SHARE
TWEET

Untitled

a guest Sep 4th, 2018 150 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. OTL logfile created on: 04/09/2018 09:00:46 - Run 1
  2. OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\p\Downloads
  3.  Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
  4. Internet Explorer (Version = 9.11.9600.17843)
  5. Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
  6.  
  7. 3,37 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 22,61% Memory free
  8. 6,73 Gb Paging File | 3,23 Gb Available in Paging File | 47,93% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
  12. Drive C: | 297,99 Gb Total Space | 222,60 Gb Free Space | 74,70% Space Free | Partition Type: NTFS
  13.  
  14. Computer Name: P-PC | User Name: p | Logged in as Administrator.
  15. Boot Mode: Normal | Scan Mode: All users
  16. Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
  17.  
  18. [color=#E56717]========== Processes (SafeList) ==========[/color]
  19.  
  20. PRC - [2018/09/04 08:51:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\p\Downloads\OTL.exe
  21. PRC - [2018/09/03 15:33:30 | 001,754,896 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\pub\PubMonitor.exe
  22. PRC - [2018/08/22 17:26:54 | 002,525,968 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFTips.exe
  23. PRC - [2018/08/20 13:49:28 | 002,346,256 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
  24. PRC - [2018/08/07 16:42:49 | 000,396,240 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
  25. PRC - [2018/07/20 12:00:10 | 045,461,032 | ---- | M] (Alterdata Software) -- C:\Program Files\Alterdata\Pack\Diamond\Fiscal\wfiscal.exe
  26. PRC - [2018/07/11 16:08:39 | 003,783,376 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
  27. PRC - [2018/07/10 09:43:52 | 000,224,736 | ---- | M] (Alterdata Software) -- C:\Program Files\Alterdata\Updater\bin\AlterdataAutoUpdate.exe
  28. PRC - [2018/05/09 12:48:18 | 004,753,104 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  29. PRC - [2018/03/21 02:21:48 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
  30. PRC - [2018/02/07 09:26:14 | 000,040,416 | ---- | M] (Alterdata Software) -- C:\Program Files\Alterdata\Updater\Guardian\bin\UpdaterGuardian.exe
  31. PRC - [2016/05/06 09:51:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
  32. PRC - [2015/10/05 18:47:20 | 000,959,248 | ---- | M] (© pdfforge GmbH.) -- C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
  33. PRC - [2015/07/17 15:33:20 | 006,453,528 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
  34. PRC - [2014/09/23 09:57:44 | 002,350,592 | ---- | M] (Tecnobyte® Informática) -- C:\tecnobyte\agenda\Agenda.exe
  35. PRC - [2012/09/06 21:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
  36. PRC - [2012/09/06 21:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
  37. PRC - [2012/06/06 15:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
  38. PRC - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
  39. PRC - [2011/11/09 15:08:28 | 000,074,784 | ---- | M] (charismathics GmbH) -- C:\Windows\System32\cmEvtSrv.exe
  40. PRC - [2011/01/13 17:01:00 | 000,008,392 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Safenet\Authentication\SAC\x32\SACSrv.exe
  41. PRC - [2011/01/13 17:00:30 | 001,044,680 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Safenet\Authentication\SAC\x32\SACMonitor.exe
  42. PRC - [2010/11/20 18:29:39 | 000,776,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
  43. PRC - [2010/11/20 18:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
  44. PRC - [2010/03/09 08:31:29 | 002,155,992 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
  45. PRC - [2010/03/09 08:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
  46. PRC - [2010/03/09 08:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
  47. PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
  48. PRC - [2009/07/13 22:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
  49. PRC - [2008/06/13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
  50. PRC - [2008/06/13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
  51.  
  52.  
  53. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  54.  
  55. MOD - [2018/06/09 09:31:23 | 000,435,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#\97bff8959be67c95952f575b4bdcb0f2\System.ServiceModel.Channels.ni.dll
  56. MOD - [2018/06/09 09:31:15 | 001,116,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\f729593a42ec94cfe7c8c2fac971d468\System.ServiceModel.Web.ni.dll
  57. MOD - [2018/06/09 09:10:43 | 000,527,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\88dbe1fabb4d5cdd250723d45b8d148e\System.Net.Http.ni.dll
  58. MOD - [2018/06/09 09:10:41 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f0a66c76da625b87cef4ccc3992d6b57\System.Xml.Linq.ni.dll
  59. MOD - [2018/06/09 09:10:37 | 003,034,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\492571ba274096d78fc5bef9191cf0c1\System.IdentityModel.ni.dll
  60. MOD - [2018/06/09 09:10:33 | 019,955,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\0554aa2c736072692e0bf5fb6e23726a\System.ServiceModel.ni.dll
