1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Troubles with slow computer

Discussion in 'Malware and Virus Removal Archive' started by terodne, 2014/12/17.

  1. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    [Solved] Troubles with slow computer

    Hi, guys. I have followed this forum (without registration), and now unfortunately, I have had problems with my computer.

    My computer is running slow. And i constantly having problems with stability and speed of my internet and also my processor in simple scientific calculation, as in "SuperPI" where has a result below expected.

    Already having accompanied user Broni tips, follow steps already pre-determined, which I will list below.
    (like http://www.windowsbbs.com/malware-virus-removal/108476-inactive-very-slow-computer.html#sysinfo)

    Thanks in advance for your help.

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org

    Database version: v2014.12.17.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17501
    Ramon :: RAMON-PC [administrator]

    17/12/2014 08:00:30
    mbar-log-2014-12-17 (08-00-30).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 349965
    Time elapsed: 14 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\AutoKMS.exe (Riskware.Keygen) -> Delete on reboot. [9e47243fabd1bf7778028245c13f5ca4]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    ________________________________________________________________

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
    Run by Ramon at 8:25:06 on 2014-12-17
    #Option Extended Search is enabled.
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.8174.4622 [GMT -2:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
    C:\Windows\SysWOW64\ASGT.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    K:\Programas Diversos - Instalados\DAEMON Tools Pro\DTShellHlp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Diebold\Warsaw\core.exe
    C:\Program Files (x86)\Diebold\Warsaw\core.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Users\Ramon\Desktop\mbar-1.08.2.1001.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Users\Ramon\Desktop\mbar\mbar.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    mSearch Page = hxxp://www.google.com
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
    uRun: [DAEMON Tools Pro Agent] "K:\Programas Diversos - Instalados\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    uRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    uRunOnce: [Adobe Speed Launcher] 1418781827
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [Diebold - Warsaw] C:\Program Files (x86)\Diebold\Warsaw\core.exe
    mRunOnce: [Malwarebytes Anti-Rootkit (cleanup)] "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe" "C:\ProgramData\Malwarebytes' Anti-Malware (portable) "
    dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: itau.com.br
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{E1A80BC9-BBE8-4DF6-AB0C-A9604EC7A26C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{E1A80BC9-BBE8-4DF6-AB0C-A9604EC7A26C}\D457C64796C616375627 : DHCPNameServer = 208.67.222.222 8.8.8.8
    TCP: Interfaces\{E1A80BC9-BBE8-4DF6-AB0C-A9604EC7A26C}\D457C64796C616375627F575350313 : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe "
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\3xpvdrgi.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2014-10-30 14592]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-10-21 283200]
    R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-11-29 26528]
    R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-12-17 96472]
    R1 VDiskBus;ASUS Disk Unlocker;C:\Windows\System32\drivers\VDiskBus64.sys [2010-9-21 43136]
    R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880]
    R2 AODDriver4.3.0;AODDriver4.3.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2014-9-19 60104]
    R2 ASDiskUnlocker;ASDiskUnlocker;C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [2010-12-2 258688]
    R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2014-10-29 90112]
    R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
    R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-11-3 546104]
    R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-21 1148744]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-21 1795912]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-21 19819848]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2014-10-30 32544]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-9 409800]
    R2 Warsaw Technology;Warsaw Technology;C:\Program Files (x86)\Diebold\Warsaw\core.exe [2014-12-17 518968]
    R3 ASFLTDrv.sys;ASFLTDrv.sys;C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [2010-9-16 16512]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-12-17 135384]
    R3 NisSrv;Inspeção de Rede da Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-21 19784]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-15 38216]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-11-28 941784]
    S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2014-9-19 137584]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-10-20 21712]
    S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-10-21 1471352]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-11 114688]
    S3 NVFLASH;NVFLASH;C:\Windows\System32\drivers\nvflash.sys [2014-10-30 15648]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-23 19456]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2014-10-30 48416]
    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2014-10-30 32360]
    S3 ssdudfu;SAMSUNG Mobile USB DFU2 Device;C:\Windows\System32\drivers\ssdudfu.sys [2014-10-29 101960]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-23 56832]
    S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-10-24 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1 "
    .
