Untitled

OTL logfile created on: 03/12/2015 22:55:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gabriel\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18098)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 4,45 Gb Available Physical Memory | 74,10% Memory free
12,00 Gb Paging File | 10,31 Gb Available in Paging File | 85,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 253,73 Gb Free Space | 54,48% Space Free | Partition Type: NTFS
Drive D: | 74,56 Gb Total Space | 74,46 Gb Free Space | 99,87% Space Free | Partition Type: NTFS

Computer Name: GABRIEL-PC | User Name: Gabriel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/12/03 22:52:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gabriel\Downloads\OTL.exe
PRC - [2015/11/30 08:50:42 | 006,887,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2014/03/17 04:36:55 | 000,795,672 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
PRC - [2012/02/13 22:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/03/17 04:38:34 | 000,866,056 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD14\common\UNO\UNO.dll
MOD - [2014/03/17 04:38:03 | 000,043,784 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DHProcedure\DHProcedure.dll
MOD - [2013/12/10 05:39:42 | 000,721,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd
MOD - [2013/12/10 05:39:42 | 000,285,184 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd
MOD - [2013/12/10 05:39:42 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd
MOD - [2013/12/10 05:39:42 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_socket.pyd


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2015/07/22 11:52:08 | 001,633,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2015/07/16 16:58:34 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2015/05/30 17:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2015/05/12 11:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2015/05/07 13:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2015/02/20 21:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2014/10/31 02:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/10/29 02:09:06 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:[b]64bit:[/b] - [2014/10/29 01:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/10/29 00:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2014/10/29 00:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2014/10/29 00:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2014/10/29 00:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2014/10/29 00:30:35 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2014/10/29 00:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2014/10/28 23:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2014/10/28 23:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2014/10/28 23:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2014/10/28 23:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2014/10/28 23:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2014/10/28 23:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2014/10/28 23:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2014/10/28 23:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2014/10/28 23:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2014/10/28 23:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2014/10/28 23:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/10/28 23:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2014/10/28 23:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/28 23:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2014/10/28 23:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/10/28 23:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2014/10/28 23:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/10/28 23:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2014/10/28 23:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/10/28 23:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/10/28 23:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/10/28 23:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2014/10/28 22:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2014/10/28 22:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/10/28 22:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2013/08/22 10:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/11/30 08:50:42 | 006,887,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2015/11/28 00:44:24 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/11/17 23:23:28 | 000,169,128 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/06/26 09:02:56 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.11.149\McCHSvc.exe -- (McComponentHostService)
SRV - [2015/06/10 10:11:26 | 000,155,520 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2015/05/07 13:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/10/28 23:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/28 23:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/22 10:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/10/04 13:07:17 | 006,371,192 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2012/02/13 22:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe -- (BBUpdate)
SRV - [2012/02/13 22:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe -- (BBSvc)
SRV - [2010/01/09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009/06/11 03:59:58 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Arquivos de Programas\IDT\v114_ECS_D_6207.2V7_6099.8xp_G2.0V_RC_SDC\WDM\stacsv64.exe -- (STacSV)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/11/30 23:46:29 | 000,030,848 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:[b]64bit:[/b] - [2015/09/29 10:24:42 | 000,155,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2015/04/16 04:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2015/03/19 23:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2015/03/17 15:26:06 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2015/03/13 02:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2015/03/09 00:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2015/03/09 00:02:45 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2015/03/04 08:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2014/11/10 16:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/10/29 01:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/10/29 01:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/10/29 01:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/10/29 00:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2014/10/29 00:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2014/10/29 00:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/10/29 00:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2014/10/29 00:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2014/10/15 06:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/10/13 00:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/10/13 00:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/10/07 04:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/10/07 04:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2014/08/14 22:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/03/13 10:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/02/22 13:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/02/22 10:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2013/10/25 23:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2013/10/05 13:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2013/09/14 12:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2013/08/22 20:59:47 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:[b]64bit:[/b] - [2013/08/22 20:59:39 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2013/08/22 20:59:39 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:[b]64bit:[/b] - [2013/08/22 20:59:39 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:[b]64bit:[/b] - [2013/08/22 20:59:39 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2013/08/22 11:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 11:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 10:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 10:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 10:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 10:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 10:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 10:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2013/08/22 10:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2013/08/22 10:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2013/08/22 09:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 09:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 09:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 09:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 09:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 09:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 09:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 09:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 09:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 09:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 09:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 09:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 09:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 09:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 09:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 06:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/12 21:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/09 22:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/30 16:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/25 17:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/06/18 12:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2012/12/05 22:57:40 | 001,578,128 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTWlanU.sys -- (RtlWlanu)
DRV:[b]64bit:[/b] - [2012/05/12 13:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:[b]64bit:[/b] - [2011/12/07 20:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2011/11/25 22:04:40 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:[b]64bit:[/b] - [2011/11/25 22:04:40 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:[b]64bit:[/b] - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:[b]64bit:[/b] - [2011/03/04 13:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:[b]64bit:[/b] - [2011/03/04 13:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:[b]64bit:[/b] - [2010/12/16 12:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2010/06/17 18:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:[b]64bit:[/b] - [2010/03/30 09:48:34 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:[b]64bit:[/b] - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:[b]64bit:[/b] - [2009/06/11 03:59:58 | 000,485,888 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV - [2014/03/17 01:10:00 | 000,032,456 | ---- | M] (CyberLink Corp.) [2015/10/01 23:11:27] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl -- ({C5F942FD-1110-4664-86CE-0C6BDA305235})
DRV - [2013/11/21 11:22:10 | 000,115,448 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2012/12/29 18:59:38 | 000,028,664 | ---- | M] (Almico Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 2B 62 B3 48 13 D1 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "BR"
FF - prefs.js..browser.search.region: "BR"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.3
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox Developer Edition 44.0a2\extensions\\Components: C:\PROGRAM FILES\FIREFOX DEVELOPER EDITION\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox Developer Edition 44.0a2\extensions\\Plugins: C:\PROGRAM FILES\FIREFOX DEVELOPER EDITION\PLUGINS
FF - HKEY_CURRENT_USER\software\mozilla\Firefox Developer Edition 44.0a2\extensions\\Components: C:\Program Files\Firefox Developer Edition\components
FF - HKEY_CURRENT_USER\software\mozilla\Firefox Developer Edition 44.0a2\extensions\\Plugins: C:\Program Files\Firefox Developer Edition\plugins