  61. MOD - [2018/06/08 14:22:54 | 001,603,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\39eda7841df6eb183a98d9b47ce91881\Microsoft.CSharp.ni.dll
  62. MOD - [2018/06/08 14:22:53 | 000,389,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\2c482313f48b318466b30d1fbfee395e\System.Dynamic.ni.dll
  63. MOD - [2018/06/08 14:22:41 | 002,844,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\5af2db604c7f57baa3c283d8df4af0fd\System.Runtime.Serialization.ni.dll
  64. MOD - [2018/06/08 14:22:41 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb4b07c487cdeb80271ea21bbddc05cb\SMDiagnostics.ni.dll
  65. MOD - [2018/06/08 14:22:39 | 000,801,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\364483167d24c8f72af775df3ac1ba8d\System.ServiceModel.Internals.ni.dll
  66. MOD - [2018/06/08 14:22:34 | 000,252,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\f89f2b95a6a6f58f255262d63b047deb\System.ComponentModel.DataAnnotations.ni.dll
  67. MOD - [2018/06/08 14:22:10 | 007,981,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\427966a7c92735c5a6b72ff022dabc3d\System.Data.ni.dll
  68. MOD - [2018/06/08 14:21:53 | 000,991,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4a8990671a0e68a596942422eb53bf05\System.Configuration.ni.dll
  69. MOD - [2018/06/08 14:21:51 | 000,833,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\99141aba4cdd1c5ba9046ae6d9413f79\System.Security.ni.dll
  70. MOD - [2018/06/08 14:20:59 | 007,589,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\f140b522a78099a6b9446d81f603f050\System.Xml.ni.dll
  71. MOD - [2018/06/08 14:20:39 | 007,994,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\1340b0d4bbe470b7905cec0f6d0e5c19\System.Core.ni.dll
  72. MOD - [2018/06/08 14:20:26 | 002,034,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9057f8ebed40d493eb516539c4fe8887\System.Xaml.ni.dll
  73. MOD - [2018/06/08 14:20:23 | 010,498,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e588ad3e3144015ed7096ef08853bedb\System.ni.dll
  74. MOD - [2018/06/08 14:20:23 | 000,273,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\2c6b278e9626b112c3418022233fe5bb\System.Numerics.ni.dll
  75. MOD - [2018/06/08 14:20:08 | 020,496,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\f124f0255cf85003f7d8c0c47dea0616\mscorlib.ni.dll
  76. MOD - [2018/05/29 13:17:20 | 000,085,544 | ---- | M] () -- C:\Windows\System32\xtrafil_612.bpl
  77. MOD - [2018/05/29 13:17:14 | 000,210,984 | ---- | M] () -- C:\Windows\System32\xformat7_612.bpl
  78. MOD - [2018/05/29 13:17:08 | 000,131,112 | ---- | M] () -- C:\Windows\System32\xdevice7_612.bpl
  79. MOD - [2018/05/29 13:16:20 | 000,321,576 | ---- | M] () -- C:\Windows\System32\WinSkinD7R_612.bpl
  80. MOD - [2018/05/29 13:16:02 | 000,217,128 | ---- | M] () -- C:\Windows\System32\vclZipForged7.bpl
  81. MOD - [2018/05/29 13:15:56 | 000,227,368 | ---- | M] () -- C:\Windows\System32\VCLZipD7_3.bpl
  82. MOD - [2018/05/29 13:14:50 | 000,794,152 | ---- | M] () -- C:\Windows\System32\TeeUI97_612.bpl
  83. MOD - [2018/05/29 13:14:26 | 000,435,240 | ---- | M] () -- C:\Windows\System32\TeeImage97_612.bpl
  84. MOD - [2018/05/29 13:14:14 | 000,137,768 | ---- | M] () -- C:\Windows\System32\TeeDB97_612.bpl
  85. MOD - [2018/05/29 13:13:08 | 000,121,896 | ---- | M] () -- C:\Windows\System32\rbTDBC147_612.bpl
  86. MOD - [2018/05/29 13:13:02 | 000,115,752 | ---- | M] () -- C:\Windows\System32\rbTCUI147_612.bpl
  87. MOD - [2018/05/29 13:12:56 | 000,136,744 | ---- | M] () -- C:\Windows\System32\rbTC147_612.bpl
  88. MOD - [2018/05/29 13:12:26 | 001,942,568 | ---- | M] () -- C:\Windows\System32\rbIDE147.bpl
  89. MOD - [2018/05/29 13:08:20 | 000,116,776 | ---- | M] () -- C:\Windows\System32\IndySystem70_612.bpl
  90. MOD - [2018/05/29 13:08:14 | 001,678,888 | ---- | M] () -- C:\Windows\System32\IndyProtocols70_612.bpl
  91. MOD - [2018/05/29 13:08:08 | 000,246,312 | ---- | M] () -- C:\Windows\System32\IndyCore70_612.bpl
  92. MOD - [2018/05/29 13:05:14 | 000,070,184 | ---- | M] () -- C:\Windows\System32\dxThemeD7_612.bpl
  93. MOD - [2018/05/29 13:00:54 | 000,068,648 | ---- | M] () -- C:\Windows\System32\dxPSTeeChartD7_612.bpl
  94. MOD - [2018/05/29 13:00:06 | 000,060,968 | ---- | M] () -- C:\Windows\System32\dxPSDBTeeChartD7_612.bpl
  95. MOD - [2018/05/29 12:50:10 | 000,044,072 | ---- | M] () -- C:\Windows\System32\AltLib_WMailD7.bpl
  96. MOD - [2018/05/29 12:45:10 | 000,055,848 | ---- | M] () -- C:\Windows\System32\AltLib_LocalD7.bpl
  97. MOD - [2015/07/17 14:34:46 | 000,061,440 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1046.dll
  98. MOD - [2014/02/27 16:26:36 | 000,873,984 | ---- | M] () -- C:\Windows\System32\AltLib_CardsCheck.dll
  99. MOD - [2010/06/01 15:51:38 | 000,423,936 | ---- | M] () -- C:\Windows\System32\Intraweb_50_70.bpl
  100. MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
  101. MOD - [2009/02/27 16:38:20 | 000,139,264 | ---- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
  102.  
  103.  
  104. [color=#E56717]========== Services (SafeList) ==========[/color]
  105.  