    =============== Created Last 60 ================
    .
    2014-12-17 10:22:27 79064 ----a-w- C:\Windows\System32\drivers\imofugc.sys
    2014-12-17 10:00:20 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-17 10:00:18 135384 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-12-17 09:52:58 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-12-17 09:37:39 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
    2014-12-17 09:37:36 -------- d-----w- C:\ProgramData\RogueKiller
    2014-12-17 09:37:05 -------- d--h--w- C:\Program Files (x86)\GAS Tecnologia
    2014-12-17 09:37:05 -------- d-----w- C:\Program Files (x86)\Diebold
    2014-12-16 10:21:48 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E812B19-9BAA-40C2-B98C-AEC15B5BEA73}\mpengine.dll
    2014-12-14 20:10:18 -------- d-----w- C:\LinhaDefensiva
    2014-12-14 20:00:47 -------- d-----w- C:\Program Files (x86)\CrystalDiskInfo
    2014-12-14 19:37:53 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-12-14 19:27:32 98816 ----a-w- C:\Windows\sed.exe
    2014-12-14 19:27:32 256000 ----a-w- C:\Windows\PEV.exe
    2014-12-14 19:27:32 208896 ----a-w- C:\Windows\MBR.exe
    2014-12-14 18:45:51 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-12-11 14:34:46 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
    2014-12-11 14:34:46 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
    2014-12-11 14:34:46 24576 ----a-w- C:\Windows\System32\mfpmp.exe
    2014-12-11 14:34:46 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
    2014-12-11 14:34:46 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
    2014-12-11 14:34:46 2048 ----a-w- C:\Windows\System32\mferror.dll
    2014-12-11 14:34:45 4121600 ----a-w- C:\Windows\System32\mf.dll
    2014-12-11 14:34:45 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
    2014-12-11 14:34:45 206848 ----a-w- C:\Windows\System32\mfps.dll
    2014-12-11 14:34:45 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
    2014-12-11 14:15:32 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-12-10 10:10:11 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24271E36-8565-43F0-8014-071EAB4EE2FD}\gapaengine.dll
    2014-12-09 05:37:09 615624 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-12-08 11:33:03 -------- d-----w- C:\ProgramData\Caphyon
    2014-12-08 11:32:05 -------- d-----w- C:\Users\Ramon\AppData\Roaming\Plagiarism Checker X, LLC
    2014-12-08 06:18:25 -------- d-----w- C:\Users\Ramon\AppData\Roaming\br.com.copySpider.gui.v15.CSGuiMain
    2014-12-08 06:18:19 -------- d-----w- C:\Users\Ramon\AppData\Local\CopySpider
    2014-12-08 06:17:49 -------- d-----w- C:\Program Files (x86)\CopySpider
    2014-12-05 17:32:12 -------- d-----w- C:\Users\Ramon\AppData\Local\ElevatedDiagnostics
    2014-12-02 15:38:21 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
    2014-12-02 01:27:44 -------- d-sh--w- C:\Users\Ramon\AppData\Local\EmieBrowserModeList
    2014-11-29 10:42:07 26528 ----a-w- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
    2014-11-29 01:58:38 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-11-29 01:58:38 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-11-29 01:56:58 2565736 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
    2014-11-29 01:55:58 14952 ----a-w- C:\Windows\System32\RtkCoLDR64.dll
    2014-11-29 01:54:34 11944 ----a-w- C:\Windows\System32\drivers\amdide64.sys
    2014-11-29 01:54:20 83176 ----a-w- C:\Windows\System32\drivers\amd_sata.sys
    2014-11-29 01:54:20 43240 ----a-w- C:\Windows\System32\drivers\amd_xata.sys
    2014-11-29 01:53:28 4028928 ----a-w- C:\Windows\System32\drivers\athrx.sys
    2014-11-29 01:53:06 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2014-11-29 01:52:41 941784 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
    2014-11-29 01:52:41 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2014-11-26 17:41:48 -------- d-----w- C:\Users\Ramon\abaqus_plugins
    2014-11-26 17:35:56 -------- d-----w- C:\Program Files\Microsoft HPC Pack 2008 R2
    2014-11-26 17:35:37 -------- d-----w- C:\Users\Ramon\AppData\Roaming\DassaultSystemes
    2014-11-26 17:35:37 -------- d-----w- C:\Users\Ramon\AppData\Local\DassaultSystemes
    2014-11-26 17:35:37 -------- d-----w- C:\ProgramData\DassaultSystemes