[2015/09/18 17:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriel\AppData\Roaming\mozilla\Extensions
[2015/11/30 23:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriel\AppData\Roaming\mozilla\Firefox\Profiles\0u7utikd.dev-edition-default\extensions

[color=#E56717]========== Chrome  ==========[/color]

CHR - Extension: No name found = C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.9.4_0\
CHR - Extension: No name found = C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\deniojjaaghemnlplaehonnpkbemehkh\1.2.1_0\
CHR - Extension: No name found = C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_1\
CHR - Extension: No name found = C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2015/12/01 20:12:35 | 000,000,753 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O4:[b]64bit:[/b] - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Arquivos de Programas\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [PowerDVD14Agent] C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Unified Remote V3] C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC5A1BC-13EC-467F-91EE-9B44877FFF5F}: DhcpNameServer = 8.8.8.8 8.8.4.4 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC5A1BC-13EC-467F-91EE-9B44877FFF5F}: NameServer = 8.8.8.8,8.8.4.4,192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABED063E-4BD2-4B6C-9A4E-94CFC4B4AD71}: DhcpNameServer = 192.168.1.1 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /k:E *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:[b]64bit:[/b] lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] MsKeyboardFilter - C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/12/03 21:00:32 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\VS Revo Group
[2015/12/03 21:00:30 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\WINDOWS\SysNative\drivers\revoflt.sys
[2015/12/03 21:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2015/12/03 21:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2015/12/03 21:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2015/12/03 16:28:10 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Roaming\TeamViewer
[2015/12/03 16:28:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2015/12/02 22:59:21 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\subinacl.exe
[2015/12/02 22:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adware Removal Tool by TSA
[2015/12/02 20:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2015/12/02 00:53:34 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\Documents\Nova pasta (5)
[2015/12/02 00:46:58 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\Documents\Nova pasta (4)
[2015/12/02 00:00:58 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\.android
[2015/12/01 20:33:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/12/01 20:23:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2015/12/01 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\Temp
[2015/12/01 20:11:06 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2015/12/01 19:40:17 | 000,000,000 | ---D | C] -- C:\FRST
[2015/12/01 00:34:15 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\SysNative\bootdelete.exe
[2015/12/01 00:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/11/30 23:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015/11/29 21:16:35 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Roaming\Audacity
[2015/11/29 21:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2015/11/27 23:27:30 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Roaming\Opera Software
[2015/11/27 23:27:30 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\Opera Software
[2015/11/27 23:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2015/11/26 16:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lazesoft Recovery Suite
[2015/11/25 20:06:45 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
[2015/11/25 19:19:58 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\http___www.julien-manici
[2015/11/25 01:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2015/11/25 01:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2015/11/25 01:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2015/11/25 00:09:24 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\.swt
[2015/11/25 00:09:24 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\.oracle_jre_usage
[2015/11/25 00:09:24 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\.flashTool
[2015/11/25 00:09:12 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Roaming\ADBDriverInstaller
[2015/11/25 00:06:54 | 000,000,000 | ---D | C] -- C:\Flashtool
[2015/11/24 19:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2015/11/24 19:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2015/11/17 23:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Firefox Developer Edition
[2015/11/17 19:04:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\DRVSTORE
[2015/11/17 19:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2015/11/17 16:35:35 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\NeoSmart_Technologies
[2015/11/17 16:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
[2015/11/17 16:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2015/11/11 13:32:26 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2015/11/11 13:32:26 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll
[2015/11/11 13:32:26 | 000,397,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcryptprimitives.dll
[2015/11/11 13:32:26 | 000,340,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bcryptprimitives.dll
[2015/11/11 13:32:26 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll
[2015/11/11 13:32:26 | 000,137,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncrypt.dll
[2015/11/11 13:32:26 | 000,106,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncryptsslp.dll
[2015/11/11 13:32:26 | 000,091,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptsslp.dll
[2015/11/11 13:32:25 | 007,455,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2015/11/11 13:32:25 | 001,659,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2015/11/11 13:32:25 | 001,519,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2015/11/11 13:32:25 | 001,487,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2015/11/11 13:32:25 | 001,355,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2015/11/11 13:32:25 | 000,558,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\untfs.dll
[2015/11/11 13:32:25 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\untfs.dll
[2015/11/11 13:32:25 | 000,183,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AuthHost.exe
[2015/11/11 13:32:24 | 001,380,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2015/11/11 13:32:24 | 001,091,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2015/11/11 13:32:24 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pmcsnap.dll
[2015/11/11 13:32:24 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll
[2015/11/11 13:32:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiobj.dll
[2015/11/11 13:32:24 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ppcsnap.dll
[2015/11/11 13:32:24 | 000,155,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\tpm.sys
[2015/11/11 13:32:23 | 000,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nshwfp.dll
[2015/11/11 13:32:23 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nshwfp.dll
[2015/11/11 13:32:23 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FWPUCLNT.DLL
[2015/11/11 13:32:23 | 000,272,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
[2015/11/11 13:32:23 | 000,136,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys
[2015/11/11 13:32:20 | 000,136,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015/11/11 13:32:19 | 002,243,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015/11/11 13:32:19 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015/11/11 13:32:19 | 000,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015/11/11 13:32:19 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015/11/11 13:32:19 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015/11/11 13:32:19 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015/11/11 13:32:19 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015/11/11 13:32:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015/11/11 13:32:19 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015/11/11 13:32:19 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2015/11/11 13:31:28 | 005,990,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/11/11 13:31:28 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/11/11 13:31:28 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/11/11 13:31:27 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/11/11 13:31:27 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2015/11/11 13:31:26 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/11/11 13:31:26 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/11/11 13:31:26 | 000,585,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/11/06 19:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Megacubo
[2015/11/06 19:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Megacubo
[2015/11/04 15:48:46 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\Diagnostics
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/12/03 22:44:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/12/03 22:08:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/03 21:08:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/03 21:04:10 | 000,002,273 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/02 22:59:21 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\subinacl.exe
[2015/12/02 19:25:18 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/12/02 19:25:10 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/12/02 19:25:06 | 858,406,911 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/02 19:22:14 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe
[2015/12/02 00:43:46 | 001,797,166 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/12/02 00:43:46 | 000,774,702 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0416.dat
[2015/12/02 00:43:46 | 000,722,278 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/12/02 00:43:46 | 000,158,296 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0416.dat
[2015/12/02 00:43:46 | 000,135,394 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/12/01 20:12:35 | 000,000,753 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2015/12/01 00:34:15 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\SysNative\bootdelete.exe
[2015/12/01 00:14:28 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015/11/30 23:46:29 | 000,030,848 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2015/11/30 23:31:19 | 000,018,099 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2015/11/30 23:31:18 | 001,174,979 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2015/11/29 23:08:16 | 000,011,776 | ---- | M] () -- C:\WINDOWS\SysNative\ardnat.exe
[2015/11/28 00:31:42 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Firefox Developer Edition.lnk
[2015/11/25 00:08:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_wpdcomp_01_11_00.Wdf
[2015/11/17 16:35:29 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\EasyBCD 2.3.lnk
[2015/11/15 20:57:21 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2015/11/12 13:22:15 | 000,481,680 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/12/03 21:04:10 | 000,002,302 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2015/12/03 21:04:10 | 000,002,273 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/03 21:03:04 | 000,001,092 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/03 21:03:04 | 000,001,088 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/03 16:52:57 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
[2015/12/02 19:24:19 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe
[2015/11/30 23:46:29 | 000,030,848 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\TrueSight.sys
[2015/11/30 23:31:18 | 001,174,979 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2015/11/30 23:31:18 | 000,018,099 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2015/11/29 21:16:31 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2015/11/27 23:27:11 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2015/11/25 00:08:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_wpdcomp_01_11_00.Wdf
[2015/11/17 16:35:29 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.3.lnk
[2015/11/11 13:32:26 | 000,414,559 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2015/09/29 22:52:54 | 000,000,001 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\llftool.4.40.agreement
[2015/09/22 15:10:38 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2015/09/22 15:10:22 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/09/21 17:41:42 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/09/20 22:46:06 | 000,000,122 | ---- | C] () -- C:\WINDOWS\wa.INI