  106. SRV - [2018/08/20 13:49:28 | 002,346,256 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
  107. SRV - [2018/07/10 09:43:52 | 000,224,736 | ---- | M] (Alterdata Software) [Auto | Running] -- C:\Program Files\Alterdata\Updater\bin\AlterdataAutoUpdate.exe -- (Alterdata Updater)
  108. SRV - [2018/05/09 12:48:18 | 004,753,104 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
  109. SRV - [2018/03/21 02:21:48 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
  110. SRV - [2018/02/15 11:32:28 | 004,848,832 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe -- (Disc Soft Ultra Bus Service)
  111. SRV - [2018/02/07 09:26:14 | 000,040,416 | ---- | M] (Alterdata Software) [Auto | Running] -- C:\Program Files\Alterdata\Updater\Guardian\bin\UpdaterGuardian.exe -- (Updater-Guardian)
  112. SRV - [2017/12/22 08:00:40 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
  113. SRV - [2017/04/10 16:26:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
  114. SRV - [2016/08/05 16:20:34 | 002,236,640 | ---- | M] (pdfforge GmbH) [On_Demand | Stopped] -- C:\Program Files\PDF Architect 4\ws.exe -- (PDF Architect 4)
  115. SRV - [2016/08/05 16:20:16 | 000,772,832 | ---- | M] (pdfforge GmbH) [On_Demand | Stopped] -- C:\Program Files\PDF Architect 4\creator-ws.exe -- (PDF Architect 4 Creator)
  116. SRV - [2016/08/05 16:20:10 | 000,970,976 | ---- | M] (pdfforge GmbH) [On_Demand | Stopped] -- C:\Program Files\PDF Architect 4\crash-handler-ws.exe -- (PDF Architect 4 CrashHandler)
  117. SRV - [2016/05/06 09:52:24 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
  118. SRV - [2015/10/05 18:47:20 | 000,959,248 | ---- | M] (© pdfforge GmbH.) [Auto | Running] -- C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe -- (PDF Architect 4 Manager)
  119. SRV - [2015/07/10 05:24:22 | 002,718,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
  120. SRV - [2014/09/11 11:00:06 | 000,242,912 | ---- | M] (Foxit Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
  121. SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
  122. SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [Disabled | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
  123. SRV - [2011/11/09 15:08:28 | 000,074,784 | ---- | M] (charismathics GmbH) [Auto | Running] -- C:\Windows\System32\cmEvtSrv.exe -- (cmevtsrv)
  124. SRV - [2011/01/13 17:01:00 | 000,008,392 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Safenet\Authentication\SAC\x32\SACSrv.exe -- (SACSrv)
  125. SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
  126. SRV - [2010/03/09 08:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
  127. SRV - [2010/03/09 08:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
  128. SRV - [2010/03/09 08:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
  129. SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
  130. SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
  131. SRV - [2008/06/13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
  132. SRV - [2008/06/13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
  133.  
  134.  
  135. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  136.  
  137. DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\p\AppData\Local\Temp\mbr.sys -- (mbr)
  138. DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\Advanced SystemCare\drivers\Monitor_x86.sys -- (iobit_monitor_server)
  139. DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\p\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
  140. DRV - [2018/09/04 07:10:51 | 000,220,896 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
  141. DRV - [2018/08/14 17:44:26 | 000,020,336 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFDownProtect.sys -- (IMFDownProtect)
  142. DRV - [2018/08/13 11:20:28 | 000,020,880 | ---- | M] (IObit.com) [File_System | System | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFMBRProtect.sys -- (IMFMBRProtect)
  143. DRV - [2018/07/19 07:03:18 | 000,042,728 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtection)
  144. DRV - [2018/05/11 08:16:54 | 000,049,472 | ---- | M] (CPUID) [Kernel | On_Demand | Stopped] -- C:\Windows\Temp\cpuz143\cpuz143_x32.sys -- (cpuz143)
  145. DRV - [2018/05/10 14:47:18 | 000,040,504 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtultrausbbus.sys -- (dtultrausbbus)
  146. DRV - [2018/05/10 14:46:34 | 000,026,168 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtultrascsibus.sys -- (dtultrascsibus)
  147. DRV - [2018/04/04 16:25:04 | 000,029,096 | ---- | M] (IObit.com) [File_System | System | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFSafeBox.sys -- (IMFSafeBox)
  148. DRV - [2018/03/20 18:33:20 | 000,032,192 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
  149. DRV - [2018/03/20 18:33:16 | 000,014,168 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFForceDelete.sys -- (IMFForceDelete)
  150. DRV - [2018/03/20 18:33:14 | 000,020,880 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys -- (IMFFilter)
  151. DRV - [2018/03/20 18:33:12 | 000,025,120 | ---- | M] (IObit.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\IMFCameraProtect.sys -- (IMFCameraProtect)
  152. DRV - [2017/10/28 08:01:59 | 000,040,504 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtliteusbbus.sys -- (dtliteusbbus)
  153. DRV - [2017/10/28 07:59:33 | 000,026,168 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtlitescsibus.sys -- (dtlitescsibus)
  154. DRV - [2017/06/30 05:07:54 | 000,065,544 | ---- | M] (Advanced Card Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a38ccid.sys -- (A38CCID)
  155. DRV - [2017/05/11 13:11:21 | 000,029,400 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\System32\drivers\gbpndisrdn.sys -- (ndisrd)
  156. DRV - [2012/03/02 06:00:00 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
  157. DRV - [2010/11/20 18:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
  158. DRV - [2010/11/20 18:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
  159. DRV - [2010/11/20 18:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
  160. DRV - [2010/04/29 10:16:22 | 000,018,080 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IKEYIFD.SYS -- (iKeyIFD)
  161. DRV - [2010/04/29 10:16:22 | 000,011,616 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IKEYENUM.SYS -- (iKeyEnum)
  162. DRV - [2010/03/09 08:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
  163. DRV - [2010/03/09 08:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
  164. DRV - [2010/03/09 08:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
  165. DRV - [2010/03/09 08:08:52 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
  166. DRV - [2010/03/09 08:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
  167. DRV - [2009/07/13 19:02:47 | 000,029,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l260x86.sys -- (Atc002)
  168. DRV - [2008/07/29 15:40:04 | 000,048,296 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksifdh.sys -- (AKSIFDH)
  169. DRV - [2007/09/27 17:58:32 | 000,035,840 | ---- | M] (Perto S.A. Perifericos para Automacao) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\perto38u.sys -- (PERTO38U)
  170. DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
  171.  
