API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 15th, 2015
112
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 40.70 KB | None | 0 0
raw download clone embed print report
  1. OTL logfile created on: 15/11/2015 18:45:43 - Run 1
  2. OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\edine\Downloads
  3. 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
  4. Internet Explorer (Version = 9.11.10240.16384)
  5. Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
  6.  
  7. 7,94 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 75,36% Memory free
  8. 9,19 Gb Paging File | 6,98 Gb Available in Paging File | 75,99% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
  12. Drive C: | 932,40 Gb Total Space | 747,74 Gb Free Space | 80,20% Space Free | Partition Type: NTFS
  13. Drive G: | 930,61 Gb Total Space | 811,39 Gb Free Space | 87,19% Space Free | Partition Type: NTFS
  14.  
  15. Computer Name: LNTECHBRPC | User Name: edine | Logged in as Administrator.
  16. Boot Mode: Normal | Scan Mode: All users
  17. Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
  18.  
  19. [color=#E56717]========== Processes (SafeList) ==========[/color]
  20.  
  21. PRC - File not found --
  22. PRC - [2015/11/15 18:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\edine\Downloads\OTL.exe
  23. PRC - [2015/11/07 02:36:36 | 000,811,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  24. PRC - [2015/11/05 12:41:48 | 000,417,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  25. PRC - [2015/10/29 11:40:46 | 006,348,560 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
  26. PRC - [2015/10/29 11:40:45 | 019,117,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe
  27. PRC - [2015/10/29 11:24:08 | 000,230,672 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\tv_w32.exe
  28. PRC - [2015/10/12 01:05:57 | 002,655,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
  29. PRC - [2015/10/12 01:05:53 | 001,873,696 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
  30. PRC - [2015/10/09 17:30:52 | 002,505,472 | ---- | M] (ESET) -- C:\Arquivos de Programas\ESET\ESET NOD32 Antivirus\ekrn.exe
  31. PRC - [2015/10/09 16:56:28 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
  32. PRC - [2015/08/14 14:03:20 | 000,391,872 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
  33. PRC - [2015/08/14 14:03:14 | 000,358,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
  34. PRC - [2015/08/14 13:43:38 | 000,089,792 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
  35. PRC - [2015/08/13 11:53:48 | 000,587,576 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
  36.  
  37.  
  38. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  39.  
  40. MOD - [2015/11/07 02:36:33 | 001,532,744 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
  41. MOD - [2015/11/07 02:36:32 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
  42. MOD - [2015/10/12 01:05:57 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
  43. MOD - [2015/10/09 16:56:28 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
  44.  
  45.  
  46. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  47.  
  48. DRV - [2015/10/12 01:05:50 | 000,020,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
  49. DRV - [2015/09/03 16:41:02 | 000,029,912 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GbPlugin\gbprcm64.sys -- (GBPRCM)
  50. DRV - [2015/09/03 16:41:02 | 000,024,792 | ---- | M] (GAS Tecnologia LTDA) [Kernel | On_Demand | Running] -- C:\PROGRA~2\GbPlugin\wsftprp64.sys -- (Warsaw_PP)
  51. DRV - [2015/07/10 08:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
  52. DRV - [2015/07/10 08:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
  53. DRV - [2015/07/07 17:06:58 | 000,038,104 | ---- | M] (Basil) [Kernel | Disabled | Running] -- C:\Arquivos de Programas\Diebold\Warsaw\WinDivert64.sys -- (WinDivert1.1)
  54. DRV - [2014/02/11 18:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Arquivos de Programas\AMD\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.3)
  55.  
  56.  
  57. [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
  58.  
  59.  
  60. [color=#E56717]========== Internet Explorer ==========[/color]
  61.  
  62. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  63. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  64. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  65.  
  66.  
  67. IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  68.  
  69. IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  70.  
  71. IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
  72.  
  73. IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
  74.  
  75. IE - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
  76. IE - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
  77. IE - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR,pt;q=0.5
  78. IE - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 84 8B F5 6E 1A D1 01 [binary data]
  79. IE - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  80. IE - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
  81. IE - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  82.  
  83.  
  84. [color=#E56717]========== FireFox ==========[/color]
  85.  