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2015/10/09 19:50:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/27 00:43:09 | 022,372,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/27 00:42:51 | 019,795,904 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 23:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 22:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 23:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2015/11/25 00:09:12 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ADBDriverInstaller
[2015/10/20 00:11:06 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Anvsoft
[2015/11/29 21:28:47 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Audacity
[2015/11/28 18:25:44 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\BitTorrent
[2015/09/18 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ClassicShell
[2015/10/01 01:08:12 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\HD Tune Pro
[2015/09/26 00:05:08 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ImgBurn
[2015/10/01 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\IObit
[2015/09/20 21:20:06 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\MotioninJoy
[2015/11/27 23:27:30 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Opera Software
[2015/09/18 17:07:23 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\PhotoFiltre Studio X
[2015/12/03 16:28:10 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\TeamViewer
[2015/10/26 23:28:16 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Unified Remote
[2015/09/26 00:13:39 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\WinAVI

[color=#E56717]========== Purity Check ==========[/color]


[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %APPDATA%\Local\*. >[/color]

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2015/11/25 00:09:12 | 000,228,352 | ---- | M] (ADBDriver.com) -- C:\Users\Gabriel\AppData\Roaming\ADBDriverInstaller\usb_driver\ADBDriverInstallerX64.exe
[2015/09/18 16:15:04 | 005,638,697 | ---- | M] () -- C:\Users\Gabriel\AppData\Roaming\Anvsoft\Common\youtube-dl.exe
[2015/10/12 23:56:03 | 001,977,192 | ---- | M] (BitTorrent Inc.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\BitTorrent.exe
[2015/09/20 22:58:10 | 001,910,376 | ---- | M] (BitTorrent Inc.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\updates\7.9.5_41074.exe
[2015/10/12 23:56:03 | 001,977,192 | ---- | M] (BitTorrent Inc.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\updates\7.9.5_41203.exe
[2015/09/20 23:09:50 | 000,336,896 | ---- | M] (BitTorrent Inc.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\updates\7.9.5_41074\utorrentie.exe
[2015/10/22 00:54:58 | 000,336,896 | ---- | M] (BitTorrent Inc.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\updates\7.9.5_41203\utorrentie.exe
[1999/04/23 14:56:28 | 000,177,152 | ---- | M] () -- C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team17\Worms Armageddon\clokspl.exe
[2012/03/17 22:51:04 | 002,595,931 | ---- | M] (Igor Pavlov) -- C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team17\Worms Armageddon\GfxUpdate.exe
[1999/01/09 12:42:00 | 000,132,608 | ---- | M] () -- C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team17\Worms Armageddon\Landgen.exe
[1999/01/28 17:00:24 | 000,021,504 | ---- | M] () -- C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team17\Worms Armageddon\RegSetup.exe
[2001/12/03 06:38:50 | 000,032,768 | ---- | M] () -- C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team17\Worms Armageddon\Silkworm_patch.exe
[2012/12/20 08:01:16 | 003,227,648 | ---- | M] (Team17 Software Ltd) -- C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team17\Worms Armageddon\wa.exe
[1 C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team17\Worms Armageddon\*.tmp files -> C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team17\Worms Armageddon\*.tmp -> ]
[1998/12/14 16:49:04 | 000,274,944 | ---- | M] (Team 17 Ltd.) -- C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Team17\Worms Armageddon\User\BankEditor.exe

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2015/11/25 00:09:12 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ADBDriverInstaller
[2015/11/06 19:41:01 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Adobe
[2015/10/20 00:11:06 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Anvsoft
[2015/11/29 21:28:47 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Audacity
[2015/11/28 18:25:44 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\BitTorrent
[2015/09/18 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ClassicShell
[2015/10/02 00:13:16 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\CyberLink
[2015/10/01 01:08:12 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\HD Tune Pro
[2015/09/22 19:22:03 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Identities
[2015/09/26 00:05:08 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ImgBurn
[2015/10/01 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\IObit
[2015/11/06 19:41:02 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Macromedia
[2015/11/12 22:10:43 | 000,000,000 | --SD | M] -- C:\Users\Gabriel\AppData\Roaming\Microsoft
[2015/09/20 21:20:06 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\MotioninJoy
[2015/09/18 17:18:20 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Mozilla
[2015/09/26 00:13:40 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\NVIDIA
[2015/11/27 23:27:30 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Opera Software
[2015/09/18 17:07:23 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\PhotoFiltre Studio X
[2015/12/03 16:28:10 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\TeamViewer
[2015/10/26 23:28:16 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Unified Remote
[2015/09/26 00:13:39 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\WinAVI
[2015/09/18 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\WinRAR