    2014-11-26 17:31:27 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
    2014-11-26 17:25:00 -------- d--h--w- C:\Users\Ramon\InstallAnywhere
    2014-11-25 15:59:38 18638520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    2014-11-23 14:13:26 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-11-23 14:13:09 -------- d-----w- C:\AdwCleaner
    2014-11-23 14:09:37 290304 ----a-w- C:\Windows\SysWow64\subinacl.exe
    2014-11-23 14:09:32 -------- d-----w- C:\Program Files\Common Files\Microsoft
    2014-11-23 14:09:32 -------- d-----w- C:\Program Files\Adware-Removal-Tool
    2014-11-22 14:36:56 -------- d-----w- C:\ProgramData\Protexis
    2014-11-22 14:02:34 -------- d-----w- C:\Program Files (x86)\gs
    2014-11-22 14:02:09 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
    2014-11-22 14:01:45 -------- d-----w- C:\ProgramData\Corel
    2014-11-19 06:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
    2014-11-16 14:18:08 1876296 ----a-w- C:\Windows\System32\nvdispco6434465.dll
    2014-11-16 14:18:08 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434465.dll
    2014-11-16 01:30:51 -------- d-----w- C:\Program Files\Speccy
    2014-11-15 15:42:30 683520 ----a-w- C:\Windows\System32\termsrv.dll
    2014-11-15 15:42:30 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
    2014-11-15 15:42:30 681984 ----a-w- C:\Windows\System32\adtschema.dll
    2014-11-15 15:42:30 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-11-15 15:42:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2014-11-15 15:42:30 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2014-11-15 15:42:30 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-11-15 15:42:29 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-11-15 15:42:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-11-15 15:40:35 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2014-11-15 15:40:35 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2014-11-15 12:52:24 38216 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
    2014-11-15 12:52:24 32584 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2014-11-11 19:01:04 3183800 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\1046\MSOINTL.DLL
    2014-11-11 07:24:18 195272 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\LICLUA.EXE
    2014-11-09 05:31:26 -------- d-----w- C:\Users\Ramon\AppData\Local\Microsoft Games
    2014-11-05 20:41:09 -------- d-----w- C:\Users\Ramon\AppData\Local\Mozilla
    2014-11-03 06:18:20 -------- d-----w- C:\Users\Ramon\AppData\Roaming\Unity
    2014-11-03 06:15:26 -------- d-----w- C:\Users\Ramon\AppData\Local\Unity
    2014-11-03 04:48:34 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-10-30 05:16:25 15648 ----a-w- C:\Windows\System32\drivers\nvflash.sys
    2014-10-30 05:10:14 -------- d-----w- C:\Program Files\ATI Technologies
    2014-10-30 05:10:12 -------- d-----w- C:\Program Files\ATI
    2014-10-30 05:09:29 16440 ----a-w- C:\Windows\System32\drivers\AtiPcie.sys
    2014-10-30 05:03:55 -------- d-----w- C:\Windows\pss
    2014-10-30 04:00:09 48416 ----a-w- C:\Windows\System32\drivers\RtTeam60.sys
    2014-10-30 04:00:09 32544 ----a-w- C:\Windows\System32\drivers\RtNdPt60.sys
    2014-10-30 04:00:09 32360 ----a-w- C:\Windows\System32\drivers\RtVlan620.sys
    2014-10-30 03:55:24 107552 ----a-w- C:\Windows\System32\SET357.tmp
    2014-10-30 03:55:20 -------- d-----w- C:\Program Files (x86)\Realtek
    2014-10-30 03:39:35 -------- d-----w- C:\ProgramData\ASUS OC Profiles
    2014-10-30 03:13:00 16896 ----a-w- C:\Windows\AsTaskSched.dll
    2014-10-30 03:06:25 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    2014-10-30 03:06:25 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    2014-10-30 03:03:28 14592 ----a-w- C:\Windows\System32\drivers\AiCharger.sys
    2014-10-30 02:01:03 13368 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
    2014-10-30 01:58:03 -------- d-----w- C:\Windows\Downloaded Installations
    2014-10-30 01:49:56 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll
    2014-10-30 01:49:56 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
    2014-10-30 01:49:10 -------- d-----w- C:\Program Files (x86)\ASUS