  172.  
  173. [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
  174.  
  175.  
  176. [color=#E56717]========== Internet Explorer ==========[/color]
  177.  
  178. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
  179. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  180. IE - HKLM\..\SearchScopes\OldSearch: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  181.  
  182.  
  183. IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  184.  
  185. IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  186.  
  187.  
  188.  
  189. IE - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
  190. IE - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
  191. IE - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
  192. IE - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 85 6D 28 7B 33 D1 01  [binary data]
  193. IE - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..\SearchScopes,DefaultScope = OldSearch
  194. IE - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..\SearchScopes\OldSearch: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
  195. IE - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  196. IE - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;<local>
  197.  
  198. [color=#E56717]========== FireFox ==========[/color]
  199.  
  200. FF - prefs.js..browser.search.countryCode: "BR"
  201. FF - prefs.js..browser.search.region: "BR"
  202. FF - user.js - File not found
  203.  
  204. FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
  205. FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
  206. FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
  207. FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
  208. FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.73.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
  209. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll (Oracle Corporation)
  210. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2: C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll (Oracle Corporation)
  211. FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  212. FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
  213. FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  214. FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL (Microsoft Corporation)
  215. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll File not found
  216. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll File not found
  217. FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  218. FF - HKLM\Software\MozillaPlugins\PDF Architect 4: C:\Program Files\PDF Architect 4\np-previewer.dll (pdfforge GmbH)
  219.  
  220. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\pdf_architect_4_conv@pdfarchitect.org: C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension\ [2017/10/03 09:18:03 | 000,000,000 | ---D | M]
  221. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 61.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
  222. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 61.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
  223. FF - HKEY_CURRENT_USER\software\mozilla\NativeMessagingHosts\com.scytl.icpbravoaccess\\: C:\Users\p\AppData\Local\Scytl\ICPBravoAccess.Extension\com.scytl.icpbravoaccess.firefox.json [2016/09/23 18:04:58 | 000,000,259 | ---- | M] ()
  224.  
  225. [2018/06/04 14:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\Extensions
  226. [2018/06/04 14:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\SystemExtensionsDev
  227. [2018/08/24 16:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\Firefox\Profiles\022sgugr.default-1531142167355\browser-extension-data
  228. [2018/08/24 16:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\Firefox\Profiles\022sgugr.default-1531142167355\browser-extension-data\screenshots@mozilla.org
  229. [2018/09/03 15:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\Firefox\Profiles\022sgugr.default-1531142167355\extensions
  230. [2018/09/03 15:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\Firefox\Profiles\100q0k9q.default-1530207788860\extensions
  231. [2018/06/25 10:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\Firefox\Profiles\mzb2zxpx.default-1528397145603\browser-extension-data
  232. [2018/06/27 11:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\Firefox\Profiles\mzb2zxpx.default-1528397145603\browser-extension-data\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
  233. [2018/09/03 15:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\Firefox\Profiles\mzb2zxpx.default-1528397145603\extensions
  234. [2018/09/03 15:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\Firefox\Profiles\xtbmenfn.default\extensions
  235. [2017/09/22 15:59:34 | 000,112,457 | ---- | M] () (No name found) -- C:\Users\p\AppData\Roaming\mozilla\firefox\profiles\022sgugr.default-1531142167355\extensions\ascsurfingprotectionnew@iobit.com.xpi
  236. [2017/09/22 15:59:34 | 000,112,457 | ---- | M] () (No name found) -- C:\Users\p\AppData\Roaming\mozilla\firefox\profiles\100q0k9q.default-1530207788860\extensions\ascsurfingprotectionnew@iobit.com.xpi
  237. [2017/09/22 15:59:34 | 000,112,457 | ---- | M] () (No name found) -- C:\Users\p\AppData\Roaming\mozilla\firefox\profiles\mzb2zxpx.default-1528397145603\extensions\ascsurfingprotectionnew@iobit.com.xpi
  238. [2018/06/25 10:05:39 | 001,221,245 | ---- | M] () (No name found) -- C:\Users\p\AppData\Roaming\mozilla\firefox\profiles\mzb2zxpx.default-1528397145603\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
  239. [2018/06/25 07:19:50 | 000,006,251 | ---- | M] () (No name found) -- C:\Users\p\AppData\Roaming\mozilla\firefox\profiles\mzb2zxpx.default-1528397145603\features\{bf40335b-1cdb-4736-9cc5-8647ed3e69aa}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi
  240. [2017/09/22 15:59:34 | 000,112,457 | ---- | M] () (No name found) -- C:\Users\p\AppData\Roaming\mozilla\firefox\profiles\xtbmenfn.default\extensions\ascsurfingprotectionnew@iobit.com.xpi
  241. [2018/06/04 14:13:15 | 000,006,255 | ---- | M] () (No name found) -- C:\Users\p\AppData\Roaming\mozilla\firefox\profiles\xtbmenfn.default\features\{b06cecab-8a21-46e2-adeb-ad9e13503c6b}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi
  242.  