[color=#A23BEC]< %USERPROFILE%\AppData\Local\*.* >[/color]
[2015/12/03 01:29:13 | 000,162,346 | -H-- | M] () -- C:\Users\Gabriel\AppData\Local\IconCache.db
[2015/09/29 22:52:54 | 000,000,001 | ---- | M] () -- C:\Users\Gabriel\AppData\Local\llftool.4.40.agreement

[color=#A23BEC]< %systemroot%\assembly\tmp\*.* /S /MD5 >[/color]

[color=#A23BEC]< %systemroot%\assembly\temp\*.* /S /MD5 >[/color]

[color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >[/color]

[color=#A23BEC]< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >[/color]

[color=#A23BEC]< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >[/color]

[color=#A23BEC]< %windir%\Installer\*.* >[/color]
[2015/09/18 17:02:26 | 004,775,936 | ---- | M] () -- C:\WINDOWS\Installer\16125e.msi
[2015/09/18 23:49:37 | 000,339,968 | ---- | M] () -- C:\WINDOWS\Installer\18e028b.msi
[2015/09/18 23:49:51 | 000,368,640 | ---- | M] () -- C:\WINDOWS\Installer\18e02bf.msi
[2015/09/18 23:49:59 | 000,303,104 | ---- | M] () -- C:\WINDOWS\Installer\18e02c7.msi
[2015/09/18 23:50:04 | 001,024,000 | ---- | M] () -- C:\WINDOWS\Installer\18e08c2.msi
[2015/09/19 01:35:59 | 000,929,792 | ---- | M] () -- C:\WINDOWS\Installer\1ef8278.msi
[2008/08/08 15:11:02 | 000,232,960 | ---- | M] () -- C:\WINDOWS\Installer\2186542.msi
[2009/07/12 13:16:26 | 000,223,232 | ---- | M] () -- C:\WINDOWS\Installer\218654b.msi
[2010/12/09 02:08:18 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Installer\21bcd5b.msi
[2014/03/14 03:40:02 | 000,143,360 | ---- | M] () -- C:\WINDOWS\Installer\2247e24.msi
[2014/03/14 03:40:02 | 000,143,360 | ---- | M] () -- C:\WINDOWS\Installer\2247e2a.msi
[2014/03/12 20:11:48 | 000,143,360 | ---- | M] () -- C:\WINDOWS\Installer\2247e30.msi
[2014/03/12 20:11:48 | 000,143,360 | ---- | M] () -- C:\WINDOWS\Installer\2247e36.msi
[2015/09/05 00:31:30 | 018,779,136 | R--- | M] () -- C:\WINDOWS\Installer\2dc80e.msp
[2015/09/05 00:31:08 | 000,942,592 | R--- | M] () -- C:\WINDOWS\Installer\2dc82f.msp
[2015/09/18 15:27:30 | 039,603,200 | R--- | M] () -- C:\WINDOWS\Installer\2dc852.msp
[2015/09/18 15:27:36 | 025,676,288 | R--- | M] () -- C:\WINDOWS\Installer\2dc869.msp
[2015/09/18 15:27:10 | 020,389,888 | R--- | M] () -- C:\WINDOWS\Installer\2dc882.msp
[2015/09/18 15:26:48 | 044,496,896 | R--- | M] () -- C:\WINDOWS\Installer\2dc89b.msp
[2015/09/18 15:27:06 | 009,426,944 | R--- | M] () -- C:\WINDOWS\Installer\2dc8b3.msp
[2015/09/18 15:44:34 | 020,587,008 | R--- | M] () -- C:\WINDOWS\Installer\2dc8e2.msp
[2015/09/18 15:43:40 | 001,692,672 | R--- | M] () -- C:\WINDOWS\Installer\2dc8ea.msp
[2015/09/18 15:26:36 | 003,446,272 | R--- | M] () -- C:\WINDOWS\Installer\2dc902.msp
[2015/09/05 00:31:04 | 005,691,392 | R--- | M] () -- C:\WINDOWS\Installer\2dc91b.msp
[2011/04/16 09:44:26 | 002,770,944 | ---- | M] () -- C:\WINDOWS\Installer\2f3ded.msi
[2011/04/19 05:54:14 | 000,227,328 | ---- | M] () -- C:\WINDOWS\Installer\2f3df6.msi
[2015/09/20 15:03:30 | 003,905,024 | ---- | M] () -- C:\WINDOWS\Installer\5177e.msi
[2015/09/20 15:03:42 | 002,508,800 | ---- | M] () -- C:\WINDOWS\Installer\51786.msi
[2015/09/20 15:03:53 | 002,505,216 | ---- | M] () -- C:\WINDOWS\Installer\5178f.msi
[2015/09/20 15:04:10 | 002,508,800 | ---- | M] () -- C:\WINDOWS\Installer\51797.msi
[2015/09/20 15:04:12 | 002,867,712 | ---- | M] () -- C:\WINDOWS\Installer\517a0.msi
[2015/09/20 15:04:43 | 000,873,472 | ---- | M] () -- C:\WINDOWS\Installer\517a8.msi
[2015/09/20 15:04:36 | 000,881,152 | ---- | M] () -- C:\WINDOWS\Installer\517b0.msi
[2015/09/20 15:04:29 | 000,875,520 | ---- | M] () -- C:\WINDOWS\Installer\517b8.msi
[2015/09/20 15:04:29 | 000,869,888 | ---- | M] () -- C:\WINDOWS\Installer\517c0.msi
[2015/09/20 15:04:44 | 002,504,704 | ---- | M] () -- C:\WINDOWS\Installer\517c8.msi
[2015/09/20 15:04:49 | 002,520,064 | ---- | M] () -- C:\WINDOWS\Installer\517d2.msi
[2015/09/20 15:05:28 | 003,128,320 | ---- | M] () -- C:\WINDOWS\Installer\517da.msi
[2015/09/20 15:05:41 | 000,875,008 | ---- | M] () -- C:\WINDOWS\Installer\517e2.msi
[2015/09/20 15:05:42 | 002,515,968 | ---- | M] () -- C:\WINDOWS\Installer\517eb.msi
[2015/09/20 15:05:46 | 002,525,184 | ---- | M] () -- C:\WINDOWS\Installer\517f4.msi
[2015/09/20 15:06:21 | 001,992,192 | ---- | M] () -- C:\WINDOWS\Installer\517fd.msi
[2015/09/20 15:06:36 | 027,195,904 | ---- | M] () -- C:\WINDOWS\Installer\51807.msi
[2013/10/16 04:01:46 | 025,647,616 | R--- | M] () -- C:\WINDOWS\Installer\523bde.msp
[2015/03/23 00:25:44 | 009,739,776 | R--- | M] () -- C:\WINDOWS\Installer\523bf9.msp
[2015/07/16 09:21:06 | 001,071,616 | R--- | M] () -- C:\WINDOWS\Installer\523c12.msp
[2015/06/17 16:21:26 | 020,387,840 | R--- | M] () -- C:\WINDOWS\Installer\523c2d.msp
[2015/06/17 16:23:30 | 018,628,608 | R--- | M] () -- C:\WINDOWS\Installer\523c46.msp
[2015/08/13 07:18:24 | 001,554,432 | R--- | M] () -- C:\WINDOWS\Installer\523c59.msp
[2015/08/13 07:19:22 | 008,860,672 | R--- | M] () -- C:\WINDOWS\Installer\523c69.msp