    2014-10-30 01:48:49 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2014-10-30 01:48:48 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2014-10-30 01:48:48 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2014-10-30 01:48:48 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2014-10-30 01:48:47 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2014-10-30 01:48:30 15416 ----a-w- C:\Windows\System32\drivers\ASACPI.sys
    2014-10-29 14:40:02 -------- d-----w- C:\Users\Ramon\AppData\Roaming\temp
    2014-10-29 14:29:03 -------- d-----w- C:\Users\Ramon\AppData\Local\Samsung
    2014-10-29 14:29:00 -------- d-----w- C:\Users\Ramon\AppData\Roaming\Samsung
    2014-10-29 14:27:56 15944 ----a-w- C:\Windows\System32\drivers\ssduwh.sys
    2014-10-29 14:27:56 101960 ----a-w- C:\Windows\System32\drivers\ssdudfu.sys
    2014-10-29 14:27:28 18944 ----a-w- C:\Windows\System32\drivers\ss_mdfl.sys
    2014-10-29 14:27:28 161280 ----a-w- C:\Windows\System32\drivers\ss_mdm.sys
    2014-10-29 14:27:28 15872 ----a-w- C:\Windows\System32\drivers\ss_whnt.sys
    2014-10-29 14:27:28 15872 ----a-w- C:\Windows\System32\drivers\ss_wh.sys
    2014-10-29 14:27:28 15360 ----a-w- C:\Windows\System32\drivers\ss_cmnt.sys
    2014-10-29 14:27:28 15360 ----a-w- C:\Windows\System32\drivers\ss_cm.sys
    2014-10-29 14:27:28 127488 ----a-w- C:\Windows\System32\drivers\ss_bus.sys
    2014-10-29 13:47:29 144664 ----a-w- C:\Windows\SysWow64\secman.dll
    2014-10-29 13:47:25 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
    2014-10-29 13:46:21 -------- d-----w- C:\ProgramData\Samsung
    2014-10-28 19:42:05 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2014-10-28 19:42:05 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2014-10-28 18:37:12 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-10-28 18:36:41 6584320 ----a-w- C:\Windows\System32\mstscax.dll
    2014-10-28 18:36:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-10-28 18:34:33 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2014-10-28 18:34:33 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2014-10-28 18:34:00 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
    2014-10-28 18:34:00 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
    2014-10-28 18:34:00 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
    2014-10-28 18:34:00 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
    2014-10-28 18:30:47 67072 ----a-w- C:\Windows\splwow64.exe
    2014-10-28 18:30:47 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2014-10-28 02:24:16 -------- d-----w- C:\Users\Ramon\AppData\Roaming\MAXON
    2014-10-26 17:35:58 -------- d-----w- C:\Users\Ramon\AppData\Local\4A Games
    2014-10-25 22:11:32 -------- d-----w- C:\Users\Ramon\AppData\Roaming\MPC-HC
    2014-10-25 19:45:04 -------- d-----w- C:\Users\Ramon\AppData\Local\Activision
    2014-10-25 18:39:53 -------- d-----w- C:\Users\Ramon\AppData\Local\CAPCOM
    2014-10-25 18:39:53 -------- d-----w- C:\ProgramData\Steam
    2014-10-24 21:47:48 -------- d-----w- C:\Windows\SysWow64\directx
    2014-10-24 21:35:12 -------- d-----w- C:\ProgramData\Electronic Arts
    2014-10-24 21:35:12 -------- d-----w- C:\ProgramData\EA Core
    2014-10-24 19:51:11 -------- d-----w- C:\Users\Ramon\AppData\Local\SKIDROW
    2014-10-24 19:47:35 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2014-10-24 19:47:32 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2014-10-24 19:47:27 -------- d-----w- C:\Users\Ramon\AppData\Roaming\PunkBuster
    2014-10-24 18:08:41 -------- d-----w- C:\Users\Ramon\AppData\Roaming\Theta
    2014-10-24 17:17:00 -------- d-----w- C:\ProgramData\Orbit
    2014-10-24 15:42:26 -------- d-sh--w- C:\Users\Ramon\AppData\Local\EmieUserList
    2014-10-24 15:42:26 -------- d-sh--w- C:\Users\Ramon\AppData\Local\EmieSiteList
    2014-10-24 15:38:59 25936 ----a-w- C:\Windows\System32\X3DAudio1_5.dll
    2014-10-24 15:16:56 -------- d-----w- C:\ProgramData\Solidshield
    2014-10-24 14:49:38 -------- d-----w- C:\Windows\SysWow64\Wat
    2014-10-24 14:49:38 -------- d-----w- C:\Windows\System32\Wat
