Otl

OTL logfile created on: 18/09/2013 16:59:21 - Run 1
OTL by OldTimer - Version 3.2.69.0

Folder = C:\Users\wendellrosa\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16688)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
3,89 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 55,39% Memor
y free
4,58 Gb Paging File | 2,66 Gb Available in Paging File | 58,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Fil
es (x86)
Drive C: | 450,08 Gb Total Space | 384,70 Gb Free Space | 85,47% Space Free | Pa
rtition Type: NTFS
Drive D: | 14,91 Gb Total Space | 1,95 Gb Free Space | 13,10% Space Free | Parti
tion Type: NTFS
Drive F: | 642,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Parti
tion Type: CDFS
Computer Name: WROSA | User Name: wendellrosa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitel
ist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/09/18 16:58:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\User
s\wendellrosa\Downloads\OTL.exe
PRC - [2013/09/02 17:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program
Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/26 23:44:58 | 003,549,528 | ---- | M] (Electronic Arts) -- C:\Pro
gram Files (x86)\Origin\Origin.exe
PRC - [2013/08/17 15:26:52 | 001,130,576 | ---- | M] (BitTorrent Inc.) -- C:\Use
rs\wendellrosa\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/08/14 04:27:17 | 000,164,816 | ---- | M] (APN LLC.) -- C:\Program Fi
les (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/08/14 04:27:09 | 001,601,488 | ---- | M] (APN) -- C:\Program Files (
x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/07/08 10:42:48 | 001,922,600 | ---- | M] (Pandora.TV) -- C:\Program
Files (x86)\PANDORA.TV\PanService\KMPService.exe
PRC - [2013/07/08 10:42:38 | 001,798,696 | ---- | M] (PandoraTV) -- C:\Program F
iles (x86)\PANDORA.TV\PanService\KMPProcess.exe
PRC - [2013/05/21 01:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C
:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2012/07/27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program F
iles (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/07/18 13:10:34 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\P
rogram Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
rogram Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
rogram Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.e
xe
PRC - [2012/07/09 13:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Developmen
t Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSG
SVC.exe
PRC - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Developmen
t Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMI
SVC.exe
PRC - [2012/06/08 00:34:06 | 000,111,120 | ---- | M]

iles (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/03/28 18:34:30 | 000,091,432 | ---- | M]
gram Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M]
:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M]
:\Windows\SysWOW64\ezSharedSvcHost.exe
(CyberLink) -- C:\Program F
(CyberLink Corp.) -- C:\Pro
(EasyBits Software AS) -- C
(EasyBits Software AS) -- C
[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/09/02 17:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files
)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
)\Google\Chrome\Application\29.0.1547.66\pdf.dll
)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
)\Google\Chrome\Application\29.0.1547.66\libegl.dll
)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
)\Origin\tufao.dll
)\CyberLink\Power2Go8\CLMLSvcPS.dll
)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/05/30 03:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES
)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
(x86
(x86
(x86
(x86
(x86
(x86
(x86
(x86
(x86
(X86
[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2013/08/16 02:39:26 | 002,371,728 | ---- | M] (Microsoft Co
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSSer
vice)
rporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll
-- (DsmSvc)
rporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (net
profm)
rporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastr
ucture)
rporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -(AudioEndpointBuilder)
rporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -(TimeBroker)
rporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServe
r.dll -- (SystemEventsBroker)
rporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

rporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\Pri
ntConfig.dll -- (PrintNotify)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultS
vc)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlog
on)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
rporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (Nc
dAutoSetup)
rporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
rporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociatio
nService)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (
AllUserInstallAgent)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimes
ync)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutd
own)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpex
change)
rporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheart
beat)
SRV - [2013/08/14 04:27:17 | 000,164,816 | ---- | M] (APN LLC.) [Auto | Running]
-- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto
| Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/08 10:42:48 | 001,922,600 | ---- | M] (Pandora.TV) [Auto | Runnin
g] -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe -- (PanService
)
SRV - [2013/05/21 01:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Aut
o | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40
\ccSvcHst.exe -- (NIS)
SRV - [2012/08/10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [
Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\h

psa_service.exe -- (HP Support Assistant Service)
SRV - [2012/08/08 23:18:24 | 000,276,288 | ---- | M] (Intel Corporation) [On_Dem
and | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/26 00:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On
_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -(PrintNotify)
_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/26 00:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Au
to | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 13:10:34 | 000,364,416 | ---- | M] (Intel Corporation) [Auto |
Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\
UNS\UNS.exe -- (UNS)
LMS\LMS.exe -- (LMS)
DAL\jhi_service.exe -- (jhi_service)
SRV - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Developmen
t Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Q
uick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Aut
o | Running] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (In
tel(R)
SRV - [2010/10/12 14:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Dem
and | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.e
xe -- (GamesAppService)
_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Off
iceSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Sou
rce Engine\OSE.EXE -- (ose64)
SRV - [2009/11/17 23:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corpora
tion) [Auto | Running] -- C:\Arquivos de Programas\Realtek\Audio\HDA\AERTSr64.ex
e -- (AERTFilters)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2013/08/19 15:05:45 | 000,177,312 | ---- | M] (Symantec Cor
poration) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVEN
T64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2013/08/18 17:44:18 | 000,283,064 | ---- | M] (Disc Soft Lt
d) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys - (dtsoftbus01)
DRV:[b]64bit:[/b] - [2013/08/16 02:41:13 | 000,058,200 | ---- | M] (Microsoft Co
rporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys - (dam)
DRV:[b]64bit:[/b] - [2013/08/08 00:25:30 | 000,076,096 | ---- | M] (Baidu, Inc.)
[Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BprotectEx.sys - (BprotectEx)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpio
clx.sys -- (GPIOClx0101)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot

.sys -- (WdBoot)
rporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\W
dFilter.sys -- (WdFilter)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.
sys -- (sdbus)
rporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys
-- (WFPLWFS)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHC
I.SYS -- (USBXHCI)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX010
00.SYS -- (UCX01000)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvr
cpTg.sys -- (BthAvrcpTg)
poration) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NI
Sx64\1404000.028\symefa64.sys -- (SymEFA)
poration) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\
1404000.028\symds64.sys -- (SymDS)
DRV:[b]64bit:[/b] - [2013/05/16 19:12:22 | 000,524,016 | ---- | M] (Synaptics In
corporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP
.sys -- (SynTP)
poration) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NI
Sx64\1404000.028\srtsp64.sys -- (SRTSP)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB
3.SYS -- (USBHUB3)
rporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.s
ys -- (spaceport)
1404000.028\symnets.sys -- (SymNetS)
1404000.028\ccsetx64.sys -- (ccSet_NIS)
1404000.028\ironx64.sys -- (SymIRON)
1404000.028\srtspx64.sys -- (SRTSPX)
rporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sy
s -- (storahci)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sy
s -- (TPM)
rporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -(pdc)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpio

win32.sys -- (msgpiowin32)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfH
id.sys -- (bthhfhid)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c
.sys -- (hidi2c)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.
sys -- (FxPPM)
rporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvid
eominiport.sys -- (RdpVideoMiniport)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor
.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2012/09/20 04:55:27 | 003,265,256 | ---- | M] (Broadcom Cor
poration) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -(ebdrv)
DRV:[b]64bit:[/b] - [2012/09/20 04:55:24 | 000,533,224 | ---- | M] (Broadcom Cor
poration) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys - (b06bdrv)
corporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_d
river_Intel.sys -- (SmbDrvI)
corporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_d
river_AMDASF.sys -- (SmbDrv)
DRV:[b]64bit:[/b] - [2012/08/08 17:17:56 | 008,987,456 | ---- | M] (Intel Corpor
ation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.s
ys -- (igfx)
DRV:[b]64bit:[/b] - [2012/08/03 14:07:30 | 000,020,288 | ---- | M] (Hewlett-Pack
ard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysN
ative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
ation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -(iaStorA)
rporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.
sys -- (Fs_Rec)
rporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv
.sys -- (condrv)
DRV:[b]64bit:[/b] - [2012/07/26 02:00:58 | 000,322,800 | ---- | M] (VIA Corporat
ion) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (
VSTXRAID)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Verifi
erExt.sys -- (VerifierExt)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspst
or.sys -- (UASPStor)
rporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys
-- (acpiex)
DRV:[b]64bit:[/b] - [2012/07/26 02:00:55 | 000,064,240 | ---- | M] (Marvell Semi
conductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumi
s.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2012/07/26 02:00:55 | 000,030,960 | ---- | M] (Promise Tech
nology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor

.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2012/07/26 02:00:52 | 000,092,400 | ---- | M] (LSI Corporat
ion) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (
LSI_SAS2)
DRV:[b]64bit:[/b] - [2012/07/26 02:00:52 | 000,081,136 | ---- | M] (LSI Corporat
ion) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (L
SI_SSS)
DRV:[b]64bit:[/b] - [2012/07/26 02:00:52 | 000,064,752 | ---- | M] (Hewlett-Pack
ard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sy
s -- (HpSAMD)
rporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDr
v.sys -- (EhStorTcgDrv)
rporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass
.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2012/07/26 02:00:49 | 000,258,288 | ---- | M] (AMD Technolo
gies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys
-- (amdsbs)
DRV:[b]64bit:[/b] - [2012/07/26 02:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel
| Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2012/07/26 02:00:49 | 000,076,016 | ---- | M] (Advanced Mic
ro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sy
s -- (amdsata)
DRV:[b]64bit:[/b] - [2012/07/26 02:00:48 | 000,026,352 | ---- | M] (Advanced Mic
ro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sy
s -- (amdxata)
rporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -(CLFS)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.s
ys -- (vpci)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\termin
pt.sys -- (terminpt)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidu
mdf.sys -- (mshidumdf)
rporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisp
lay.sys -- (BasicDisplay)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperV
ideo.sys -- (HyperVideo)
rporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRend
er.sys -- (BasicRender)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgenc
ounter.sys -- (gencounter)
rporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.
sys -- (kdnic)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpiti
me.sys -- (acpitime)
rporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig
.sys -- (npsvctrig)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpF
ltr.sys -- (WpdUpFltr)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipa
gr.sys -- (acpipagr)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperk
bd.sys -- (hyperkbd)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.
sys -- (SerCx)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.
sys -- (SpbCx)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbG
D.sys -- (TsUsbGD)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfe
num.sys -- (BthHFEnum)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.
sys -- (dmvsc)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbF
lt.sys -- (TsUsbFlt)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcflt
r.sys -- (wpcfltr)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisIm
Platform.sys -- (NdisImPlatform)
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp
.sys -- (MsLldp)
rporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -(Ndu)
DRV:[b]64bit:[/b] - [2012/07/24 08:44:02 | 003,618,304 | ---- | M] (Qualcomm Ath
eros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNativ
e\Drivers\athw8x.sys -- (athr)
ation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sy
s -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [
Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -(CLVirtualDrive)
DRV:[b]64bit:[/b] - [2012/06/20 18:27:30 | 000,023,448 | R--- | M] (Symantec Cor
poration) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\14040
00.028\symelam.sys -- (SymELAM)
DRV:[b]64bit:[/b] - [2012/06/20 03:40:52 | 000,342,528 | ---- | M] (Intel(R) Cor
poration) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAu
d.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2012/06/13 23:24:00 | 000,266,896 | ---- | M] (Realtek Semi
conductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\
RtsP2Stor.sys -- (RSP2STOR)
DRV:[b]64bit:[/b] - [2012/06/13 02:41:22 | 000,683,664 | ---- | M] (Realtek
) [Kernel | On_Demand | Running] -- C:\Wi
ndows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV - [2013/09/03 19:26:27 | 001,525,336 | ---- | M] (Symantec Corporation) [Ker
nel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85E
F591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130903.002\BHDrvx64.sys -- (BHD
rvx64)
F591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130917.025\ex64.sys -- (NAVEX1
5)
F591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130917.025\eng64.sys -- (NAVEN
G)
nel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Share
d\EENGINE\eeCtrl64.sys -- (eeCtrl)
nel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Share
d\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
F591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130918.001\IDSviA64.sys -- (IDSV
ia64)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_U
RL = http://g.msn.com/HPCON13/3
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h
ttp://g.msn.com/HPCON13/3
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FFE1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:
"URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPN
TDFJS
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}:
"URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}:
"URL" = http://br.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=
chr-hp-psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.
msn.com/HPCON13/3
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysW
OW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.co
m/HPCON13/3
IE - HKLM\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program
Files (x86)\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http:/
/www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http:/
/eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http:/
/br.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&typ
e=HPNTDF
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "

ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "
ProxyEnable" = 0
IE - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001\SOFTWARE\Microsoft\Inter
net Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/3
net Explorer\Main,First Home Page = http://g.msn.com/HPCON13/3
net Explorer\Main,Start Page = http://g.msn.com/HPCON13/3
IE - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001\..\URLSearchHook: {e0301
295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuT
or.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001\..\SearchScopes,DefaultS
cope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001\..\SearchScopes\{0633EE9
3-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm
s}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001\..\SearchScopes\{195A651
C-8CAB-4B12-A08E-92537758178B}: "URL" = http://search.conduit.com/ResultsExt.asp
x?q={searchTerms}&SearchSource=4&ctid=CT2851643&CUI=UN27181195544869174&UM=1
IE - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001\..\SearchScopes\{2fa2860
6-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=
dis&o=HPNTDF
IE - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001\..\SearchScopes\{b7fca99
7-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://br.search.yahoo.com/search?p={sea
rchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001\Software\Microsoft\Windo
ws\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,versi
on=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW6
4\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;versi
on=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IP
T\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater:
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWe
bAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:
\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporatio
n)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:
\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporatio
n)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\
Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\
Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Vers
ion=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registe

red\0\NP_wtapp.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a
-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7
}\NIS_20.0.0.136\IPSFFPlgn\ [2013/08/17 14:44:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795
-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7
}\NIS_20.0.0.136\coFFPlgn\ [2013/09/16 23:17:43 | 000,000,000 | ---D | M]
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerm
s}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{go
ogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncodi
ng}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{goog
le:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{goog
le:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\A
pplication\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\App
lication\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome
\Application\29.0.1547.66\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3
.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program
Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program
Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater
.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86
)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Direc
tor\np32dsw.dll
CHR - Extension: Google Docs = C:\Users\wendellrosa\AppData\Local\Google\Chrome\
User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\wendellrosa\AppData\Local\Google\Chrome
\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\wendellrosa\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\wendellrosa\AppData\Local\Google\
Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\wendellrosa\AppData\Local
\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\201
3.4.3.4_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\wendellrosa\AppData\L
ocal\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\wendellrosa\AppData\Local\Google\Chrome\User D
ata\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/07/26 02:26:49 | 000,000,824 | ---- | M]) - C:\Windows\Sys
Native\Drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0

BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (
Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA
22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.D
LL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (
Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F010
10C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSB
HO.DLL (Symantec Corporation)
O2 - BHO: (uTorrentBar_PT Toolbar) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:
\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C
:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCh
eck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (
Symantec Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar_PT Toolbar) - {e0301295-ab3e-4af3-979f-3d453c
5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001\..\Toolbar\WebBrowser: (
uTorrentBar_PT Toolbar) - {E0301295-AB3E-4AF3-979F-3D453C5F9F48} - C:\Program Fi
les (x86)\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Int
el Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Int
el Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (
Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\Rtk
NGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Upd
ater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\Vir
tualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ez
Recover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Qui
ck Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\P
DVD10Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001..\Run: [DAEMON Tools Lit
e] C:\Users\wendellrosa\Documents\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001..\Run: [EADM] C:\Program
Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-3639666196-3918223324-3243470231-1001..\Run: [uTorrent] C:\Use
rs\wendellrosa\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveD
esktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveD
esktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShe
llExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentProm
ptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCurso
rSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentProm
ptBehaviorUser = 3
O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663
EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Mic
rosoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f
3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBtt
nIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-984
9-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELin
kedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6F
C4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\
ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\
Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B27
3-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Re
sources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A
38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support F
ramework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Ar
quivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86
)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FB12765-64FF-4A8E-8
AFE-8B14B6B8B004}: DhcpNameServer = 192.168.200.240 192.168.200.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A3C2CB5-61AF-4C6D-A
7FD-717BDD087B1C}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec2
94} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Micr
osoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PRO
GRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.
exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe)
- C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (
Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.ex
e (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Window
s\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - N
o CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value
found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6C
D} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft
Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Window
s\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/22 13:17:28 | 000,000,175 | R--- | M] () - F:\auto
run.inf -- [ CDFS ]
O33 - MountPoints2\{65c75313-083b-11e3-be76-d89d670676e2}\Shell - "" = AutoRun
O33 - MountPoints2\{65c75313-083b-11e3-be76-d89d670676e2}\Shell\AutoRun\command
- "" = F:\SETUP.EXE -- [2010/03/12 04:05:28 | 001,100,664 | R--- | M] (Microsoft
Corporation)
O33 - MountPoints2\{65c75313-083b-11e3-be76-d89d670676e2}\Shell\configure\comman
d - "" = F:\setup.exe -- [2010/03/12 04:05:28 | 001,100,664 | R--- | M] (Microso
ft Corporation)
O33 - MountPoints2\{65c75313-083b-11e3-be76-d89d670676e2}\Shell\install\command
- "" = F:\setup.exe -- [2010/03/12 04:05:28 | 001,100,664 | R--- | M] (Microsoft
Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:[b]64bit:[/b] wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corp
oration)
NetSvcs:[b]64bit:[/b] DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Micr
osoft Corporation)
NetSvcs:[b]64bit:[/b] NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corpor
ation)
NetSvcs:[b]64bit:[/b] SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrok
erServer.dll (Microsoft Corporation)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/col
or]
[2013/09/15 21:45:01 | 000,000,000 | ---D |
ocal\{64C8EDCD-348A-44C7-877B-D7895D315B3A}
[2013/09/13 21:40:14 | 000,000,000 | ---D |
\CyberLink
[2013/09/13 10:28:33 | 000,694,232 | ---- |
:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/13 10:28:33 | 000,078,296 | ---- |
:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/11 17:09:00 | 000,144,896 | ---- |
dows\SysNative\tssdisai.dll
[2013/09/11 14:54:21 | 000,000,000 | ---D |
ocal\{BCDCF7BC-9F68-4E68-A32B-D45C8D90099B}
[2013/09/11 13:38:09 | 000,000,000 | -HSD |
[2013/09/11 12:50:02 | 002,371,728 | ---- |
dows\SysNative\WSService.dll
[2013/09/11 12:50:02 | 001,164,288 | ---- |
dows\SysNative\sppobjs.dll
[2013/09/11 12:50:02 | 000,209,200 | ---- |
dows\SysNative\NotificationUI.exe
[2013/09/11 12:49:59 | 000,773,120 | ---- |
dows\SysNative\wuapi.dll
[2013/09/11 12:49:59 | 000,688,640 | ---- |
dows\SysNative\WSShared.dll
C] -- C:\Users\wendellrosa\AppData\L
C] -- C:\Users\wendellrosa\Documents
C] (Adobe Systems Incorporated) -- C
C] (Adobe Systems Incorporated) -- C
C] (Microsoft Corporation) -- C:\Win
C] -- C:\Users\wendellrosa\AppData\L
C] -- C:\Config.Msi
[2013/09/11 12:49:59 | 000,562,688 | ---- | C] (Microsoft Corporation)

dows\SysWow64\WSShared.dll
dows\SysNative\sppwinob.dll
dows\SysNative\sppc.dll
dows\SysNative\WinSetupUI.dll
dows\SysWow64\wuapi.dll
dows\SysWow64\Windows.ApplicationModel.Store.dll
dows\SysWow64\sppc.dll
dows\SysNative\wucltux.dll
dows\SysNative\WSSync.dll
dows\SysNative\WUSettingsProvider.dll
dows\SysNative\WSClient.dll
dows\SysNative\Windows.ApplicationModel.Store.dll
dows\SysNative\storewuauth.dll
dows\SysWow64\WSClient.dll
dows\SysWow64\WSSync.dll
dows\SysNative\wuwebv.dll
dows\SysNative\wudriver.dll
dows\SysWow64\wudriver.dll
dows\SysNative\wuauclt.exe
dows\SysNative\drivers\dam.sys
dows\SysNative\wups.dll
dows\SysNative\wups2.dll
dows\SysWow64\wups.dll
dows\SysWow64\wuwebv.dll
dows\SysNative\setupcln.dll
dows\SysNative\wuapp.exe
dows\SysWow64\wuapp.exe
dows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
dows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
dows\SysWow64\setupcln.dll
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
-- C:\Win
[2013/09/11 12:45:28 | 003,959,296 | ---- | C] (Microsoft

dows\SysNative\jscript9.dll
[2013/09/11 12:45:07 | 000,915,968 | ---- | C] (Microsoft
dows\SysNative\uxtheme.dll
[2013/09/11 12:45:05 | 000,136,704 | ---- | C] (Microsoft
dows\SysNative\iesysprep.dll
[2013/09/11 12:45:05 | 000,109,056 | ---- | C] (Microsoft
dows\SysWow64\iesysprep.dll
[2013/09/11 12:45:04 | 000,690,688 | ---- | C] (Microsoft
dows\SysWow64\jscript.dll
[2013/09/11 12:45:04 | 000,603,136 | ---- | C] (Microsoft
dows\SysNative\msfeeds.dll
[2013/09/11 12:45:03 | 000,855,552 | ---- | C] (Microsoft
dows\SysNative\jscript.dll
[2013/09/11 12:45:03 | 000,051,712 | ---- | C] (Microsoft
dows\SysNative\ie4uinit.exe
[2013/09/11 12:45:00 | 000,039,936 | ---- | C] (Microsoft
dows\SysNative\iernonce.dll
[2013/09/11 12:44:59 | 000,053,760 | ---- | C] (Microsoft
dows\SysNative\UXInit.dll
[2013/09/11 12:44:59 | 000,044,032 | ---- | C] (Microsoft
dows\SysWow64\UXInit.dll
[2013/09/11 12:44:59 | 000,033,280 | ---- | C] (Microsoft
dows\SysWow64\iernonce.dll
[2013/09/11 12:44:57 | 000,067,072 | ---- | C] (Microsoft
dows\SysNative\iesetup.dll
[2013/09/11 12:44:57 | 000,061,440 | ---- | C] (Microsoft
dows\SysWow64\iesetup.dll
[2013/09/11 12:44:37 | 002,273,792 | ---- | C] (Microsoft
dows\SysWow64\msftedit.dll
[2013/09/11 12:44:36 | 002,839,552 | ---- | C] (Microsoft
dows\SysNative\msftedit.dll
[2013/09/11 12:44:32 | 001,025,024 | ---- | C] (Microsoft
dows\SysNative\localspl.dll
[2013/09/11 12:44:32 | 000,778,752 | ---- | C] (Microsoft
dows\SysNative\oleaut32.dll
[2013/09/11 12:44:29 | 001,300,480 | ---- | C] (Microsoft
dows\SysNative\gdi32.dll
[2013/09/11 12:44:27 | 000,414,208 | ---- | C] (Microsoft
dows\SysNative\wwanconn.dll
[2013/09/11 12:44:27 | 000,381,952 | ---- | C] (Microsoft
dows\SysNative\FWPUCLNT.DLL
[2013/09/11 12:44:26 | 000,439,488 | ---- | C] (Microsoft
dows\SysNative\WerFault.exe
[2013/09/11 12:44:26 | 000,385,768 | ---- | C] (Microsoft
dows\SysWow64\WerFault.exe
[2013/09/11 12:44:26 | 000,327,512 | ---- | C] (Microsoft
dows\SysNative\drivers\Classpnp.sys
[2013/09/11 12:44:26 | 000,263,680 | ---- | C] (Microsoft
dows\SysNative\wcmsvc.dll
[2013/09/11 12:44:26 | 000,230,912 | ---- | C] (Microsoft
dows\SysNative\WinSCard.dll
[2013/09/11 12:44:26 | 000,183,808 | ---- | C] (Microsoft
dows\SysNative\winmmbase.dll
[2013/09/11 12:44:26 | 000,160,256 | ---- | C] (Microsoft
dows\SysWow64\winmmbase.dll
[2013/09/11 12:44:26 | 000,115,712 | ---- | C] (Microsoft
dows\SysNative\winmm.dll
[2013/09/11 12:44:25 | 000,268,800 | ---- | C] (Microsoft
dows\SysWow64\Windows.Networking.BackgroundTransfer.dll
Corporation) -- C:\Win
[2013/09/11 12:44:25 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\Win