[2015/08/13 07:19:06 | 009,796,096 | R--- | M] () -- C:\WINDOWS\Installer\523c7a.msp
[2015/07/16 09:20:22 | 044,880,896 | R--- | M] () -- C:\WINDOWS\Installer\523c95.msp
[2015/08/13 07:17:52 | 039,601,152 | R--- | M] () -- C:\WINDOWS\Installer\523cb1.msp
[2013/07/24 09:15:36 | 001,233,408 | R--- | M] () -- C:\WINDOWS\Installer\523cca.msp
[2015/02/17 18:32:04 | 000,739,328 | R--- | M] () -- C:\WINDOWS\Installer\523cd4.msp
[2015/07/16 09:19:40 | 000,694,784 | R--- | M] () -- C:\WINDOWS\Installer\523ced.msp
[2013/09/07 00:34:24 | 021,882,880 | R--- | M] () -- C:\WINDOWS\Installer\523d06.msp
[2015/03/23 00:30:52 | 044,489,216 | R--- | M] () -- C:\WINDOWS\Installer\523d2b.msp
[2015/03/23 00:31:24 | 000,925,184 | R--- | M] () -- C:\WINDOWS\Installer\523d36.msp
[2014/10/03 17:57:20 | 000,434,688 | R--- | M] () -- C:\WINDOWS\Installer\523d62.msp
[2014/11/12 00:59:14 | 002,979,328 | R--- | M] () -- C:\WINDOWS\Installer\523d7e.msp
[2013/12/18 18:56:04 | 022,602,752 | R--- | M] () -- C:\WINDOWS\Installer\523da9.msp
[2015/02/17 18:39:16 | 001,004,032 | R--- | M] () -- C:\WINDOWS\Installer\523dbe.msp
[2013/07/24 09:28:16 | 003,499,008 | R--- | M] () -- C:\WINDOWS\Installer\523dd7.msp
[2014/04/02 03:45:38 | 003,068,416 | R--- | M] () -- C:\WINDOWS\Installer\523df0.msp
[2015/05/14 16:35:48 | 000,591,360 | R--- | M] () -- C:\WINDOWS\Installer\523dfa.msp
[2015/05/14 16:35:46 | 013,219,840 | R--- | M] () -- C:\WINDOWS\Installer\523e1e.msp
[2015/05/22 13:59:52 | 005,337,600 | R--- | M] () -- C:\WINDOWS\Installer\523e41.msp
[2015/07/16 09:19:48 | 000,372,736 | R--- | M] () -- C:\WINDOWS\Installer\523e5a.msp
[2015/09/03 11:40:58 | 000,673,792 | R--- | M] () -- C:\WINDOWS\Installer\523e71.msp
[2015/08/13 07:33:26 | 020,548,608 | R--- | M] () -- C:\WINDOWS\Installer\523ea2.msp
[2015/08/13 07:32:30 | 001,692,672 | R--- | M] () -- C:\WINDOWS\Installer\523ead.msp
[2014/11/20 11:05:30 | 002,405,888 | R--- | M] () -- C:\WINDOWS\Installer\523ec6.msp
[2014/07/18 06:00:36 | 000,676,864 | R--- | M] () -- C:\WINDOWS\Installer\523edf.msp
[2013/12/18 18:56:04 | 009,469,440 | R--- | M] () -- C:\WINDOWS\Installer\523efa.msp
[2013/08/14 03:35:34 | 000,646,144 | R--- | M] () -- C:\WINDOWS\Installer\523f13.msp
[2015/05/22 14:00:00 | 009,428,480 | R--- | M] () -- C:\WINDOWS\Installer\523f2c.msp
[2014/11/12 01:00:20 | 000,802,304 | R--- | M] () -- C:\WINDOWS\Installer\523f45.msp
[2013/10/25 18:42:58 | 001,742,848 | R--- | M] () -- C:\WINDOWS\Installer\523f5e.msp
[2014/10/03 17:57:30 | 003,070,976 | R--- | M] () -- C:\WINDOWS\Installer\523f77.msp
[2014/04/17 17:02:58 | 000,402,432 | R--- | M] () -- C:\WINDOWS\Installer\523f90.msp
[2015/07/23 00:41:30 | 001,941,504 | R--- | M] () -- C:\WINDOWS\Installer\523fa9.msp
[2015/08/19 04:50:50 | 044,889,600 | R--- | M] () -- C:\WINDOWS\Installer\523fc2.msp
[2013/07/24 09:07:20 | 004,108,288 | R--- | M] () -- C:\WINDOWS\Installer\523fdc.msp
[2015/07/16 09:19:38 | 009,431,552 | R--- | M] () -- C:\WINDOWS\Installer\523ff5.msp
[2015/06/24 02:19:24 | 002,838,528 | R--- | M] () -- C:\WINDOWS\Installer\52400e.msp
[2015/03/23 00:43:32 | 000,402,944 | R--- | M] () -- C:\WINDOWS\Installer\524018.msp
[2015/03/23 00:15:48 | 003,099,136 | R--- | M] () -- C:\WINDOWS\Installer\52403a.msp
[2013/09/07 00:33:14 | 001,952,256 | R--- | M] () -- C:\WINDOWS\Installer\524053.msp
[2015/03/23 00:40:04 | 024,779,776 | R--- | M] () -- C:\WINDOWS\Installer\524075.msp
[2014/11/20 11:05:38 | 000,170,496 | R--- | M] () -- C:\WINDOWS\Installer\52408e.msp
[2015/08/13 07:16:52 | 000,286,208 | R--- | M] () -- C:\WINDOWS\Installer\5240a7.msp
[2015/07/16 09:21:28 | 024,785,408 | R--- | M] () -- C:\WINDOWS\Installer\5240bf.msp
[2015/08/13 07:16:56 | 044,499,456 | R--- | M] () -- C:\WINDOWS\Installer\5240d9.msp
[2015/05/14 17:09:16 | 001,753,600 | R--- | M] () -- C:\WINDOWS\Installer\5240f2.msp
[2013/12/18 19:06:36 | 003,619,840 | R--- | M] () -- C:\WINDOWS\Installer\524119.msp
[2015/04/01 13:29:14 | 005,480,448 | R--- | M] () -- C:\WINDOWS\Installer\524133.msp
[2015/06/25 23:59:22 | 000,147,456 | ---- | M] () -- C:\WINDOWS\Installer\5266a6c.msi
[2015/06/25 23:59:42 | 000,143,360 | ---- | M] () -- C:\WINDOWS\Installer\5266a72.msi
[2015/06/26 00:00:20 | 000,147,456 | ---- | M] () -- C:\WINDOWS\Installer\5266a82.msi
[2015/06/26 00:00:06 | 000,143,360 | ---- | M] () -- C:\WINDOWS\Installer\5266a9a.msi
[2015/12/03 21:03:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Installer\584afc8.msi
[2012/02/13 22:30:44 | 000,475,136 | ---- | M] () -- C:\WINDOWS\Installer\747bc9.msi
[2011/03/25 00:13:08 | 006,755,840 | ---- | M] () -- C:\WINDOWS\Installer\7aa3f.msi
[2015/10/30 23:10:20 | 020,573,696 | R--- | M] () -- C:\WINDOWS\Installer\a5b384f.msp
[2015/10/14 09:56:40 | 025,682,432 | R--- | M] () -- C:\WINDOWS\Installer\a5b3866.msp
[2015/10/14 10:42:48 | 000,403,456 | R--- | M] () -- C:\WINDOWS\Installer\a5b3875.msp
[2015/10/14 10:43:20 | 039,828,480 | R--- | M] () -- C:\WINDOWS\Installer\a5b3895.msp