  243. O1 HOSTS File: ([2018/06/07 15:22:31 | 000,001,126 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
  244. O1 - Hosts: 127.0.0.1                   systweak.com
  245. O1 - Hosts: 127.0.0.1                   updateservice1.systweak.com
  246. O1 - Hosts: 127.0.0.1                   www.systweak.com
  247. O1 - Hosts: 127.0.0.1                   systemspeedup.systweak.com
  248. O1 - Hosts: 127.0.0.1                   systweak.com/STCheckGenuineness
  249. O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
  250. O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
  251. O2 - BHO: (PDF Architect 4 Helper) - {38279E1A-7019-40C1-B579-E99DFB3312E8} - C:\Program Files\PDF Architect 4\creator-ie-helper.dll (pdfforge GmbH)
  252. O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
  253. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
  254. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll (Oracle Corporation)
  255. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL (Microsoft Corporation)
  256. O2 - BHO: (IObit Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
  257. O2 - BHO: (Microsoft OneDrive for Business Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL File not found
  258. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll (Oracle Corporation)
  259. O2 - BHO: (IObit Ads Removal) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\Adblock\ADBlock.dll (IObit)
  260. O3 - HKLM\..\Toolbar: (PDF Architect 4 Toolbar) - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files\PDF Architect 4\creator-ie-plugin.dll (pdfforge GmbH)
  261. O3 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  262. O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
  263. O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
  264. O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
  265. O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
  266. O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
  267. O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
  268. O4 - HKLM..\Run: [SafeNetCertMngr] C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe (SafeNet, Inc.)
  269. O4 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
  270. O4 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000..\Run: [Tecnobyte Agenda] C:\Tecnobyte\Agenda\agenda.exe (Tecnobyte® Informática)
  271. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
  272. O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
  273. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
  274. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
  275. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  276. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
  277. O7 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
  278. O7 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
  279. O7 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
  280. O8 - Extra context menu item: &Enviar para o OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  281. O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE (Microsoft Corporation)
  282. O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
  283. O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll (Microsoft Corporation)
  284. O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (Microsoft Corporation)
  285. O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (Microsoft Corporation)
  286. O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
  287. O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll (Microsoft Corporation)
  288. O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  289. O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  290. O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
  291. O13 - gopher Prefix: missing
  292. O15 - HKU\.DEFAULT\..Trusted Domains: localhost ([]* in Trusted sites)
  293. O15 - HKU\.DEFAULT\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
  294. O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([*] in Trusted sites)
  295. O15 - HKU\.DEFAULT\..Trusted Ranges: Range2 ([*] in Trusted sites)
  296. O15 - HKU\.DEFAULT\..Trusted Ranges: Range3 ([*] in Trusted sites)
  297. O15 - HKU\S-1-5-18\..Trusted Domains: localhost ([]* in Trusted sites)
  298. O15 - HKU\S-1-5-18\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
  299. O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([*] in Trusted sites)
  300. O15 - HKU\S-1-5-18\..Trusted Ranges: Range2 ([*] in Trusted sites)
  301. O15 - HKU\S-1-5-18\..Trusted Ranges: Range3 ([*] in Trusted sites)
  302. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: alterdata.com.br ([]http in Sites confiáveis)
  303. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: alterdata.com.br ([livedesktop] http in Sites confiáveis)
  304. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: alterdatatecnologia.com.br ([]http in Sites confiáveis)
  305. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
  306. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
  307. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: bancobrasil.com.br ([www14] https in Sites confiáveis)
  308. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
  309. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: bancobrasil.com.br ([www2] https in Sites confiáveis)
  310. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: bb.com.br ([aapj] * in Sites confiáveis)
  311. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: bb.com.br ([seg] * in Sites confiáveis)
  312. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: bb.com.br ([seg] https in Sites confiáveis)
  313. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
  314. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: bb.com.br ([www] http in Sites confiáveis)
  315. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: caixa.gov.br ([conectividade] https in Sites confiáveis)
  316. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: caixa.gov.br ([imagem] https in Sites confiáveis)
  317. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: caixa.gov.br ([imagem2] https in Sites confiáveis)
  318. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: caixa.gov.br ([internetbanking] https in Sites confiáveis)
  319. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: caixa.gov.br ([internetbankingpf] https in Sites confiáveis)
  320. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: caixa.gov.br ([www] http in Sites confiáveis)
  321. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: fazenda.gov.br ([www.cte] http in Sites confiáveis)
  322. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: fazenda.gov.br ([www.nfe] http in Sites confiáveis)
  323. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: fazenda.gov.br ([www.receita] https in Sites confiáveis)
  324. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: gastecnologia.com.br ([cloud] * in Sites confiáveis)
  325. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: localhost ([]* in Sites confiáveis)
  326. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: mg.gov.br ([www2.fazenda] https in Internet)
  327. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: rs.gov.br ([www.sefaz] https in Sites confiáveis)
  328. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Domains: webcompanion.com ([]http in Sites confiáveis)
  329. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Ranges: Range1 ([*] in Sites confiáveis)
  330. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Ranges: Range2 ([*] in Sites confiáveis)
  331. O15 - HKU\S-1-5-21-1053161778-1995039369-1223566998-1000\..Trusted Ranges: Range3 ([*] in Sites confiáveis)
  332. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_73-windows-i586.cab (Java Plug-in 11.73.2)