  86. FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
  87. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll (Oracle Corporation)
  88. FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL (Microsoft Corporation)
  89. FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
  90. FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
  91. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
  92. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
  93.  
  94.  
  95.  
  96. [color=#E56717]========== Chrome ==========[/color]
  97.  
  98. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.5_0\
  99. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
  100. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
  101. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.9.3_0\
  102. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
  103. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhfnnpogmhodlmglbdgikedkcpnoijj\2015.11.3.61614_0\
  104. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei\2.0.2.2_0\
  105. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kehfgmehejnhincbhnnkmiamegdhfcid\1.0.3_0\
  106. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmlmjahehdnbhhgcaecfhholhcegdlom\2015.11.3.61614_0\
  107. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
  108. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi\3.7.2_0\
  109. CHR - Extension: No name found = C:\Users\edine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
  110.  
  111. O1 HOSTS File: ([2015/07/10 09:02:42 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
  112. O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
  113. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll (Oracle Corporation)
  114. O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
  115. O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
  116. O2 - BHO: (Microsoft OneDrive for Business Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL (Microsoft Corporation)
  117. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll (Oracle Corporation)
  118. O4 - HKLM..\Run: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe ()
  119. O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
  120. O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
  121. O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
  122. O4 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001..\Run: [OneDrive] C:\Users\edine\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
  123. O4 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
  124. O4 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001..\Run: [uTorrent] "C:\Users\edine\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED File not found
  125. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  126. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  127. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
  128. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  129. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
  130. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
  131. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
  132. O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
  133. O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
  134. O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
  135. O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
  136. O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  137. O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  138. O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
  139. O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
  140. O13 - gopher Prefix: missing
  141. O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites)
  142. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: bancobrasil.com.br ([www14] https in Sites confiáveis)
  143. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: bancobrasil.com.br ([www2] https in Sites confiáveis)
  144. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: bb.com.br ([seg] https in Sites confiáveis)
  145. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: bb.com.br ([www] http in Sites confiáveis)
  146. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: caixa.gov.br ([imagem] * in Sites confiáveis)
  147. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: caixa.gov.br ([imagem] https in Sites confiáveis)
  148. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: caixa.gov.br ([imagem2] https in Sites confiáveis)
  149. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: caixa.gov.br ([internetbanking] * in Sites confiáveis)
  150. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: caixa.gov.br ([internetbanking] https in Sites confiáveis)
  151. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Sites confiáveis)
  152. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: caixa.gov.br ([internetbankingpf] https in Sites confiáveis)
  153. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: caixa.gov.br ([www] * in Sites confiáveis)
  154. O15 - HKU\S-1-5-21-2605805434-2466420127-2819608969-1001\..Trusted Domains: caixa.gov.br ([www] http in Sites confiáveis)
  155. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{167ac168-d6b0-4174-91fc-18a943a32367}: DhcpNameServer = 192.58.35.1
  156. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{167ac168-d6b0-4174-91fc-18a943a32367}: NameServer = 4.2.2.2,4.2.2.4
  157. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ca12722c-30c5-484b-971e-8f69ce15dede}: DhcpNameServer = 192.58.35.1
  158. O18 - Protocol\Handler\mso-minsb.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
  159. O18 - Protocol\Handler\mso-minsb-roaming.16 {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
  160. O18 - Protocol\Handler\osf.16 {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
  161. O18 - Protocol\Handler\osf-roaming.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Arquivos de Programas\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
  162. O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
  163. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
  164. O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
  165. O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
  166. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  167. O27 - HKLM IFEO\OSppSvc.exe: Debugger - C:\Windows\KMS-R@1nhook.exe ()
  168. O27 - HKLM IFEO\SppExtComObj.exe: Debugger - C:\Windows\KMS-R@1nhook.exe ()
  169. O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
  170. O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
  171. O32 - HKLM CDRom: AutoRun - 1
  172. O34 - HKLM BootExecute: (autocheck autochk *)
  173. O35 - HKLM\..comfile [open] -- "%1" %*
  174. O35 - HKLM\..exefile [open] -- "%1" %*
  175. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  176. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  177. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  178. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  179.  
  180. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  181.  