[2015/10/14 09:45:20 | 044,534,272 | R--- | M] () -- C:\WINDOWS\Installer\a5b38b5.msp
[2015/10/14 09:54:52 | 013,907,968 | R--- | M] () -- C:\WINDOWS\Installer\a5b38df.msp
[2015/10/01 08:05:58 | 003,904,000 | R--- | M] () -- C:\WINDOWS\Installer\a5b390c.msp
[2015/10/14 09:55:08 | 009,788,416 | R--- | M] () -- C:\WINDOWS\Installer\a5b3914.msp
[2015/10/14 09:54:40 | 045,109,248 | R--- | M] () -- C:\WINDOWS\Installer\a5b3942.msp
[2015/10/20 20:21:06 | 020,641,280 | R--- | M] () -- C:\WINDOWS\Installer\a5b3965.msp
[2015/10/14 09:45:36 | 018,868,224 | R--- | M] () -- C:\WINDOWS\Installer\a5b3983.msp
[2015/10/14 09:53:20 | 003,444,736 | R--- | M] () -- C:\WINDOWS\Installer\a5b39a2.msp
[2015/10/14 09:45:52 | 006,595,584 | R--- | M] () -- C:\WINDOWS\Installer\a5b39bb.msp
[2015/10/27 17:23:34 | 000,672,768 | R--- | M] () -- C:\WINDOWS\Installer\a5b39cb.msp
[2015/10/14 09:45:20 | 000,090,624 | R--- | M] () -- C:\WINDOWS\Installer\a5b39e2.msp
[2015/10/14 09:55:30 | 009,037,824 | R--- | M] () -- C:\WINDOWS\Installer\a5b39fe.msp
[2015/06/17 16:23:28 | 000,625,152 | R--- | M] () -- C:\WINDOWS\Installer\b6643b.msp
[2011/07/21 14:50:16 | 000,204,800 | R--- | M] () -- C:\WINDOWS\Installer\b664d4.msp
[2015/08/13 07:16:42 | 003,449,344 | R--- | M] () -- C:\WINDOWS\Installer\b664f5.msp
[2014/09/03 06:17:54 | 000,163,840 | ---- | M] () -- C:\WINDOWS\Installer\b72a88.msi
[2014/09/03 06:17:54 | 004,028,928 | R--- | M] () -- C:\WINDOWS\Installer\b72a89.msp
[2014/09/03 06:17:54 | 000,177,664 | ---- | M] () -- C:\WINDOWS\Installer\b72a92.msi
[2014/09/03 06:17:54 | 004,637,184 | R--- | M] () -- C:\WINDOWS\Installer\b72a93.msp
[2014/09/03 01:32:04 | 000,548,352 | ---- | M] () -- C:\WINDOWS\Installer\b72aab.msi
[2014/09/03 02:17:26 | 000,437,760 | ---- | M] () -- C:\WINDOWS\Installer\b72ab7.msi
[2013/08/14 03:41:54 | 000,209,408 | R--- | M] () -- C:\WINDOWS\Installer\b72ace.msp
[2011/10/27 00:23:38 | 018,386,944 | R--- | M] () -- C:\WINDOWS\Installer\b72aef.msp
[2011/10/27 00:18:48 | 001,008,128 | R--- | M] () -- C:\WINDOWS\Installer\b72b04.msp
[2012/03/07 16:03:04 | 026,386,944 | R--- | M] () -- C:\WINDOWS\Installer\b72b37.msp
[2012/03/07 16:01:18 | 001,750,528 | R--- | M] () -- C:\WINDOWS\Installer\b72b43.msp
[2011/10/26 23:50:00 | 000,595,456 | R--- | M] () -- C:\WINDOWS\Installer\b72b4d.msp
[2011/10/26 23:49:56 | 016,777,216 | R--- | M] () -- C:\WINDOWS\Installer\b72b70.msp
[2011/07/21 14:42:12 | 003,222,016 | R--- | M] () -- C:\WINDOWS\Installer\b72b95.msp
[2012/03/21 06:31:30 | 000,133,120 | R--- | M] () -- C:\WINDOWS\Installer\b72b9f.msp
[2012/03/21 06:30:10 | 001,868,288 | R--- | M] () -- C:\WINDOWS\Installer\b72bb9.msp
[2013/06/27 23:01:00 | 011,510,272 | R--- | M] () -- C:\WINDOWS\Installer\bf3328.msp
[2013/06/27 23:17:46 | 024,506,880 | R--- | M] () -- C:\WINDOWS\Installer\bf3335.msp
[2013/06/27 23:02:40 | 003,877,376 | R--- | M] () -- C:\WINDOWS\Installer\bf338d.msp
[2013/07/17 12:15:02 | 796,182,528 | R--- | M] () -- C:\WINDOWS\Installer\bf34fa.msp
[2013/06/27 23:18:18 | 032,299,008 | R--- | M] () -- C:\WINDOWS\Installer\bf351e.msp
[2013/06/27 23:13:06 | 011,828,736 | R--- | M] () -- C:\WINDOWS\Installer\bf3533.msp
[2013/06/27 23:00:02 | 005,182,976 | R--- | M] () -- C:\WINDOWS\Installer\bf3542.msp
[2013/06/27 23:03:20 | 001,656,832 | R--- | M] () -- C:\WINDOWS\Installer\bf354b.msp
[2013/06/27 23:06:08 | 005,625,344 | R--- | M] () -- C:\WINDOWS\Installer\bf356a.msp
[2015/11/19 20:02:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}
[2015/09/26 00:13:30 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{0F931735-0098-4FF6-A49D-17882A294F51}
[2015/10/26 23:28:49 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
[2015/10/09 19:51:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{16793295-2366-40F7-A045-A3E42A81365E}
[2015/10/02 00:11:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
[2015/12/03 21:08:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[2015/10/02 15:16:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
[2015/11/17 19:04:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{8D9294AA-BCC6-C17A-0A3F-AC6BC020840B}
[2015/10/26 23:29:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{929FBD26-9020-399B-9A7A-751D61F0B942}
[2015/10/02 00:10:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{9A25302D-30C0-39D9-BD6F-21E6EC160475}
[2015/10/02 15:16:24 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{9BE518E6-ECC6-35A9-88E4-87755C07200F}
[2015/11/27 23:23:59 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{9C0F80FF-8C45-466C-83E1-09AA7ED1CE34}
[2015/11/19 20:02:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}
[2015/10/26 23:29:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
[2015/11/19 20:02:09 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}
[2015/11/19 20:02:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}
[2015/10/26 23:28:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\Installer\SourceHash{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}