dows\SysNative\drivers\sdbus.sys
dows\SysNative\drivers\dumpsd.sys
dows\SysNative\drivers\msgpioclx.sys
dows\SysNative\Wwanadvui.dll
dows\SysNative\drivers\wfplwfs.sys
dows\SysNative\wcmcsp.dll
dows\SysNative\Windows.Networking.BackgroundTransfer.dll
dows\SysNative\wwanmm.dll
dows\SysWow64\FWPUCLNT.DLL
dows\SysNative\openfiles.exe
dows\SysWow64\nshwfp.dll
dows\SysWow64\openfiles.exe
dows\SysNative\nshwfp.dll
dows\SysNative\LocationApi.dll
dows\SysWow64\LocationApi.dll
[2013/09/09 00:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2013/09/09 00:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013/08/28 22:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windo
ws\Start Menu\Programs\Elcomsoft Password Recovery
[2013/08/28 22:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elcomso
ft
[2013/08/28 22:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Passw
ord Recovery
[2013/08/28 22:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elcomso
ft Password Recovery
[2013/08/28 21:58:57 | 000,000,000 | ---D | C] -- C:\Users\wendellrosa\Desktop\A
DVANCED ARCHIVE PASSWORD RECOVERY
[2013/08/25 16:48:04 | 000,000,000 | ---D | C] -- C:\Users\wendellrosa\AppData\R
oaming\CyberLink
[2013/08/25 16:48:03 | 000,000,000 | ---D | C] -- C:\Users\wendellrosa\Documents
\Youcam
[2013/08/25 16:48:03 | 000,000,000 | ---D | C] -- C:\Users\wendellrosa\AppData\L
ocal\CyberLink
[2013/08/24 20:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
Games
[2013/08/24 20:22:05 | 000,000,000 | ---D | C] -- C:\Users\wendellrosa\AppData\R
oaming\Origin
ocal\Origin
[2013/08/24 20:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/08/24 20:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windo
ws\Start Menu\Programs\Origin
[2013/08/24 20:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/08/24 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/08/24 19:54:27 | 016,949,128 | ---- | C] (Electronic Arts, Inc.) -- C:\Use
rs\wendellrosa\Documents\OriginThinSetup.exe
[2013/08/22 23:30:50 | 000,000,000 | ---D | C]
EOS INSS
[2013/08/21 00:29:48 | 011,459,584 | ---- | C]
dows\SysNative\glcndFilter.dll
[2013/08/21 00:29:31 | 008,552,448 | ---- | C]
dows\SysWow64\glcndFilter.dll
[2013/08/21 00:29:29 | 001,566,432 | ---- | C]
dows\SysNative\ole32.dll
[2013/08/21 00:29:29 | 000,976,384 | ---- | C]
dows\SysNative\KernelBase.dll
[2013/08/21 00:29:21 | 000,883,712 | ---- | C]
dows\HelpPane.exe
[2013/08/21 00:29:16 | 000,273,408 | ---- | C]
dows\SysNative\wlanapi.dll
[2013/08/21 00:29:16 | 000,110,080 | ---- | C]
dows\SysNative\dafWCN.dll
[2013/08/21 00:29:15 | 000,470,016 | ---- | C]
dows\SysNative\wlanmsm.dll
[2013/08/21 00:29:14 | 000,386,560 | ---- | C]
dows\SysWow64\wlanmsm.dll
[2013/08/21 00:29:14 | 000,212,992 | ---- | C]
dows\SysNative\bthprops.cpl
[2013/08/21 00:29:13 | 000,189,440 | ---- | C]
dows\SysWow64\bthprops.cpl
[2013/08/21 00:29:13 | 000,172,032 | ---- | C]
dows\SysNative\MFCaptureEngine.dll
[2013/08/21 00:29:12 | 000,314,880 | ---- | C]
dows\SysNative\rdpclip.exe
[2013/08/21 00:29:11 | 000,126,464 | ---- | C]
dows\SysWow64\MFCaptureEngine.dll
[2013/08/21 00:29:10 | 000,202,240 | ---- | C]
dows\SysWow64\wlanapi.dll
[2013/08/21 00:29:09 | 000,126,976 | ---- | C]
dows\SysNative\WcnApi.dll
[2013/08/21 00:29:08 | 000,446,464 | ---- | C]
dows\SysNative\wlansec.dll
[2013/08/21 00:29:08 | 000,375,296 | ---- | C]
dows\SysWow64\wlansec.dll
[2013/08/21 00:29:08 | 000,102,400 | ---- | C]
dows\SysNative\fdWCN.dll
[2013/08/21 00:29:08 | 000,093,696 | ---- | C]
dows\SysWow64\WcnApi.dll
[2013/08/21 00:29:07 | 000,027,136 | ---- | C]
dows\SysNative\WcnEapPeerProxy.dll
[2013/08/21 00:29:07 | 000,026,624 | ---- | C]
dows\SysNative\WcnEapAuthProxy.dll
[2013/08/21 00:29:06 | 000,030,720 | ---- | C]
dows\SysNative\wfdprov.dll
[2013/08/21 00:29:06 | 000,025,600 | ---- | C]
dows\SysWow64\wfdprov.dll
[2013/08/21 00:29:04 | 000,022,528 | ---- | C]
dows\SysNative\drivers\fxppm.sys
[2013/08/21 00:29:04 | 000,009,728 | ---- | C]
dows\SysWow64\wlanhlp.dll
[2013/08/21 00:29:04 | 000,009,728 | ---- | C]
dows\SysNative\wlanhlp.dll
[2013/08/21 00:29:03 | 000,016,384 | ---- | C]
dows\SysNative\iscsilog.dll
[2013/08/21 00:24:50 | 000,109,568 | ---- | C]
-- C:\Users\wendellrosa\Desktop\VD
(Microsoft Corporation) -- C:\Win
dows\SysNative\dskquota.dll
[2013/08/21 00:24:41 | 000,082,944 | ---- | C]
dows\SysWow64\dskquota.dll
[2013/08/21 00:24:07 | 000,396,008 | ---- | C]
dows\SysNative\hal.dll
[2013/08/21 00:23:55 | 001,172,992 | ---- | C]
dows\SysNative\mfnetsrc.dll
[2013/08/21 00:23:53 | 000,929,792 | ---- | C]
dows\SysWow64\mfnetsrc.dll
[2013/08/21 00:23:53 | 000,677,888 | ---- | C]
dows\SysNative\mfnetcore.dll
[2013/08/21 00:23:53 | 000,673,280 | ---- | C]
dows\SysNative\mfmpeg2srcsnk.dll
[2013/08/21 00:23:53 | 000,568,832 | ---- | C]
dows\SysWow64\mfnetcore.dll
[2013/08/21 00:23:53 | 000,513,024 | ---- | C]
dows\SysWow64\mfmpeg2srcsnk.dll
[2013/08/21 00:22:12 | 001,395,712 | ---- | C]
dows\SysNative\Windows.UI.Immersive.dll
[2013/08/21 00:22:10 | 001,265,152 | ---- | C]
dows\SysNative\lsasrv.dll
[2013/08/21 00:22:10 | 000,579,584 | ---- | C]
dows\SysNative\StructuredQuery.dll
[2013/08/21 00:22:09 | 001,226,752 | ---- | C]
dows\SysWow64\Windows.UI.Immersive.dll
[2013/08/21 00:22:09 | 000,793,200 | ---- | C]
dows\SysNative\mfplat.dll
[2013/08/21 00:22:09 | 000,590,848 | ---- | C]
dows\SysNative\SHCore.dll
[2013/08/21 00:21:47 | 000,460,800 | ---- | C]
dows\SysWow64\SHCore.dll
[2013/08/21 00:21:46 | 000,612,416 | ---- | C]
dows\SysWow64\mfplat.dll
[2013/08/21 00:21:45 | 000,517,120 | ---- | C]
dows\SysNative\winlogon.exe
[2013/08/21 00:21:45 | 000,441,576 | ---- | C]
dows\SysNative\drivers\netio.sys
[2013/08/21 00:21:41 | 000,286,208 | ---- | C]
dows\SysNative\drivers\portcls.sys
[2013/08/21 00:21:40 | 001,045,504 | ---- | C]
dows\SysNative\usercpl.dll
[2013/08/21 00:21:36 | 000,154,112 | ---- | C]
dows\SysNative\Windows.Storage.Compression.dll
[2013/08/21 00:21:29 | 000,962,560 | ---- | C]
dows\SysWow64\usercpl.dll
[2013/08/21 00:21:29 | 000,244,224 | ---- | C]
dows\SysNative\dhcpcore6.dll
[2013/08/21 00:21:27 | 000,505,344 | ---- | C]
dows\SysNative\SpaceControl.dll
[2013/08/21 00:21:20 | 000,204,800 | ---- | C]
dows\SysWow64\dhcpcore6.dll
[2013/08/21 00:21:19 | 000,033,512 | ---- | C]
dows\SysNative\drivers\battc.sys
[2013/08/21 00:20:50 | 000,056,552 | ---- | C]
dows\SysNative\drivers\sdstor.sys
[2013/08/21 00:20:49 | 000,116,224 | ---- | C]
dows\SysWow64\Windows.Storage.Compression.dll
[2013/08/21 00:20:48 | 000,259,584 | ---- | C]
dows\SysNative\input.dll
[2013/08/21 00:20:48 | 000,219,648 | ---- | C]