    2014-10-24 13:01:00 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2014-10-24 13:01:00 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2014-10-24 13:00:59 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2014-10-24 13:00:59 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2014-10-24 12:54:59 -------- d-----w- C:\Windows\Migration
    2014-10-24 11:29:14 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
    2014-10-24 11:29:14 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
    2014-10-24 11:29:14 171160 ----a-w- C:\Windows\System32\infocardapi.dll
    2014-10-24 11:29:14 1389208 ----a-w- C:\Windows\System32\icardagt.exe
    2014-10-24 11:29:11 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
    2014-10-24 11:29:11 8856 ----a-w- C:\Windows\System32\icardres.dll
    2014-10-24 11:28:43 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
    2014-10-24 11:28:43 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
    2014-10-24 05:53:49 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2014-10-24 05:52:30 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2014-10-24 05:51:09 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2014-10-24 05:51:08 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2014-10-24 05:49:55 314880 ----a-w- C:\Windows\SysWow64\webio.dll
    2014-10-24 05:39:56 878080 ----a-w- C:\Windows\System32\advapi32.dll
    2014-10-24 05:38:56 197120 ----a-w- C:\Windows\System32\credui.dll
    2014-10-24 05:38:56 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
    2014-10-24 05:38:56 168960 ----a-w- C:\Windows\SysWow64\credui.dll
    2014-10-24 05:38:56 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    2014-10-24 05:38:46 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2014-10-24 05:38:46 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2014-10-24 05:38:46 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2014-10-24 05:38:46 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2014-10-24 05:38:46 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2014-10-24 05:24:13 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2014-10-24 05:24:13 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2014-10-24 05:23:59 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2014-10-24 05:23:59 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2014-10-24 05:23:51 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2014-10-24 05:23:51 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
    2014-10-24 05:23:28 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2014-10-24 05:23:27 830464 ----a-w- C:\Windows\System32\nshwfp.dll
    2014-10-24 05:23:27 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2014-10-24 05:23:27 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    2014-10-24 05:23:27 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
    2014-10-24 05:23:25 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2014-10-24 05:23:24 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2014-10-24 05:22:18 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2014-10-24 05:22:17 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
    2014-10-24 05:22:17 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2014-10-24 05:22:17 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2014-10-24 05:22:17 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2014-10-24 05:22:16 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2014-10-24 01:28:35 2560 ----a-w- C:\Windows\System32\drivers\pt-BR\wdf01000.sys.mui
    2014-10-24 01:28:35 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2014-10-24 01:27:28 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
    2014-10-24 01:27:26 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
    2014-10-24 01:27:25 243200 ----a-w- C:\Windows\System32\rdpudd.dll
    2014-10-24 01:27:25 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
    2014-10-24 01:22:21 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2014-10-24 01:22:20 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2014-10-24 01:22:20 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2014-10-24 01:22:20 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2014-10-24 01:22:19 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2014-10-24 01:22:19 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2014-10-24 01:22:19 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2014-10-24 01:18:53 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2014-10-24 01:18:53 5120 ----a-w- C:\Windows\System32\wmi.dll