  182. [2015/11/15 18:45:29 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Local\Diagnostics
  183. [2015/11/15 17:27:15 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
  184. [2015/11/15 17:22:02 | 001,822,048 | ---- | C] (BitTorrent Inc.) -- C:\Users\edine\Desktop\uTorrent.exe
  185. [2015/11/11 18:26:22 | 002,639,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
  186. [2015/11/11 18:26:22 | 002,049,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.StateRepository.dll
  187. [2015/11/11 18:26:20 | 002,647,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
  188. [2015/11/11 18:26:19 | 018,803,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\edgehtml.dll
  189. [2015/11/11 18:26:17 | 000,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dlnashext.dll
  190. [2015/11/11 18:26:16 | 001,918,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
  191. [2015/11/11 18:26:15 | 000,961,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LicenseManager.dll
  192. [2015/11/11 18:26:13 | 000,762,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinapi.appcore.dll
  193. [2015/11/11 18:26:13 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.dll
  194. [2015/11/11 18:26:13 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Devices.Usb.dll
  195. [2015/11/11 18:26:12 | 000,650,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
  196. [2015/11/11 18:26:12 | 000,539,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontdrvhost.exe
  197. [2015/11/09 19:58:18 | 000,102,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
  198. [2015/11/09 19:56:54 | 018,389,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
  199. [2015/11/09 19:56:54 | 015,933,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
  200. [2015/11/09 19:56:54 | 013,533,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
  201. [2015/11/09 19:56:54 | 012,040,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
  202. [2015/11/09 19:56:54 | 002,496,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
  203. [2015/11/09 19:56:54 | 000,823,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncMFTH264.dll
  204. [2015/11/09 19:56:54 | 000,689,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
  205. [2015/11/09 19:56:54 | 000,674,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
  206. [2015/11/09 19:56:54 | 000,446,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvDecMFTMjpeg.dll
  207. [2015/11/09 19:56:54 | 000,445,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
  208. [2015/11/09 19:56:54 | 000,422,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
  209. [2015/11/09 19:56:54 | 000,369,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
  210. [2015/11/09 19:56:54 | 000,155,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
  211. [2015/11/09 19:56:54 | 000,128,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
  212. [2015/11/09 19:56:53 | 003,126,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
  213. [2015/11/08 19:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
  214. [2015/11/08 19:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageWriter
  215. [2015/11/08 18:36:43 | 000,000,000 | ---D | C] -- C:\Users\edine\Documents\Virtual Machines
  216. [2015/11/08 18:31:48 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Local\VMware
  217. [2015/11/08 18:31:46 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\VMware
  218. [2015/11/08 18:31:00 | 000,064,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
  219. [2015/11/08 18:30:39 | 000,358,080 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
  220. [2015/11/08 18:30:38 | 000,391,872 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
  221. [2015/11/08 18:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
  222. [2015/11/08 18:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ThinPrint
  223. [2015/11/08 18:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
  224. [2015/11/08 18:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
  225. [2015/11/08 18:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
  226. [2015/11/08 10:05:26 | 000,000,000 | ---D | C] -- C:\Users\edine\Desktop\Boletos 11.2015
  227. [2015/11/07 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\naviextras
  228. [2015/11/07 17:35:24 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Naviextras
  229. [2015/11/07 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Naviextras
  230. [2015/11/07 16:51:59 | 012,870,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
  231. [2015/11/02 11:47:28 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Local\Microsoft Help
  232. [2015/11/02 11:16:37 | 000,000,000 | ---D | C] -- C:\Users\edine\Documents\Modelos Personalizados do Office
  233. [2015/11/01 15:33:55 | 000,000,000 | ---D | C] -- C:\Users\edine\Documents\Freemake
  234. [2015/11/01 15:33:54 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
  235. [2015/11/01 15:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
  236. [2015/11/01 15:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Freemake Shared
  237. [2015/11/01 15:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
  238. [2015/11/01 15:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