  333. O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
  334. O16 - DPF: {CAFEEFAC-0018-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab (Java Plug-in 1.8.0_51)
  335. O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Reg Error: Key error.)
  336. O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
  337. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D72699F-246D-432E-8765-DADB4DEEA075}: NameServer = 192.168.21.1,177.91.160.100,10.100.192.130
  338. O18 - Protocol\Handler\mso-minsb.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
  339. O18 - Protocol\Handler\mso-minsb-roaming.16 {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
  340. O18 - Protocol\Handler\osf.16 {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
  341. O18 - Protocol\Handler\osf-roaming.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
  342. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
  343. O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
  344. O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
  345. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  346. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
  347. O32 - HKLM CDRom: AutoRun - 1
  348. O32 - AutoRun File - [2013/08/22 07:06:17 | 000,000,040 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]
  349. O32 - AutoRun File - [2008/08/08 10:41:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
  350. O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
  351. O32 - AutoRun File - [2002/01/11 15:37:28 | 000,000,141 | ---- | M] () - C:\AUTOEXEC.NS0 -- [ NTFS ]
  352. O32 - AutoRun File - [2003/06/28 10:52:20 | 000,000,267 | ---- | M] () - C:\AUTOEXEC.NU4 -- [ NTFS ]
  353. O32 - AutoRun File - [2003/08/13 13:08:40 | 000,000,330 | ---- | M] () - C:\AUTOEXEC.SFP -- [ NTFS ]
  354. O32 - AutoRun File - [2004/05/08 11:10:52 | 000,000,436 | ---- | M] () - C:\AUTOEXEC._AV -- [ NTFS ]
  355. O32 - AutoRun File - [2013/08/02 16:05:47 | 000,020,992 | ---- | M] () - C:\AUTORIZAÇÃO PARA CONSULTA AO SCR.doc -- [ NTFS ]
  356. O33 - MountPoints2\{25ca7c2c-bbbf-11e7-b312-001fc6b21357}\Shell - "" = AutoRun
  357. O33 - MountPoints2\{25ca7c2c-bbbf-11e7-b312-001fc6b21357}\Shell\AutoRun\command - "" = F:\setup.exe
  358. O33 - MountPoints2\{8b51ae7d-5470-11e8-885d-001fc6b21357}\Shell - "" = AutoRun
  359. O33 - MountPoints2\{8b51ae7d-5470-11e8-885d-001fc6b21357}\Shell\AutoRun\command - "" = E:\setup.EXE /AUTORUN
  360. O33 - MountPoints2\{8b51ae7d-5470-11e8-885d-001fc6b21357}\Shell\configure\command - "" = E:\setup.EXE
  361. O33 - MountPoints2\{8b51ae7d-5470-11e8-885d-001fc6b21357}\Shell\install\command - "" = E:\setup.EXE
  362. O33 - MountPoints2\{9dd5b738-a91d-11e7-a3df-001fc6b21357}\Shell - "" = AutoRun
  363. O33 - MountPoints2\{9dd5b738-a91d-11e7-a3df-001fc6b21357}\Shell\AutoRun\command - "" = F:\setup.exe
  364. O34 - HKLM BootExecute: (autocheck autochk *)
  365. O35 - HKLM\..comfile [open] -- "%1" %*
  366. O35 - HKLM\..exefile [open] -- "%1" %*
  367. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  368. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  369. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  370. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  371. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  372.  
  373. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  374.  
  375. [2099/01/01 12:00:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\YyefPaaooydy.exe
  376. [2018/09/04 07:10:51 | 000,220,896 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamswissarmy.sys
  377. [2018/09/03 15:32:20 | 000,025,120 | ---- | C] (IObit.com) -- C:\Windows\System32\drivers\IMFCameraProtect.sys
  378. [2018/09/03 15:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
  379. [2018/09/03 14:45:09 | 000,000,000 | ---D | C] -- C:\!KillBox
  380. [2018/09/03 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\360TSBackup
  381. [2018/09/03 14:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
  382. [2018/09/03 14:19:56 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
  383. [2018/09/03 14:19:56 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
  384. [2018/09/03 14:19:56 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
  385. [2018/09/03 14:19:55 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
  386. [2018/09/03 14:19:50 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
  387. [2018/09/03 14:18:24 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
  388. [2018/09/03 14:18:24 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
  389. [2018/09/03 14:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
  390. [2018/09/03 14:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
  391. [2018/08/31 13:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cosmicsoft.lx.ro
  392. [2018/08/31 09:28:37 | 000,000,000 | ---D | C] -- C:\Users\p\Desktop\Nova pasta (5)
  393. [2018/08/30 07:23:58 | 000,000,000 | ---D | C] -- C:\Users\p\Desktop\Sintegra 06-2018
  394. [2018/08/29 15:18:58 | 000,000,000 | ---D | C] -- C:\Users\p\Desktop\Agroef-1
  395. [2018/08/29 15:12:50 | 000,000,000 | ---D | C] -- C:\Users\p\Desktop\Sintegra 07-2018
  396. [2018/08/28 16:04:07 | 000,000,000 | ---D | C] -- C:\Users\p\Desktop\Sintegra 05-2018
  397. [2018/08/28 10:52:33 | 018,023,464 | ---- | C] (Alterdata Software) -- C:\Windows\System32\altpack_wdp_rc_61269-8.bpl
  398. [2018/08/28 10:52:31 | 018,028,072 | ---- | C] (Alterdata Software) -- C:\Windows\System32\altpack_wdp_rc_61269-10.bpl
  399. [2018/08/28 08:16:27 | 002,674,216 | ---- | C] (Alterdata Software) -- C:\Windows\System32\altpack_wphd_61269.bpl
  400. [2018/08/27 15:57:55 | 000,000,000 | ---D | C] -- C:\Users\p\Desktop\Sintegra 04-2018
  401. [2018/08/27 07:56:34 | 000,000,000 | ---D | C] -- C:\Users\p\Desktop\Sintegra 03-2018
  402. [2018/08/24 13:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
  403. [2018/08/24 13:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
  404. [2018/08/22 09:55:11 | 000,000,000 | ---D | C] -- C:\Users\p\Desktop\Nova pasta (4)
  405. [2018/08/21 16:32:34 | 000,000,000 | ---D | C] -- C:\Users\p\Desktop\Nova pasta (3)
  406. [2018/08/21 14:39:59 | 018,010,664 | ---- | C] (Alterdata Software) -- C:\Windows\System32\altpack_wdp_rc_61269-7.bpl
  407. [2018/08/21 14:38:29 | 018,028,072 | ---- | C] (Alterdata Software) -- C:\Windows\System32\altpack_wdp_rc_61269-9.bpl
  408. [2018/08/21 14:38:25 | 017,930,792 | ---- | C] (Alterdata Software) -- C:\Windows\System32\altpack_wdp_rc_61269-6.bpl
  409. [2018/08/13 14:44:07 | 000,000,000 | ---D | C] -- C:\Users\p\AppData\Local\ARKBreedingStats
  410. [2018/04/05 16:30:28 | 000,057,344 | ---- | C] (DBA Engenharia de Sistemas) -- C:\Users\p\signver1.dll
  411. [2018/04/05 16:28:40 | 000,057,344 | ---- | C] (DBA Engenharia de Sistemas) -- C:\Users\p\signver.dll
  412. [89 C:\*.tmp files -> C:\*.tmp -> ]
  413. [2 C:\Users\p\Desktop\*.tmp files -> C:\Users\p\Desktop\*.tmp -> ]
  414. [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
  415. [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  416.  