[color=#A23BEC]< %windir%\tasks\*.* /s >[/color]
[2015/12/03 22:44:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/12/03 21:08:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/03 22:08:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/02 19:25:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >[/color]
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >[/color]
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"KnownProvidersUpgradeTime" = 75 D6 D9 F7 75 2D D1 01  [binary data]
"Version" = 4
"UpgradeTime" = 1D FD A0 F8 75 2D D1 01  [binary data]
"DefaultPackCorrection" = 1
"DefaultPackNTCorrection" = 1

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[color=#A23BEC]< %systemroot%\system32\Tasks\*.* /s >[/color]

[color=#A23BEC]< %systemroot%\system32\tasks\*.* /s /64 >[/color]
[2015/11/28 00:44:25 | 000,003,790 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater
[2015/09/18 17:01:35 | 000,003,092 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Aero Glass
[2015/09/28 18:11:12 | 000,002,798 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC
[2015/12/03 21:03:04 | 000,003,828 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore
[2015/12/03 21:03:04 | 000,004,064 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA
[2015/11/27 23:27:14 | 000,003,834 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Opera scheduled Autoupdate 1448674030
[2015/12/03 21:10:28 | 000,003,598 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Optimize Start Menu Cache Files-S-1-5-21-3925143147-219686701-2106125166-1001
[2015/10/01 15:55:36 | 000,003,168 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\SmartDefrag3_Update
[2015/12/03 20:51:46 | 000,003,958 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{B042639D-D4CF-4897-BF85-959BAAF984ED}
[2015/12/03 14:54:12 | 000,003,704 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
[2015/12/03 14:54:05 | 000,003,710 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
[2015/11/11 16:16:17 | 000,003,476 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
[2015/11/11 16:16:17 | 000,003,470 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
[2013/08/22 13:37:37 | 000,004,472 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2013/08/22 13:37:37 | 000,003,854 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2013/08/22 13:38:14 | 000,002,900 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\AppID\PolicyConverter
[2013/08/22 13:38:32 | 000,003,558 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\AppID\SmartScreenSpecific
[2013/08/22 13:38:14 | 000,003,790 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2013/08/22 13:37:55 | 000,002,902 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Application Experience\AitAgent
[2015/10/15 21:24:51 | 000,004,170 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
[2015/10/15 17:19:11 | 000,002,838 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2013/08/22 13:38:31 | 000,003,154 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Application Experience\StartupAppTask
[2013/08/22 13:38:48 | 000,002,814 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState
[2015/09/18 17:40:08 | 000,003,640 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
[2013/08/22 13:37:41 | 000,003,022 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Autochk\Proxy
[2013/08/22 13:38:52 | 000,002,118 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2013/08/22 13:37:21 | 000,004,130 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2013/08/22 13:37:21 | 000,003,868 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2015/09/18 16:40:18 | 000,003,134 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2013/08/22 13:38:56 | 000,003,028 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Chkdsk\ProactiveScan
[2013/08/22 13:38:51 | 000,003,178 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
[2013/08/22 13:38:17 | 000,002,934 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2013/08/22 13:37:48 | 000,003,316 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2015/12/03 14:46:19 | 000,003,516 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
[2013/08/22 13:37:57 | 000,003,182 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2013/08/22 13:39:01 | 000,004,450 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
[2013/08/22 13:39:01 | 000,004,012 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
[2013/08/22 13:38:31 | 000,003,266 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2015/12/03 22:58:32 | 000,003,782 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Device Setup\Metadata Refresh
[2013/08/22 13:38:35 | 000,003,170 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Diagnosis\Scheduled
[2015/09/21 20:59:13 | 000,003,696 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup
[2015/10/02 14:35:48 | 000,003,120 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[2015/10/09 17:44:50 | 000,002,538 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2015/09/21 20:59:21 | 000,002,618 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\DiskFootprint\Diagnostics
[2013/08/22 21:00:01 | 000,003,696 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
[2013/08/22 13:38:55 | 000,003,834 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
[2013/08/22 13:37:35 | 000,003,630 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\IME\SQM data sender
[2013/08/22 13:39:02 | 000,003,554 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Location\Notifications
[2013/08/22 13:37:37 | 000,003,178 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Maintenance\WinSAT
[2013/08/22 13:38:51 | 000,006,054 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
[2013/08/22 13:38:51 | 000,003,640 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
[2013/08/22 13:38:48 | 000,004,410 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
[2013/08/22 13:38:11 | 000,003,030 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\MUI\LPRemove
[2013/08/22 13:38:42 | 000,002,602 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2013/08/22 13:37:17 | 000,002,738 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
[2013/08/22 13:38:14 | 000,002,044 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
[2013/08/22 21:00:02 | 000,003,136 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Offline Files\Background Synchronization
[2013/08/22 21:00:02 | 000,002,736 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Offline Files\Logon Synchronization
[2015/09/20 15:10:02 | 000,004,084 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
[2013/08/22 13:38:56 | 000,002,980 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\PI\Secure-Boot-Update
[2013/08/22 13:38:56 | 000,002,872 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\PI\Sqm-Tasks
[2013/08/22 13:38:58 | 000,003,590 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
[2013/08/22 13:37:16 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
[2013/08/22 13:38:57 | 000,003,562 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
[2013/08/22 13:37:49 | 000,002,128 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