  239. [2015/10/30 19:26:27 | 000,000,000 | ---D | C] -- C:\Users\edine\Documents\CPY_SAVES
  240. [2015/10/29 20:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
  241. [2015/10/29 20:48:25 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\Sun
  242. [2015/10/29 20:48:24 | 000,000,000 | ---D | C] -- C:\Users\edine\.oracle_jre_usage
  243. [2015/10/29 20:48:20 | 000,097,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
  244. [2015/10/29 20:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
  245. [2015/10/29 20:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
  246. [2015/10/29 20:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
  247. [2015/10/29 20:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
  248. [2015/10/29 20:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Care Suite
  249. [2015/10/29 20:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
  250. [2015/10/29 20:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
  251. [2015/10/26 17:33:58 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
  252. [2015/10/26 17:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner Statistics Server
  253. [2015/10/26 17:28:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
  254. [2015/10/26 17:27:59 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
  255. [2015/10/26 17:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
  256. [2015/10/26 17:26:47 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Local\Micro-Star_Int'l_Co.,_Ltd
  257. [2015/10/26 13:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
  258. [2015/10/26 13:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
  259. [2015/10/26 13:37:51 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSurf_Pro_V2
  260. [2015/10/26 13:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grandstream
  261. [2015/10/26 10:20:10 | 000,000,000 | ---D | C] -- C:\Users\edine\Documents\BFH
  262. [2015/10/26 00:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games
  263. [2015/10/25 21:15:44 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\NVIDIA
  264. [2015/10/25 21:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
  265. [2015/10/23 13:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
  266. [2015/10/22 18:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
  267. [2015/10/22 18:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced IP Scanner
  268. [2015/10/21 19:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
  269. [2015/10/21 18:52:52 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Local\NVIDIA Corporation
  270. [2015/10/21 18:52:39 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Local\NVIDIA
  271. [2015/10/21 18:52:30 | 001,423,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
  272. [2015/10/21 18:52:30 | 001,316,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
  273. [2015/10/21 18:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
  274. [2015/10/21 18:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
  275. [2015/10/21 18:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
  276. [2015/10/21 18:52:03 | 000,069,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
  277. [2015/10/19 19:01:15 | 000,000,000 | ---D | C] -- C:\Users\edine\Documents\WB Games
  278. [2015/10/18 10:45:41 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\.mono
  279. [2015/10/18 10:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
  280. [2015/10/18 10:45:39 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Local\Colossal Order
  281. [2015/10/18 10:45:34 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\Steam
  282. [2015/10/18 10:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cities Skylines After Dark
  283. [2015/10/17 22:09:56 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Roaming\AMD
  284. [2015/10/17 22:09:33 | 000,000,000 | ---D | C] -- C:\Users\edine\VirtualBox VMs
  285. [2015/10/17 21:50:31 | 000,000,000 | ---D | C] -- C:\Users\edine\.VirtualBox
  286. [2015/10/17 21:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
  287. [2015/10/17 17:23:51 | 000,000,000 | ---D | C] -- C:\Users\edine\AppData\Local\ESET
  288. [2015/10/17 17:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
  289. [2015/10/17 17:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
  290. [2015/10/17 17:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
  291. [2015/10/17 11:26:00 | 000,000,000 | ---D | C] -- C:\17-10-15
  292. [2015/10/17 10:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\W2 Softwares
  293. [2015/10/16 20:41:25 | 000,000,000 | ---D | C] -- C:\Users\edine\Documents\Euro Truck Simulator 2
  294. [2015/10/16 19:28:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\GAS Tecnologia
  295. [2015/10/16 19:28:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Diebold
  296. [2015/10/16 19:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\GAS Tecnologia
  297. [2015/10/16 19:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\GbPlugin
  298. [2015/10/16 19:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GbPlugin
  299. [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  300.  
  301. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  302.  