    2014-10-24 01:18:53 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2014-10-24 01:15:58 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2014-10-24 01:14:54 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2014-10-24 01:11:46 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2014-10-24 01:11:36 202752 ----a-w- C:\Windows\System32\scrrun.dll
    2014-10-24 01:11:36 168960 ----a-w- C:\Windows\System32\wscript.exe
    2014-10-24 01:11:36 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
    2014-10-24 01:11:36 156160 ----a-w- C:\Windows\System32\cscript.exe
    2014-10-24 01:11:36 150016 ----a-w- C:\Windows\System32\wshom.ocx
    2014-10-24 01:11:36 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
    2014-10-24 01:11:36 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
    2014-10-24 01:11:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
    2014-10-24 01:11:29 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2014-10-24 01:09:07 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2014-10-24 01:08:39 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2014-10-24 01:08:39 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2014-10-24 01:07:50 461312 ----a-w- C:\Windows\System32\scavengeui.dll
    2014-10-24 01:06:02 956928 ----a-w- C:\Windows\System32\localspl.dll
    2014-10-24 01:05:41 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2014-10-24 01:05:24 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2014-10-24 01:05:24 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2014-10-22 22:29:23 -------- d-----w- C:\ProgramData\GbPlugin
    2014-10-22 22:29:23 -------- d-----w- C:\Program Files (x86)\GbPlugin
    2014-10-22 22:28:32 -------- d-----w- C:\Users\Ramon\AppData\Local\GAS Tecnologia
    2014-10-22 22:28:32 -------- d-----w- C:\ProgramData\GAS Tecnologia
    2014-10-22 22:28:32 -------- d-----w- C:\ProgramData\boost_interprocess
    2014-10-22 22:26:03 -------- d-----w- C:\ProgramData\Package Cache
    2014-10-22 20:43:37 -------- d-----w- C:\Users\Ramon\AppData\Roaming\GameVicio
    2014-10-22 20:42:56 -------- d-----w- C:\Program Files (x86)\GameVicio
    2014-10-22 17:24:40 -------- d-----w- C:\Windows\System32\SPReview
    2014-10-22 17:24:26 -------- d-----w- C:\Windows\System32\EventProviders
    2014-10-22 17:21:21 48976 ----a-w- C:\Windows\System32\netfxperf.dll
    2014-10-22 17:21:11 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
    2014-10-22 17:21:04 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2014-10-22 17:21:04 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2014-10-22 17:21:04 1743360 ----a-w- C:\Windows\System32\sysmain.dll
    2014-10-22 17:21:03 95744 ----a-w- C:\Windows\System32\RDVGHelper.exe
    2014-10-22 17:21:03 133632 ----a-w- C:\Windows\System32\tssrvlic.dll
    2014-10-22 17:21:02 629760 ----a-w- C:\Windows\SysWow64\pmcsnap.dll
    2014-10-22 17:21:01 3650560 ----a-w- C:\Windows\System32\MSVidCtl.dll
    2014-10-22 17:19:59 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2014-10-22 17:18:47 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2014-10-22 16:45:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2014-10-22 14:18:52 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2014-10-22 14:10:47 -------- d-----w- C:\Windows\System32\MRT
    2014-10-22 13:25:47 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2014-10-22 13:25:47 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2014-10-21 05:10:46 -------- d-----w- C:\Users\Ramon\AppData\Local\cache
    2014-10-21 04:58:23 -------- d-----w- C:\ProgramData\FARO
    2014-10-21 04:55:21 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
    2014-10-21 04:54:56 -------- d-----w- C:\Users\Ramon\AppData\Local\Autodesk
    2014-10-21 04:52:37 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
    2014-10-21 04:52:37 -------- d-----w- C:\Program Files\Autodesk
    2014-10-21 04:51:58 -------- d-----w- C:\Program Files (x86)\Autodesk
    2014-10-21 04:51:18 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
    2014-10-21 04:43:27 -------- d-----w- C:\Users\Ramon\AppData\Roaming\Autodesk