  417. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  418.  
  419. [2018/09/04 07:22:18 | 000,030,736 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  420. [2018/09/04 07:22:18 | 000,030,736 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  421. [2018/09/04 07:10:51 | 000,220,896 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbamswissarmy.sys
  422. [2018/09/04 07:05:35 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
  423. [2018/09/04 07:05:29 | 2711,019,520 | -HS- | M] () -- C:\hiberfil.sys
  424. [2018/09/03 17:01:44 | 000,276,581 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
  425. [2018/09/03 15:31:40 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
  426. [2018/09/03 14:40:50 | 000,000,000 | ---- | M] () -- C:\Users\p\rd
  427. [2018/09/03 14:19:57 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
  428. [2018/09/03 14:19:50 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
  429. [2018/08/31 14:06:18 | 018,602,225 | ---- | M] () -- C:\Users\p\Desktop\Inventário 2017 Clenesio.pdf
  430. [2018/08/31 13:52:16 | 000,001,150 | ---- | M] () -- C:\Users\p\Desktop\SmartQRP.lnk
  431. [2018/08/31 07:56:27 | 000,182,928 | ---- | M] () -- C:\Users\p\Desktop\Balanço_2017(1).pdf
  432. [2018/08/30 13:45:54 | 000,000,267 | ---- | M] () -- C:\Windows\WFISCAL.INI
  433. [2018/08/29 08:11:40 | 000,028,578 | ---- | M] () -- C:\Users\p\Desktop\ValidadorSintegra2015.pdf
  434. [2018/08/28 10:56:01 | 000,001,281 | ---- | M] () -- C:\Users\Public\Desktop\INSS.lnk
  435. [2018/08/28 10:56:01 | 000,001,249 | ---- | M] () -- C:\Users\Public\Desktop\Departamento Pessoal.lnk
  436. [2018/08/28 08:16:33 | 000,001,408 | ---- | M] () -- C:\Users\Public\Desktop\WPHD.lnk
  437. [2018/08/27 13:50:48 | 000,092,187 | ---- | M] () -- C:\Users\p\Desktop\índice.jpg
  438. [2018/08/24 13:22:02 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
  439. [2018/08/22 14:36:02 | 000,000,319 | ---- | M] () -- C:\Windows\System32\dll_Winss.upd
  440. [2018/08/22 14:35:42 | 000,001,739 | ---- | M] () -- C:\Windows\System32\dll_WDP.upd
  441. [2018/08/22 10:05:14 | 018,028,072 | ---- | M] (Alterdata Software) -- C:\Windows\System32\altpack_wdp_rc_61269-10.bpl
  442. [2018/08/20 13:48:41 | 000,057,344 | ---- | M] (DBA Engenharia de Sistemas) -- C:\Users\p\signver1.dll
  443. [2018/08/20 13:47:34 | 000,057,344 | ---- | M] (DBA Engenharia de Sistemas) -- C:\Users\p\signver.dll
  444. [2018/08/18 14:06:26 | 018,028,072 | ---- | M] (Alterdata Software) -- C:\Windows\System32\altpack_wdp_rc_61269-9.bpl
  445. [2018/08/16 08:45:34 | 018,023,464 | ---- | M] (Alterdata Software) -- C:\Windows\System32\altpack_wdp_rc_61269-8.bpl
  446. [2018/08/16 07:16:53 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Firefox.lnk
  447. [2018/08/09 08:00:12 | 000,000,096 | ---- | M] () -- C:\Windows\altpack_wfiscal_proc_importanfe.INI
  448. [2018/08/08 12:22:50 | 018,010,664 | ---- | M] (Alterdata Software) -- C:\Windows\System32\altpack_wdp_rc_61269-7.bpl
  449. [89 C:\*.tmp files -> C:\*.tmp -> ]
  450. [2 C:\Users\p\Desktop\*.tmp files -> C:\Users\p\Desktop\*.tmp -> ]
  451. [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
  452. [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  453.  
  454. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  455.  
