzoi\Desktop\adwcleaner.exe

[2013/12/04 13:21:29 | 001,695,893 | ---- | M] () -- C:\Users\Guilherme franzoi\Desktop\img01.png

[2013/12/03 19:56:43 | 000,000,512 | ---- | M] () -- C:\Users\Guilherme franzoi\Desktop\Dump_Hdd0_DR0.mbr

[2013/12/03 16:18:42 | 000,360,881 | ---- | M] (Farbar) -- C:\Users\Guilherme franzoi\Desktop\FSS.exe

[2013/12/03 16:18:38 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\Guilherme franzoi\Desktop\MbrScan.exe

[2013/12/03 16:18:27 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Users\Guilherme franzoi\Desktop\HijackThis.exe

[2013/12/02 20:07:07 | 000,368,554 | ---- | M] () -- C:\Users\Guilherme franzoi\Desktop\gmer.zip

[2013/12/02 20:05:41 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Guilherme franzoi\Desktop\dds.scr

[2013/12/02 12:49:26 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/12/01 13:29:21 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk

[2013/11/30 22:29:55 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys

[2013/11/30 22:29:55 | 000,083,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys

[2013/11/30 22:29:55 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys

[2013/11/30 13:52:43 | 000,006,163 | ---- | M] () -- C:\Users\Guilherme franzoi\Documents\pre.rar

[2013/11/21 22:39:50 | 000,000,024 | ---- | M] () -- C:\Users\Guilherme franzoi\random.dat

[2013/11/21 22:27:49 | 000,000,056 | ---- | M] () -- C:\Users\Guilherme franzoi\jagex_cl_runescape_LIVE.dat

[2013/11/17 22:43:09 | 000,485,016 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2013/11/07 20:07:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf

[2013/11/05 21:31:26 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

[2013/11/05 21:31:26 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

[1 C:\Users\Guilherme franzoi\*.tmp files -> C:\Users\Guilherme franzoi\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/04 18:07:41 | 001,110,034 | ---- | C] () -- C:\Users\Guilherme franzoi\Desktop\adwcleaner.exe

[2013/12/04 13:21:29 | 001,695,893 | ---- | C] () -- C:\Users\Guilherme franzoi\Desktop\img01.png

[2013/12/03 19:56:13 | 000,000,512 | ---- | C] () -- C:\Users\Guilherme franzoi\Desktop\Dump_Hdd0_DR0.mbr

[2013/12/02 20:07:05 | 000,368,554 | ---- | C] () -- C:\Users\Guilherme franzoi\Desktop\gmer.zip

[2013/12/02 12:49:26 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/12/01 13:29:21 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk

[2013/11/30 13:52:43 | 000,006,163 | ---- | C] () -- C:\Users\Guilherme franzoi\Documents\pre.rar

[2013/11/22 10:41:50 | 000,002,506 | ---- | C] () -- C:\Users\Guilherme franzoi\Documents\ESTRUTURA SELEÇÃO EX 06 - Num inteiros menores que zero e maiores que zero.alg

[2013/11/21 22:27:49 | 000,000,056 | ---- | C] () -- C:\Users\Guilherme franzoi\jagex_cl_runescape_LIVE.dat

[2013/11/21 22:27:49 | 000,000,024 | ---- | C] () -- C:\Users\Guilherme franzoi\random.dat

[2013/11/16 22:27:33 | 000,385,528 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml

[2013/11/07 20:07:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf

[2013/10/03 23:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll

[2013/10/03 23:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll

[2013/10/03 23:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll

[2013/10/02 23:51:21 | 000,000,331 | ---- | C] () -- C:\WINDOWS\game.ini

[2013/09/28 18:09:14 | 000,281,768 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe

[2013/09/28 18:08:25 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe

[2013/08/22 13:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2013/08/22 13:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2013/08/22 12:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2013/08/22 05:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2013/08/22 01:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2013/08/22 01:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2013/08/21 21:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2013/08/21 21:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2013/08/04 10:41:49 | 004,047,024 | ---- | C] () -- C:\WINDOWS\SysWow64\SpoonUninstall.exe

[2013/04/11 17:50:51 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2012/12/28 19:04:22 | 000,036,352 | ---- | C] () -- C:\WINDOWS\SysWow64\xfcodec.dll

[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/11/05 18:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/11/05 16:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 07:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 00:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 07:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/26 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\acer

[2013/12/02 19:45:04 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\BitTorrent

[2013/11/02 16:10:08 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\BSplayer PRO

[2013/09/29 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\DAEMON Tools Ultra

[2013/08/14 19:42:55 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\dBpoweramp

[2013/11/22 13:16:29 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\Dev-Cpp

[2013/11/28 23:27:05 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\DMCache

[2013/08/03 09:54:53 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\DVDFab9

[2013/09/27 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\Free Audio Editor

[2013/12/05 17:08:54 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\HLSW

[2013/12/01 12:41:21 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\IDM

[2013/08/19 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\ImgBurn

[2013/07/26 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\lm

[2013/08/14 14:14:59 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\Mp3tag

[2013/07/26 15:26:08 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\SpinTop Games

[2013/12/01 19:34:14 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\TechSmith