dows\SysWow64\input.dll
[2013/08/21 00:20:48 | 000,062,976 | ---- |
dows\SysNative\dhcpcsvc6.dll
[2013/08/21 00:20:45 | 000,034,816 | ---- |
dows\SysNative\microsoft-windows-pdc.dll
[2013/08/21 00:20:42 | 000,047,616 | ---- |
dows\SysWow64\PCPKsp.dll
[2013/08/21 00:20:37 | 000,757,760 | ---- |
dows\SysNative\FirewallAPI.dll
[2013/08/21 00:20:37 | 000,099,840 | ---- |
dows\SysWow64\AppxSip.dll
[2013/08/21 00:20:36 | 000,118,784 | ---- |
dows\SysNative\AppxSip.dll
[2013/08/21 00:20:35 | 000,370,176 | ---- |
dows\SysNative\SysFxUI.dll
[2013/08/21 00:20:34 | 000,105,984 | ---- |
dows\SysNative\icfupgd.dll
[2013/08/21 00:20:34 | 000,049,664 | ---- |
dows\SysNative\BdeUISrv.exe
[2013/08/21 00:20:33 | 000,055,808 | ---- |
dows\SysNative\PCPKsp.dll
[2013/08/21 00:20:30 | 000,024,576 | ---- |
dows\SysNative\wfapigp.dll
[2013/08/21 00:20:30 | 000,019,968 | ---- |
dows\SysWow64\wfapigp.dll
[2013/08/21 00:20:28 | 000,111,616 | ---- |
dows\SysNative\drivers\drmk.sys
[2013/08/21 00:20:27 | 000,007,680 | ---- |
dows\SysNative\kbdhebl3.dll
[2013/08/21 00:20:26 | 000,007,168 | ---- |
dows\SysWow64\kbdhebl3.dll
[2013/08/21 00:17:39 | 003,245,568 | ---- |
dows\SysNative\rdpcorets.dll
[2013/08/21 00:17:37 | 001,122,768 | ---- |
dows\SysNative\Taskmgr.exe
[2013/08/21 00:17:36 | 001,027,152 | ---- |
dows\SysWow64\Taskmgr.exe
[2013/08/21 00:17:31 | 001,536,512 | ---- |
dows\SysNative\storagewmi.dll
[2013/08/21 00:17:28 | 000,955,904 | ---- |
dows\SysNative\WebcamUi.dll
[2013/08/21 00:17:23 | 000,798,208 | ---- |
dows\SysWow64\WebcamUi.dll
[2013/08/21 00:17:23 | 000,631,808 | ---- |
dows\SysNative\UserLanguagesCpl.dll
[2013/08/21 00:17:22 | 000,244,736 | ---- |
dows\SysNative\wpnapps.dll
[2013/08/21 00:17:20 | 000,560,128 | ---- |
dows\SysWow64\UserLanguagesCpl.dll
[2013/08/21 00:17:19 | 001,048,064 | ---- |
dows\SysWow64\mstsc.exe
[2013/08/21 00:17:19 | 000,179,200 | ---- |
dows\SysWow64\wpnapps.dll
[2013/08/21 00:17:19 | 000,027,880 | ---- |
dows\SysNative\drivers\rdpvideominiport.sys
[2013/08/21 00:17:18 | 001,217,536 | ---- |
dows\SysWow64\storagewmi.dll
[2013/08/21 00:17:18 | 001,123,840 | ---- |
dows\SysNative\mstsc.exe
[2013/08/21 00:17:16 | 000,235,520 | ---- |

dows\SysNative\rdpudd.dll
[2013/08/21 00:17:16 | 000,120,832 | ---dows\SysNative\vds_ps.dll
[2013/08/21 00:17:16 | 000,046,592 | ---dows\SysWow64\vds_ps.dll
[2013/08/21 00:17:16 | 000,036,352 | ---dows\SysNative\rfxvmt.dll
[2013/08/21 00:17:16 | 000,023,552 | ---dows\SysNative\vdsldr.exe
[2013/08/21 00:16:02 | 002,219,520 | ---dows\SysNative\dwmcore.dll
[2013/08/21 00:16:01 | 006,987,008 | ---dows\SysNative\ntoskrnl.exe
[2013/08/21 00:16:01 | 002,391,280 | ---dows\explorer.exe
[2013/08/21 00:16:01 | 002,106,176 | ---dows\SysWow64\explorer.exe
[2013/08/21 00:16:01 | 001,842,176 | ---dows\SysWow64\dwmcore.dll
[2013/08/21 00:15:50 | 001,527,808 | ---dows\SysNative\mfcore.dll
[2013/08/21 00:15:45 | 000,729,600 | ---dows\SysNative\samsrv.dll
[2013/08/21 00:15:43 | 001,453,568 | ---dows\SysWow64\mfcore.dll
[2013/08/21 00:15:42 | 001,403,296 | ---dows\SysNative\winload.efi
[2013/08/21 00:15:42 | 001,271,584 | ---dows\SysNative\winload.exe
[2013/08/21 00:15:41 | 000,523,264 | ---dows\SysNative\XpsGdiConverter.dll
[2013/08/21 00:15:40 | 001,217,352 | ---dows\SysNative\winresume.efi
[2013/08/21 00:15:39 | 001,093,904 | ---dows\SysNative\winresume.exe
[2013/08/21 00:15:38 | 001,048,576 | ---dows\SysNative\mfasfsrcsnk.dll
[2013/08/21 00:15:38 | 000,583,168 | ---dows\SysNative\mscms.dll
[2013/08/21 00:15:37 | 000,364,544 | ---dows\SysWow64\XpsGdiConverter.dll
[2013/08/21 00:15:37 | 000,213,248 | ---dows\SysNative\drivers\UCX01000.SYS
[2013/08/21 00:15:36 | 000,190,976 | ---dows\SysNative\vdsutil.dll
[2013/08/21 00:15:36 | 000,106,496 | ---dows\SysNative\samlib.dll
[2013/08/21 00:15:11 | 000,850,944 | ---dows\SysWow64\mfasfsrcsnk.dll
[2013/08/21 00:15:11 | 000,000,000 | ---D
\FIFA 13
[2013/08/21 00:15:10 | 000,337,152 | ---dows\SysNative\drivers\USBXHCI.SYS
[2013/08/21 00:15:10 | 000,207,872 | ---dows\SysNative\DeviceSetupManager.dll
[2013/08/21 00:15:10 | 000,080,896 | ---dows\SysNative\MbaeParserTask.exe
[2013/08/21 00:15:06 | 000,037,632 | ---dows\SysNative\drivers\BthAvrcpTg.sys
[2013/08/20 23:25:02 | 001,184,256 | ----
| C] (Microsoft Corporation) -- C:\Win