  456. [2018/09/03 15:31:40 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
  457. [2018/09/03 14:40:50 | 000,000,000 | ---- | C] () -- C:\Users\p\rd
  458. [2018/09/03 14:19:57 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
  459. [2018/08/31 14:06:17 | 018,602,225 | ---- | C] () -- C:\Users\p\Desktop\Inventário 2017 Clenesio.pdf
  460. [2018/08/31 13:52:16 | 000,001,150 | ---- | C] () -- C:\Users\p\Desktop\SmartQRP.lnk
  461. [2018/08/31 07:56:23 | 000,182,928 | ---- | C] () -- C:\Users\p\Desktop\Balanço_2017(1).pdf
  462. [2018/08/29 08:11:40 | 000,028,578 | ---- | C] () -- C:\Users\p\Desktop\ValidadorSintegra2015.pdf
  463. [2018/08/28 10:56:01 | 000,001,281 | ---- | C] () -- C:\Users\Public\Desktop\INSS.lnk
  464. [2018/08/28 10:56:01 | 000,001,249 | ---- | C] () -- C:\Users\Public\Desktop\Departamento Pessoal.lnk
  465. [2018/08/28 10:55:34 | 000,000,319 | ---- | C] () -- C:\Windows\System32\dll_Winss.upd
  466. [2018/08/28 10:52:37 | 000,001,739 | ---- | C] () -- C:\Windows\System32\dll_WDP.upd
  467. [2018/08/27 13:50:48 | 000,092,187 | ---- | C] () -- C:\Users\p\Desktop\índice.jpg
  468. [2018/08/24 13:22:02 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
  469. [2018/08/20 07:34:01 | 000,002,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
  470. [2018/05/08 13:04:13 | 000,443,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
  471. [2018/02/06 14:40:59 | 000,000,003 | ---- | C] () -- C:\Users\p\AppData\Local\wbem.ini
  472. [2018/01/13 08:00:28 | 000,000,096 | ---- | C] () -- C:\Users\p\AppData\Roaming\~SiMPLEX.ini
  473. [2017/10/27 14:03:53 | 000,007,603 | ---- | C] () -- C:\Users\p\AppData\Local\Resmon.ResmonCfg
  474. [2017/09/14 11:06:02 | 000,000,000 | ---- | C] () -- C:\Users\p\AppData\Local\{AE34404F-5DCF-4A7D-B0E4-C03BF00FBF76}
  475. [2017/07/08 08:26:01 | 002,256,384 | ---- | C] () -- C:\Windows\System32\Prx.dll
  476. [2017/07/08 08:26:01 | 000,371,200 | ---- | C] () -- C:\Windows\System32\Prox.dll
  477. [2017/07/08 08:26:01 | 000,218,112 | ---- | C] () -- C:\Windows\System32\Hl_med32.dll
  478. [2017/07/08 08:26:01 | 000,167,936 | ---- | C] () -- C:\Windows\System32\Hlsoft32.dll
  479. [2017/07/08 08:26:01 | 000,051,712 | ---- | C] () -- C:\Windows\System32\Rsa_w32.dll
  480. [2017/07/08 08:26:01 | 000,031,744 | ---- | C] () -- C:\Windows\System32\Hl_pub32.dll
  481. [2017/07/08 08:26:01 | 000,000,148 | ---- | C] () -- C:\Windows\System32\tcpconf.dat
  482. [2017/04/10 16:21:47 | 000,023,040 | ---- | C] () -- C:\Windows\KMS-R@1n.exe
  483. [2016/12/28 06:48:58 | 000,039,832 | ---- | C] () -- C:\Windows\System32\drivers\staport.sys
  484. [2015/12/03 15:50:19 | 000,000,010 | ---- | C] () -- C:\Users\p\backup-20151203165019.gz
  485. [2015/12/02 19:53:55 | 000,001,996 | ---- | C] () -- C:\Users\p\.com.zerog.registry.xml
  486.  
  487. [color=#E56717]========== ZeroAccess Check ==========[/color]
  488.  
  489. [2017/12/22 13:08:12 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  490.  
  491. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  492.  
  493. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  494.  
  495. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  496. "" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 05:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
  497. "ThreadingModel" = Apartment
  498.  
  499. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  500. "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
  501. "ThreadingModel" = Free
  502.  
  503. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  504. "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
  505. "ThreadingModel" = Both
  506.  
  507. [color=#E56717]========== LOP Check ==========[/color]
  508.  
  509. [2015/12/03 08:59:34 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\.#
  510. [2017/02/20 17:00:05 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\ControlCenter4
  511. [2018/02/09 07:40:58 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\DAEMON Tools Lite
  512. [2018/05/10 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\DAEMON Tools Ultra
  513. [2018/08/28 10:58:06 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\EurekaLog
  514. [2017/05/15 13:52:50 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\Foxit Software
  515. [2017/11/27 16:08:56 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\HK-Software
  516. [2018/09/03 15:32:27 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\IObit
  517. [2017/12/27 16:02:56 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\Nuance
  518. [2016/04/30 10:48:36 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\PDF Architect 4
  519. [2016/06/20 16:44:13 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\PDF Producer
  520. [2016/01/27 07:15:24 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\Programas RFB
  521. [2016/03/12 07:26:08 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\Serpro
  522. [2017/03/03 16:58:04 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\Thunderbird
  523. [2017/03/03 09:00:53 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\Tools
  524. [2018/03/26 07:16:46 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\Wondershare
  525. [2016/12/28 06:36:18 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\Zeon
  526.  
  527. [color=#E56717]========== Purity Check ==========[/color]
  528.  
  529.  
  530.  
  531. < End of report >
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top