  303. [2015/11/15 18:37:33 | 000,001,543 | ---- | M] () -- C:\Users\edine\Desktop\uTorrent.exe - Atalho.lnk
  304. [2015/11/15 18:31:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  305. [2015/11/15 18:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  306. [2015/11/15 17:31:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
  307. [2015/11/15 17:29:10 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
  308. [2015/11/15 17:29:08 | 3410,800,640 | -HS- | M] () -- C:\hiberfil.sys
  309. [2015/11/15 17:22:10 | 001,822,048 | ---- | M] (BitTorrent Inc.) -- C:\Users\edine\Desktop\uTorrent.exe
  310. [2015/11/09 19:58:39 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
  311. [2015/11/08 18:30:22 | 001,737,314 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
  312. [2015/11/07 17:35:24 | 000,001,233 | ---- | M] () -- C:\Users\edine\Desktop\Naviextras Toolbox.lnk
  313. [2015/11/05 15:00:13 | 037,882,160 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
  314. [2015/11/05 15:00:13 | 018,389,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
  315. [2015/11/05 15:00:13 | 015,933,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
  316. [2015/11/05 15:00:13 | 013,533,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
  317. [2015/11/05 15:00:13 | 012,870,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
  318. [2015/11/05 15:00:13 | 012,040,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
  319. [2015/11/05 15:00:13 | 003,126,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
  320. [2015/11/05 15:00:13 | 002,496,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
  321. [2015/11/05 15:00:13 | 000,823,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncMFTH264.dll
  322. [2015/11/05 15:00:13 | 000,689,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
  323. [2015/11/05 15:00:13 | 000,674,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
  324. [2015/11/05 15:00:13 | 000,446,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvDecMFTMjpeg.dll
  325. [2015/11/05 15:00:13 | 000,445,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
  326. [2015/11/05 15:00:13 | 000,422,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
  327. [2015/11/05 15:00:13 | 000,369,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
  328. [2015/11/05 15:00:13 | 000,155,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
  329. [2015/11/05 15:00:13 | 000,128,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
  330. [2015/11/05 12:41:48 | 000,102,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
  331. [2015/11/05 02:30:20 | 000,961,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\LicenseManager.dll
  332. [2015/11/05 02:23:32 | 000,762,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\twinapi.appcore.dll
  333. [2015/11/05 02:18:34 | 000,539,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontdrvhost.exe
  334. [2015/11/05 01:42:23 | 002,647,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
  335. [2015/11/05 01:40:41 | 001,918,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
  336. [2015/11/05 01:35:47 | 018,803,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\edgehtml.dll
  337. [2015/11/05 01:35:04 | 002,639,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
  338. [2015/11/05 01:34:45 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Devices.Usb.dll
  339. [2015/11/05 01:33:09 | 000,650,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
  340. [2015/11/05 01:27:12 | 002,049,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.StateRepository.dll
  341. [2015/11/05 01:27:12 | 000,464,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.dll
  342. [2015/11/05 01:23:15 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dlnashext.dll
  343. [2015/11/03 16:20:11 | 000,810,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
  344. [2015/11/03 16:20:11 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
  345. [2015/10/29 20:48:14 | 000,097,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
  346. [2015/10/25 21:12:31 | 000,129,536 | ---- | M] () -- C:\Windows\SysWow64\FW1FontWrapper.dll
  347. [2015/10/22 18:44:25 | 000,000,178 | ---- | M] () -- C:\Users\edine\advanced_ip_scanner_MAC.bin
  348. [2015/10/16 19:29:00 | 000,001,024 | ---- | M] () -- C:\.rnd
  349. [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  350.  
  351. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  352.  