| C] -- C:\Users\wendellrosa\Documents
dows\SysNative\Display.dll
[2013/08/20 23:25:02 | 001,164,800 | ---- |
dows\SysWow64\Display.dll
[2013/08/20 23:24:56 | 000,007,168 | ---- |
dows\SysNative\KBDKURD.DLL
[2013/08/20 23:24:56 | 000,006,656 | ---- |
dows\SysWow64\KBDKURD.DLL
[2013/08/20 23:22:14 | 003,265,256 | ---- |
ows\SysNative\drivers\evbda.sys
[2013/08/20 23:21:48 | 002,397,184 | ---- |
dows\SysNative\WpcMon.exe
[2013/08/20 23:21:40 | 003,847,168 | ---- |
dows\SysNative\d2d1.dll
[2013/08/20 23:21:38 | 003,964,416 | ---- |
dows\SysNative\WinSAT.exe
[2013/08/20 23:21:28 | 000,533,224 | ---- |
ows\SysNative\drivers\bxvbda.sys
[2013/08/20 23:21:26 | 001,513,984 | ---- |
dows\SysNative\vssapi.dll
[2013/08/20 23:21:11 | 001,019,392 | ---- |
dows\SysNative\MsSpellCheckingFacility.dll
[2013/08/20 23:20:59 | 001,739,264 | ---- |
dows\SysNative\RacEngn.dll
[2013/08/20 23:20:57 | 002,219,008 | ---- |
dows\SysNative\d3d10warp.dll
[2013/08/20 23:20:57 | 001,304,064 | ---- |
dows\SysNative\Windows.Media.Streaming.dll
[2013/08/20 23:20:56 | 000,757,248 | ---- |
dows\SysNative\uDWM.dll
[2013/08/20 23:20:55 | 000,389,360 | ---- |
dows\SysNative\MMDevAPI.dll
[2013/08/20 23:20:53 | 000,762,368 | ---- |
dows\SysNative\provcore.dll
[2013/08/20 23:20:41 | 000,573,440 | ---- |
dows\SysNative\WinSATAPI.dll
[2013/08/20 23:20:35 | 000,995,328 | ---- |
dows\SysWow64\Windows.Media.Streaming.dll
[2013/08/20 23:20:33 | 000,634,880 | ---- |
dows\SysNative\apphelp.dll
[2013/08/20 23:20:29 | 000,155,136 | ---- |
dows\SysNative\IPHLPAPI.DLL
[2013/08/20 23:20:28 | 000,709,632 | ---- |
dows\SysWow64\MsSpellCheckingFacility.dll
[2013/08/20 23:20:25 | 001,743,872 | ---- |
dows\SysNative\combase.dll
[2013/08/20 23:20:25 | 000,236,544 | ---- |
dows\SysNative\MFPlay.dll
[2013/08/20 23:20:18 | 000,604,672 | ---- |
dows\SysNative\dnsapi.dll
[2013/08/20 23:20:18 | 000,420,352 | ---- |
dows\SysNative\WWAHost.exe
[2013/08/20 23:20:11 | 000,866,304 | ---- |
dows\SysNative\WinTypes.dll
[2013/08/20 23:20:09 | 000,755,200 | ---- |
dows\SysNative\fveapi.dll
[2013/08/20 23:20:08 | 000,545,280 | ---- |
dows\SysNative\taskeng.exe
[2013/08/20 23:20:08 | 000,355,328 | ---- |
dows\SysNative\mfsvr.dll
[2013/08/20 23:20:08 | 000,344,064 | ---- |