[2013/08/03 09:33:33 | 000,000,000 | ---D | M] -- C:\Users\Guilherme franzoi\AppData\Roaming\WildTangent

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\system32\drivers\*.* /90 >

< %userprofile%\*.* >

[2013/11/21 22:27:49 | 000,000,056 | ---- | M] () -- C:\Users\Guilherme franzoi\jagex_cl_runescape_LIVE.dat

[2013/12/05 17:09:48 | 004,718,592 | -HS- | M] () -- C:\Users\Guilherme franzoi\NTUSER.DAT

[2013/11/02 16:32:49 | 000,897,024 | -HS- | M] () -- C:\Users\Guilherme franzoi\ntuser.dat.LOG1

[2013/11/02 16:32:49 | 002,764,800 | -HS- | M] () -- C:\Users\Guilherme franzoi\ntuser.dat.LOG2

[2013/11/02 16:32:49 | 000,065,536 | -HS- | M] () -- C:\Users\Guilherme franzoi\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TM.blf

[2013/11/02 16:32:49 | 000,524,288 | -HS- | M] () -- C:\Users\Guilherme franzoi\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000001.regtrans-ms

[2013/11/02 16:32:49 | 000,524,288 | -HS- | M] () -- C:\Users\Guilherme franzoi\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000002.regtrans-ms

[2013/11/02 16:51:10 | 000,000,020 | -HS- | M] () -- C:\Users\Guilherme franzoi\ntuser.ini

[2013/11/21 22:39:50 | 000,000,024 | ---- | M] () -- C:\Users\Guilherme franzoi\random.dat

[1 C:\Users\Guilherme franzoi\*.tmp files -> C:\Users\Guilherme franzoi\*.tmp -> ]

< %SYSTEMDRIVE%\*.* >

[2013/06/18 10:18:29 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT

[2013/12/05 13:20:17 | 3281,010,688 | -HS- | M] () -- C:\hiberfil.sys

[2013/12/05 13:20:19 | 2281,701,376 | -HS- | M] () -- C:\pagefile.sys

[2013/12/05 13:20:19 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

< %PROGRAMFILES%\*.* >

[2013/08/22 13:34:52 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %ALLUSERSPROFILE%\*.* >

[2013/04/11 17:50:51 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2013/08/22 13:34:52 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %PROGRAMFILES%\Internet Explorer\*.* >

[2013/08/22 01:26:00 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\DiagnosticsTap.dll

[2013/08/22 01:51:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe

[2013/09/30 02:10:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\F12Tools.dll

[2013/08/22 01:48:01 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\hmmapi.dll

[2013/06/18 10:22:11 | 000,002,843 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc

[2013/08/22 02:46:11 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

[2013/08/22 01:12:32 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

[2013/08/22 01:44:25 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe

[2013/09/30 02:10:35 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll

[2013/09/30 02:10:35 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll

[2013/08/22 03:20:05 | 000,805,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

[2013/08/22 01:16:23 | 000,438,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll

[2013/08/22 01:17:13 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll

[2013/08/22 01:28:46 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll

[2013/08/22 01:16:40 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll

[2013/07/26 15:02:22 | 000,312,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll

[2013/08/22 01:08:05 | 000,999,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll

[2013/07/26 15:02:22 | 000,410,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll

[2013/07/26 15:02:22 | 000,097,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll

[2013/08/22 01:43:57 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >

"Conexão de Banda Larga" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

"DefaultConnectionSettings" = 46 00 00 00 11 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 09 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data over 200 bytes]

"SavedLegacySettings" = 46 00 00 00 69 09 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 09 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data over 200 bytes]

========== Files - Unicode (All) ==========

[2013/11/30 22:30:32 | 105,070,662 | ---- | M] ()(C:\WINDOWS\SysWow64\????) -- C:\WINDOWS\SysWow64\忰ﳖ侄쬀

[2013/11/22 21:43:36 | 105,070,662 | ---- | C] ()(C:\WINDOWS\SysWow64\????) -- C:\WINDOWS\SysWow64\忰ﳖ侄쬀

[2013/10/28 20:38:21 | 103,792,972 | ---- | M] ()(C:\WINDOWS\SysWow64\?????) -- C:\WINDOWS\SysWow64\᯾盵鵸ĸ߿

[2013/10/27 14:41:39 | 103,792,972 | ---- | C] ()(C:\WINDOWS\SysWow64\?????) -- C:\WINDOWS\SysWow64\᯾盵鵸ĸ߿

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Guilherme franzoi\SkyDrive:ms-properties

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você acabou de ser ajudado no fórum Linha Defensiva, o log de cima é deles e de acordo com nossas regras:

Não crie tópicos em diferentes Fóruns! Com isso, estará desperdiçando tempo valioso de vários Analistas. Caso tenha tópicos em diferentes Fóruns para remoção de malware, escolha apenas um e avise nos demais que já está sendo auxiliado.

http://forum.clubedohardware.com.br/leia-antes-postar/597599

Seu tópico no LD: http://www.linhadefensiva.org/forum/topic/155323-remo%C3%A7%C3%A3o-expjavarafoldvgen/

Portanto, seu tópico será trancado.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×