[2013/08/22 13:38:41 | 000,003,162 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[2013/08/22 13:38:36 | 000,005,624 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\RAC\RacTask
[2013/08/22 13:37:43 | 000,003,248 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Ras\MobilityManager
[2015/10/02 14:35:53 | 000,003,750 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
[2013/08/22 13:38:14 | 000,003,326 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Registry\RegIdleBackup
[2013/08/22 13:38:57 | 000,004,596 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2015/12/03 20:17:16 | 000,003,544 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\RemovalTools\MRT_HB
[2013/08/22 13:38:47 | 000,002,944 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Servicing\StartComponentCleanup
[2013/08/22 13:39:00 | 000,003,360 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
[2013/08/22 13:39:00 | 000,003,364 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SettingSync\BackupTask
[2013/08/22 13:39:00 | 000,003,462 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
[2015/09/22 19:21:29 | 000,003,176 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess
[2015/09/22 19:21:29 | 000,003,050 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig
[2015/09/22 19:21:29 | 000,003,664 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
[2015/09/22 19:21:29 | 000,002,876 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent
[2015/12/03 21:34:22 | 000,003,070 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d
[2015/12/03 21:34:22 | 000,003,218 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d
[2015/12/03 21:34:22 | 000,003,010 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d
[2015/12/03 21:34:22 | 000,003,558 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d
[2015/12/03 21:34:22 | 000,003,964 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
[2015/12/03 21:34:22 | 000,003,728 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd
[2015/12/03 21:34:22 | 000,003,394 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d
[2013/08/22 13:37:23 | 000,002,236 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Shell\CreateObjectTask
[2013/08/22 13:38:57 | 000,002,330 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor
[2015/09/22 19:21:28 | 000,003,216 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
[2015/09/22 19:21:28 | 000,003,014 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Shell\FamilySafetyUpload
[2013/08/22 13:37:27 | 000,003,512 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
[2013/08/22 13:39:06 | 000,003,036 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
[2013/08/22 13:39:06 | 000,002,768 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
[2015/12/03 22:56:48 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
[2015/10/21 23:59:58 | 000,003,840 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
[2015/10/21 23:59:58 | 000,004,478 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
[2013/08/22 13:38:38 | 000,003,590 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask
[2013/08/22 13:37:37 | 000,003,214 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
[2013/08/22 13:37:37 | 000,003,284 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
[2015/09/19 15:15:10 | 000,003,858 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
[2013/08/22 13:38:48 | 000,002,798 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\SystemRestore\SR
[2013/08/22 13:37:32 | 000,002,614 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Task Manager\Interactive
[2015/12/03 20:17:16 | 000,004,028 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
[2013/08/22 13:38:35 | 000,004,166 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
[2013/08/22 13:38:35 | 000,003,048 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
[2015/11/25 00:43:39 | 000,004,472 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
[2013/08/22 13:37:53 | 000,002,978 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2013/08/22 13:38:35 | 000,002,848 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
[2013/08/22 13:37:21 | 000,002,918 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
[2013/08/22 13:39:01 | 000,003,180 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone
[2013/08/22 13:38:56 | 000,004,194 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\TPM\Tpm-Maintenance
[2013/08/22 13:37:18 | 000,001,986 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2013/08/22 13:37:49 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
[2013/08/22 13:37:17 | 000,002,682 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WDI\ResolutionHost
[2013/08/22 13:37:17 | 000,004,004 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2013/08/22 13:37:25 | 000,003,290 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
[2013/08/22 13:38:32 | 000,003,304 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
[2013/08/22 12:47:31 | 000,003,532 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2015/09/22 19:21:22 | 000,003,676 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
[2015/12/03 21:36:43 | 000,003,402 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
[2015/12/03 21:36:43 | 000,005,004 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
[2015/12/03 21:36:43 | 000,004,926 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
[2015/12/03 21:36:43 | 000,004,924 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network
[2013/08/22 13:37:24 | 000,003,344 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Wininet\CacheTask
[2015/09/21 20:59:19 | 000,003,448 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WOF\WIM-Hash-Management
[2015/09/22 15:47:12 | 000,003,016 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
[2013/08/22 13:38:47 | 000,002,808 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
[2013/08/22 13:38:47 | 000,003,132 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
[2013/08/22 13:38:51 | 000,003,530 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join
[2013/08/22 13:39:06 | 000,003,606 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WS\Badge Update
[2015/12/03 14:53:56 | 000,005,070 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WS\License Validation
[2013/08/22 13:39:06 | 000,003,464 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WS\Sync Licenses
[2013/08/22 13:39:06 | 000,003,826 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask
[2013/08/22 13:38:32 | 000,003,700 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\Microsoft\Windows\WS\WSTask
[2015/09/20 15:09:57 | 000,004,392 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask
[2015/09/18 16:41:12 | 000,004,484 | ---- | M] () -- C:\WINDOWS\SysNative\tasks\WPD\SqmUpload_S-1-5-21-3925143147-219686701-2106125166-1001

[color=#A23BEC]< %windir%\tasks\*.* /s >[/color]
[2015/12/03 22:44:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/12/03 21:08:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/03 22:08:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/02 19:25:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< End of report >