C] (Broadcom Corporation) -- C:\Wind
C] (Broadcom Corporation) -- C:\Wind
dows\SysNative\wlidcredprov.dll
[2013/08/20 23:20:07 | 000,617,984 | ---- | C] (Microsoft
dows\SysNative\mfsrcsnk.dll
[2013/08/20 23:20:05 | 000,180,736 | ---- | C] (Microsoft
dows\SysNative\bcdsrv.dll
[2013/08/20 23:20:01 | 000,249,344 | ---- | C] (Microsoft
dows\SysNative\wpnprv.dll
[2013/08/20 23:19:59 | 001,400,832 | ---- | C] (Microsoft
dows\SysNative\propsys.dll
[2013/08/20 23:19:56 | 000,541,184 | ---- | C] (Microsoft
dows\SysNative\VAN.dll
[2013/08/20 23:19:54 | 000,303,616 | ---- | C] (Microsoft
dows\SysWow64\WinSATAPI.dll
[2013/08/20 23:19:36 | 000,410,624 | ---- | C] (Microsoft
dows\SysNative\services.exe
[2013/08/20 23:19:33 | 000,240,640 | ---- | C] (Microsoft
dows\SysNative\fveapibase.dll
[2013/08/20 23:18:15 | 000,751,104 | ---- | C] (Microsoft
dows\SysNative\appwiz.cpl
[2013/08/20 23:17:36 | 000,670,208 | ---- | C] (Microsoft
dows\SysWow64\appwiz.cpl
[2013/08/20 23:17:36 | 000,333,824 | ---- | C] (Microsoft
dows\SysWow64\WWAHost.exe
[2013/08/20 23:17:36 | 000,180,224 | ---- | C] (Microsoft
dows\SysWow64\MFPlay.dll
[2013/08/20 23:17:36 | 000,112,128 | ---- | C] (Microsoft
dows\SysNative\PackageStateRoaming.dll
[2013/08/20 23:17:35 | 001,369,600 | ---- | C] (Microsoft
dows\SysWow64\RacEngn.dll
[2013/08/20 23:17:34 | 000,228,352 | ---- | C] (Microsoft
dows\SysNative\ProximityService.dll
[2013/08/20 23:17:34 | 000,090,624 | ---- | C] (Microsoft
dows\SysNative\TpmTasks.dll
[2013/08/20 23:17:33 | 000,533,504 | ---- | C] (Microsoft
dows\SysWow64\provcore.dll
[2013/08/20 23:17:33 | 000,256,512 | ---- | C] (Microsoft
dows\SysNative\msvproc.dll
[2013/08/20 23:17:33 | 000,089,088 | ---- | C] (Microsoft
dows\SysWow64\PackageStateRoaming.dll
[2013/08/20 23:17:33 | 000,065,536 | ---- | C] (Microsoft
dows\SysNative\setbcdlocale.dll
[2013/08/20 23:17:31 | 000,509,952 | ---- | C] (Microsoft
dows\SysWow64\twinapi.dll
[2013/08/20 23:17:31 | 000,027,280 | ---- | C] (Microsoft
dows\SysNative\avrt.dll
[2013/08/20 23:17:30 | 000,480,768 | ---- | C] (Microsoft
dows\SysWow64\VAN.dll
[2013/08/20 23:17:28 | 001,247,232 | ---- | C] (Microsoft
dows\SysWow64\combase.dll
[2013/08/20 23:17:23 | 000,103,936 | ---- | C] (Microsoft
dows\SysNative\microsoft-windows-kernel-power-events.dll
[2013/08/20 23:17:22 | 000,449,024 | ---- | C] (Microsoft
dows\SysWow64\mfsrcsnk.dll
[2013/08/20 23:17:22 | 000,062,488 | ---- | C] (Microsoft
dows\SysNative\drivers\dumpfve.sys
[2013/08/20 23:17:21 | 002,016,256 | ---- | C] (Microsoft
dows\SysNative\batmeter.dll
[2013/08/20 23:17:21 | 002,007,040 | ---- | C] (Microsoft
dows\SysWow64\batmeter.dll
[2013/08/20 23:17:21 | 000,101,888 | ---- | C] (Microsoft
dows\SysNative\SettingSyncHost.exe
[2013/08/20 23:17:21 | 000,034,816
dows\SysNative\perfdisk.dll
[2013/08/20 23:17:20 | 000,465,920
dows\SysWow64\WinTypes.dll
[2013/08/20 23:17:17 | 000,270,336
dows\SysWow64\mfsvr.dll
[2013/08/20 23:17:17 | 000,031,232
dows\SysWow64\perfdisk.dll
[2013/08/20 23:17:17 | 000,029,696
dows\SysNative\svchost.exe
[2013/08/20 23:17:16 | 000,263,168
dows\SysWow64\wlidcredprov.dll
[2013/08/20 23:17:15 | 001,342,464
dows\SysNative\user32.dll
[2013/08/20 23:17:14 | 000,194,048
dows\SysNative\winsrv.dll
[2013/08/20 23:17:13 | 000,437,760
dows\SysNative\mfh264enc.dll
[2013/08/20 23:17:13 | 000,214,528
dows\SysWow64\msvproc.dll
[2013/08/20 23:17:13 | 000,023,552
dows\SysNative\perfnet.dll
[2013/08/20 23:17:12 | 000,413,184
dows\SysWow64\mfh264enc.dll
[2013/08/20 23:17:12 | 000,080,896
dows\SysWow64\SettingSyncHost.exe
[2013/08/20 23:17:11 | 000,627,712
dows\SysNative\lpksetup.exe
[2013/08/20 23:17:10 | 000,699,392
dows\SysNative\twinapi.dll
[2013/08/20 23:17:10 | 000,118,272
dows\SysNative\DevPropMgr.dll
[2013/08/20 23:17:10 | 000,117,760
dows\SysNative\dwm.exe
[2013/08/20 23:17:09 | 000,080,384
dows\SysWow64\drvinst.exe
[2013/08/20 23:17:08 | 000,092,672
dows\SysNative\drvinst.exe
[2013/08/20 23:17:07 | 000,459,776
dows\SysNative\dxgi.dll
[2013/08/20 23:17:06 | 002,066,432
dows\SysNative\d3d11.dll
[2013/08/20 23:17:06 | 000,156,672
dows\SysNative\DAFWSD.dll
[2013/08/20 23:17:05 | 000,021,504
dows\SysWow64\perfnet.dll
[2013/08/20 23:17:03 | 001,701,376
dows\SysWow64\d3d11.dll
[2013/08/20 23:17:03 | 000,588,800
dows\SysNative\webio.dll
[2013/08/20 23:17:03 | 000,189,952
dows\SysNative\perfos.dll
[2013/08/20 23:17:02 | 000,417,280
dows\SysWow64\webio.dll
[2013/08/20 23:16:57 | 000,163,328
dows\SysNative\sspicli.dll
[2013/08/20 23:16:57 | 000,092,160
dows\SysNative\lpremove.exe
[2013/08/20 23:16:55 | 000,069,632
| ---- | C] (Microsoft Corporation) -- C:\Win

dows\SysNative\vsstrace.dll
[2013/08/20 23:16:55 | 000,025,088 | ---- |
dows\SysNative\sdbinst.exe
[2013/08/20 23:16:55 | 000,021,504 | ---- |
dows\SysWow64\sdbinst.exe
[2013/08/20 23:16:41 | 000,044,544 | ---- |
dows\SysNative\perfctrs.dll
[2013/08/20 23:16:41 | 000,039,424 | ---- |
dows\SysWow64\perfctrs.dll
[2013/08/20 23:16:40 | 000,037,888 | ---- |
dows\SysNative\perfproc.dll
[2013/08/20 23:16:40 | 000,034,816 | ---- |
dows\SysWow64\perfproc.dll
[2013/08/20 23:16:40 | 000,033,792 | ---- |
dows\SysWow64\perfos.dll
[2013/08/20 23:16:38 | 000,027,648 | ---- |
dows\SysNative\sspisrv.dll
[2013/08/20 23:16:38 | 000,017,408 | ---- |
dows\SysNative\eventcls.dll
[2013/08/20 23:16:38 | 000,015,360 | ---- |
dows\SysWow64\eventcls.dll
[2013/08/20 23:16:37 | 000,037,888 | ---- |
dows\SysNative\LangCleanupSysprepAction.dll
[2013/08/20 23:16:37 | 000,013,824 | ---- |
dows\SysNative\MUILanguageCleanup.dll
[2013/08/20 23:16:35 | 000,008,704 | ---- |
dows\SysNative\lpksetupproxyserv.dll
[2013/08/20 23:16:35 | 000,006,656 | ---- |
dows\SysNative\shimeng.dll
[2013/08/20 00:34:46 | 000,000,000 | ---D |
ws\Start Menu\Programs\SharePoint
[2013/08/20 00:29:50 | 000,000,000 | ---D |
ws\Start Menu\Programs\Microsoft Office
[2013/08/20 00:27:38 | 000,000,000 | ---D |
DESIGNER
[2013/08/20 00:21:34 | 000,000,000 | ---D |
chronization Services
[2013/08/20 00:18:50 | 000,000,000 | ---D |
c Framework
[2013/08/20 00:18:50 | 000,000,000 | ---D |
Server Compact Edition
[2013/08/20 00:15:44 | 000,000,000 | ---D |
ft Visual Studio 8
[2013/08/20 00:12:31 | 000,068,608 | ---- |
dows\SysNative\wwanprotdim.dll
[2013/08/20 00:12:04 | 000,301,568 | ---- |
dows\SysNative\newdev.dll
[2013/08/20 00:12:03 | 000,275,968 | ---- |
dows\SysWow64\newdev.dll
[2013/08/20 00:12:01 | 000,076,288 | ---- |
dows\SysNative\newdev.exe
[2013/08/20 00:12:01 | 000,075,264 | ---- |
dows\SysNative\ndadmin.exe
[2013/08/20 00:12:01 | 000,074,240 | ---- |
dows\SysWow64\newdev.exe
[2013/08/20 00:11:59 | 000,073,728 | ---- |
dows\SysWow64\ndadmin.exe
[2013/08/20 00:11:42 | 000,000,000 | ---D |
lysis Services
[2013/08/20 00:11:42 | 000,000,000 | ---D |