  353. [2015/11/15 18:37:33 | 000,001,543 | ---- | C] () -- C:\Users\edine\Desktop\uTorrent.exe - Atalho.lnk
  354. [2015/11/09 19:58:39 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
  355. [2015/11/09 19:56:53 | 037,882,160 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
  356. [2015/11/08 18:30:22 | 001,737,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
  357. [2015/11/07 17:35:24 | 000,001,233 | ---- | C] () -- C:\Users\edine\Desktop\Naviextras Toolbox.lnk
  358. [2015/10/30 19:26:13 | 000,001,134 | ---- | C] () -- C:\Users\edine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Launcher.lnk
  359. [2015/10/29 20:33:11 | 000,002,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Device Recovery Tool.lnk
  360. [2015/10/25 21:16:29 | 000,129,536 | ---- | C] () -- C:\Windows\SysWow64\FW1FontWrapper.dll
  361. [2015/10/22 18:44:25 | 000,000,178 | ---- | C] () -- C:\Users\edine\advanced_ip_scanner_MAC.bin
  362. [2015/10/21 19:48:26 | 000,000,787 | ---- | C] () -- C:\Users\edine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MadMax.lnk
  363. [2015/10/16 19:28:43 | 000,001,024 | ---- | C] () -- C:\.rnd
  364. [2015/10/11 15:34:51 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
  365. [2015/10/10 12:45:28 | 000,026,112 | ---- | C] () -- C:\Windows\KMS-R@1n.exe
  366. [2015/10/10 12:45:28 | 000,004,608 | ---- | C] () -- C:\Windows\KMS-R@1nhook.exe
  367. [2015/10/10 12:45:28 | 000,003,584 | ---- | C] () -- C:\Windows\KMS-QADhook.dll
  368. [2015/10/10 12:26:42 | 001,766,952 | ---- | C] () -- C:\Windows\SysWow64\CoreUIComponents.dll
  369. [2015/10/10 12:26:38 | 001,823,232 | ---- | C] () -- C:\Windows\SysWow64\InputService.dll
  370. [2015/10/10 12:26:21 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\TextInputFramework.dll
  371. [2015/10/10 10:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
  372. [2015/10/10 10:32:26 | 000,111,088 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
  373. [2015/10/10 10:32:18 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
  374. [2015/10/10 10:32:18 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
  375. [2015/10/10 10:32:12 | 000,152,560 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
  376. [2015/10/10 10:32:10 | 000,807,424 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
  377. [2015/10/10 10:32:09 | 001,005,552 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
  378. [2015/10/10 10:32:06 | 000,198,640 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
  379. [2015/10/10 10:32:06 | 000,132,080 | ---- | C] () -- C:\Windows\SysWow64\amdhdl32.dll
  380. [2015/07/10 10:20:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
  381. [2015/07/10 09:04:39 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
  382. [2015/07/10 09:04:38 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
  383. [2015/07/10 09:00:35 | 000,161,632 | ---- | C] () -- C:\Windows\SysWow64\weretw.dll
  384. [2015/07/10 09:00:33 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
  385. [2015/07/10 09:00:32 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
  386. [2015/07/10 09:00:31 | 000,156,672 | ---- | C] () -- C:\Windows\SysWow64\MTF.dll
  387. [2015/07/10 09:00:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\dtdump.exe
  388. [2015/07/10 09:00:29 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\InputLocaleManager.dll
  389. [2015/07/10 09:00:29 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\EditBufferTestHook.dll
  390. [2015/07/10 09:00:29 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\WpKbdLayout.dll
  391. [2015/07/10 09:00:29 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\WordBreakers.dll
  392. [2015/07/10 09:00:28 | 000,270,848 | ---- | C] () -- C:\Windows\SysWow64\HrtfApo.dll
  393. [2015/07/10 09:00:27 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
  394. [2015/07/10 09:00:26 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\efsext.dll
  395. [2015/07/10 09:00:25 | 000,002,269 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
  396. [2015/07/10 09:00:24 | 000,167,640 | ---- | C] () -- C:\Windows\SysWow64\chs_singlechar_pinyin.dat
  397. [2015/07/10 08:59:51 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
  398.  
  399. [color=#E56717]========== ZeroAccess Check ==========[/color]
  400.  
  401.  
  402. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  403.  
  404. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  405.  
  406. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
  407.  
  408. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  409.  
  410. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  411. "" = C:\Windows\SysNative\windows.storage.dll -- [2015/09/17 04:49:11 | 006,487,248 | ---- | M] (Microsoft Corporation)
  412. "ThreadingModel" = Apartment
  413.  
  414. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  415. "" = %SystemRoot%\system32\windows.storage.dll -- [2015/09/17 04:28:40 | 005,120,056 | ---- | M] (Microsoft Corporation)
  416. "ThreadingModel" = Apartment
  417.  
  418. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
  419. "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/07/10 08:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation)
  420. "ThreadingModel" = Free
  421.  
  422. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  423. "" = %systemroot%\system32\wbem\fastprox.dll -- [2015/07/10 09:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
  424. "ThreadingModel" = Free
  425.  
  426. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
  427. "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/07/10 08:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation)
  428. "ThreadingModel" = Both
  429.  
  430. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  431.  
  432. [color=#E56717]========== Alternate Data Streams ==========[/color]
  433.  
  434. @Alternate Data Stream - 32 bytes -> C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
  435. @Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
  436.  
  437. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!