C] -- C:\ProgramData\Microsoft\Windo
C] -- C:\ProgramData\Microsoft\Windo
C] -- C:\Program Files\Common Files\
C] -- C:\Program Files\Microsoft Syn
C] -- C:\Program Files\Microsoft Syn
C] -- C:\Program Files\Microsoft SQL
C] -- C:\Program Files (x86)\Microso
C] -- C:\Program Files\Microsoft Ana
C] -- C:\Program Files (x86)\Microso
ft Analysis Services
ocal\Microsoft Help
[2013/08/20 00:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Off
ice
[2013/08/20 00:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tm
p -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/09/18 16:47:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/18 16:22:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
teTaskMachineUA.job
[2013/09/18 15:22:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
teTaskMachineCore.job
[2013/09/16 23:12:46 | 000,421,152 | ---- | M] () -- C:\Windows\SysNative\FNTCAC
HE.DAT
[2013/09/16 23:12:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/09/16 23:12:27 | 3341,410,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/15 23:14:11 | 000,092,042 | ---- | M] () -- C:\Users\wendellrosa\Deskto
p\antecedentes criminais.pdf
[2013/09/15 21:21:44 | 000,014,882 | ---- | M] () -- C:\Users\wendellrosa\Docume
nts\Mary.and.Max.2009.DVDRip.XviD.TheWretched..torrent
[2013/09/13 21:42:37 | 001,900,858 | ---- | M] () -- C:\Windows\SysNative\PerfSt
ringBackup.INI
[2013/09/13 21:42:37 | 000,792,452 | ---- | M] () -- C:\Windows\SysNative\prfh04
16.dat
[2013/09/13 21:42:37 | 000,774,720 | ---- | M] () -- C:\Windows\SysNative\perfh0
09.dat
[2013/09/13 21:42:37 | 000,166,504 | ---- | M] () -- C:\Windows\SysNative\prfc04
16.dat
[2013/09/13 21:42:37 | 000,158,234 | ---- | M] () -- C:\Windows\SysNative\perfc0
09.dat
[2013/09/13 10:33:18 | 002,527,991 | ---- | M] () -- C:\Windows\SysNative\driver
s\NISx64\1404000.028\Cat.DB
p\GABI MUITO BONITA.wlmp
[2013/09/05 17:09:17 | 000,694,232 | ---- | M] (Adobe Systems Incorporated) -- C
:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/05 17:09:17 | 000,078,296 | ---- | M] (Adobe Systems Incorporated) -- C
:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/03 23:25:14 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Goo
gle Chrome.lnk
p\BOLETO_0_280813105358287196924674.pdf
p\boleto_1270444040153001.pdf
nts\Comprovante-Voto CRP.pdf
p\Setup.url
[2013/08/24 19:54:36 | 016,949,128 | ---- | M] (Electronic Arts, Inc.) -- C:\Use
rs\wendellrosa\Documents\OriginThinSetup.exe
nts\Curriculo Wendell Rosa (1).pdf
[2013/08/21 01:12:21 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Win
dows\SysNative\ie4uinit.exe
dows\SysNative\uxtheme.dll
dows\SysNative\UXInit.dll
dows\SysNative\msfeeds.dll
dows\SysNative\jscript9.dll
dows\SysNative\jscript.dll
dows\SysNative\iesysprep.dll
dows\SysNative\iesetup.dll
dows\SysNative\iernonce.dll
p\Play FIFA 13 nosTEAM.lnk
[2013/08/20 23:51:48 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Nor
ton Internet Security.lnk
dows\SysWow64\UXInit.dll
dows\SysWow64\jscript.dll
dows\SysWow64\iesysprep.dll
dows\SysWow64\iesetup.dll
dows\SysWow64\iernonce.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tm
p -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/09/16 23:11:07 | 000,421,152 | ---- | C] () -- C:\Windows\SysNative\FNTCAC
HE.DAT
[2013/09/15 23:14:11 | 000,092,042 | ---- | C] () -- C:\Users\wendellrosa\Deskto
p\antecedentes criminais.pdf
[2013/09/15 21:21:43 | 000,014,882 | ---- | C] () -- C:\Users\wendellrosa\Docume
nts\Mary.and.Max.2009.DVDRip.XviD.TheWretched..torrent
p\GABI MUITO BONITA.wlmp
[2013/09/11 12:49:54 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLice
nse.dll
[2013/09/11 12:44:16 | 000,387,583 | ---- | C] () -- C:\Windows\SysNative\ApnDat
abase.xml
p\BOLETO_0_280813105358287196924674.pdf
p\boleto_1270444040153001.pdf
nts\Comprovante-Voto CRP.pdf
p\Setup.url
nts\Curriculo Wendell Rosa (1).pdf
p\Play FIFA 13 nosTEAM.lnk
[2013/08/20 23:16:55 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLic
ense.dll
[2013/08/17 14:56:28
.dat
[2012/08/08 17:18:04
g600.bin
[2012/08/08 17:17:54
.dll
[2012/08/08 17:17:52
krng600.bin
[2012/08/03 19:40:09
ingBackup.INI
[2012/07/26 05:13:10
at
[2012/07/26 05:13:09
AT
[2012/07/26 04:21:26
[2012/07/25 22:17:42
xtHandler.dll
[2012/07/25 17:37:29
[2012/07/25 17:28:31
edb40.dll
[2012/07/25 17:22:54
00.bin
[2012/07/25 17:22:54
rng500.bin
[2012/07/25 17:22:54
0m.bin
[2012/06/02 11:31:19
at
[2012/04/20 13:59:44
tLog.dll
| 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv

| 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrn
| 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32
| 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodec
| 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStr
| 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.d
| 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.D
| 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
| 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWConte
| 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
| 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetol
| 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng5
| 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompk
| 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg50
| 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.d
| 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEven
[color=#E56717]========== ZeroAccess Check ==========[/color]

[2012/09/17 11:39:11 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop
.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}
\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0
c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}
\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-4
09d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1
}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 03:31:28 | 019,758,592 | --- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a30c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 02:03:37 | 017,561,600 | --- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 00:05:38 | 001,004,54
4 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDAD6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 00:18:27 | 000,784,8
96 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 00:07:41 | 000,455,680
| ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB3285FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2013/08/18 17:45:51 | 000,000,000
oaming\Baidu Security
[2013/08/18 17:46:50 | 000,000,000
oaming\DAEMON Tools Lite
[2013/08/26 23:46:06 | 000,000,000
oaming\Origin
[2013/08/17 14:45:13 | 000,000,000
oaming\Synaptics
[2013/09/18 22:44:16 | 000,000,000
oaming\uTorrent
[2013/08/17 20:10:55 | 000,000,000
oaming\WildTangent
| ---D | M] -- C:\Users\wendellrosa\AppData\R
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa >[/co
lor]
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchS
copes >[/color]
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93D776-472f-A0FF-E1416B8B2E3A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606de77-4029-af96-b231e3b8f827}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997d0fb-4fe0-8afd-255e89cf9671}]
[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchSc
opes >[/color]
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"KnownProvidersUpgradeTime" = F9 08 D2 48 74 9B CE 01 [binary data]
"Version" = 3
"UpgradeTime" = 44 4C A6 49 74 9B CE 01 [binary data]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D
776-472f-A0FF-E1416B8B2E3A}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{195A651C-8
CAB-4B12-A08E-92537758178B}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-d
e77-4029-af96-b231e3b8f827}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d
0fb-4fe0-8afd-255e89cf9671}]
[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\In
ternet Settings\Connections >[/color]
< End of report >

Otl

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Otl

Hochgeladen von

Copyright:

Verfügbare Formate

OTL logfile created on: 18/09/2013 16:59:21 - Run 1

OTL by OldTimer - Version 3.2.69.0

PRC - [2012/06/08 00:34:06 | 000,111,120 | ---- | M]

[color=#E56717]========== Modules (No Company Name) ==========[/color]

[color=#E56717]========== Services (SafeList) ==========[/color]

rporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\h

rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot

rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpio

nology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "

ion=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registe

O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0

O32 - HKLM CDRom: AutoRun - 1

[2013/09/11 12:49:59 | 000,562,688 | ---- | C] (Microsoft Corporation)

[2013/09/11 12:45:28 | 003,959,296 | ---- | C] (Microsoft

[2013/09/11 12:44:25 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\Win

(Microsoft Corporation) -- C:\Win

C] (Microsoft Corporation) -- C:\Win

| C] (Microsoft Corporation) -- C:\Win

C] (Microsoft Corporation) -- C:\Win

| ---- | C] (Microsoft Corporation) -- C:\Win

C] (Microsoft Corporation) -- C:\Win

| 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv

[color=#E56717]========== ZeroAccess Check ==========[/color]

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

Das könnte Ihnen auch gefallen