    2014-10-21 04:37:33 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
    2014-10-21 04:37:33 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
    2014-10-21 04:33:12 -------- d-----w- C:\Program Files (x86)\Microsoft Games
    2014-10-21 04:27:10 -------- d-----w- C:\Program Files\CCleaner
    2014-10-21 04:16:18 -------- d-----w- C:\Program Files (x86)\Ontrack
    2014-10-21 03:59:28 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2014-10-21 03:59:26 -------- d-----w- C:\Users\Ramon\AppData\Roaming\DAEMON Tools Pro
    2014-10-21 03:58:16 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
    2014-10-21 03:45:27 -------- d-----w- C:\Users\Ramon\AppData\Roaming\uTorrent
    2014-10-21 03:12:05 -------- d-----w- C:\ProgramData\SystemRequirementsLab
    2014-10-21 03:11:35 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2014-10-21 03:03:45 -------- d-----w- C:\Users\Ramon\AppData\Roaming\NVIDIA
    2014-10-21 03:03:38 -------- d-----w- C:\Program Files (x86)\GPU-Z
    2014-10-21 02:54:42 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
    2014-10-21 02:54:42 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
    2014-10-21 02:54:42 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
    2014-10-21 02:54:42 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
    2014-10-21 02:54:41 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
    2014-10-21 02:54:41 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
    2014-10-21 02:54:22 2800296 ----a-w- C:\Windows\System32\nvspcap64.dll
    2014-10-21 02:54:22 2197680 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2014-10-21 02:54:22 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
    2014-10-21 02:54:22 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
    2014-10-21 02:49:50 -------- d-----w- C:\Users\Ramon\AppData\Local\Nvidia Corporation
    2014-10-21 02:45:11 -------- d-----w- C:\Users\Ramon\AppData\Local\NVIDIA
    2014-10-21 02:33:18 934032 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-10-21 02:33:18 6897352 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-10-21 02:33:18 62608 ----a-w- C:\Windows\System32\nvshext.dll
    2014-10-21 02:33:18 4100776 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-10-21 02:33:18 386368 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-10-21 02:33:18 3534152 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-10-21 02:33:18 2559808 ----a-w- C:\Windows\System32\nvsvcr.dll
    2014-10-21 02:33:07 74056 ----a-w- C:\Windows\System32\OpenCL.dll
    2014-10-21 02:33:07 59592 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2014-10-21 02:33:01 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2014-10-21 02:15:00 989056 ----a-w- C:\Windows\System32\nvumdshimx.dll
    2014-10-21 02:15:00 35144 ----a-w- C:\Windows\System32\nvaudcap64v.dll
    2014-10-21 02:15:00 3262784 ----a-w- C:\Windows\System32\nvapi64.dll
    2014-10-21 02:15:00 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2014-10-21 02:15:00 2874456 ----a-w- C:\Windows\SysWow64\nvapi.dll
    2014-10-21 02:15:00 20986592 ----a-w- C:\Windows\System32\nvwgf2umx.dll
    2014-10-21 02:15:00 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2014-10-21 02:15:00 1876296 ----a-w- C:\Windows\System32\nvdispco6434411.dll
    2014-10-21 02:15:00 18514616 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
    2014-10-21 02:15:00 16884632 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2014-10-21 02:15:00 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434411.dll
    2014-10-21 02:15:00 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2014-10-20 22:52:24 -------- d-----w- C:\Windows\Panther
    2014-10-20 22:49:06 -------- d-----w- C:\Program Files (x86)\AMD
    2014-10-20 22:48:23 -------- d-----w- C:\Users\Ramon\AppData\Local\Downloaded Installations
    2014-10-20 22:41:34 -------- d-----w- C:\Program Files\CPUID
    2014-10-20 22:36:34 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
    2014-10-20 21:51:34 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2014-10-20 21:51:30 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2014-10-20 20:51:36 -------- d-----w- C:\ProgramData\ProductData
    2014-10-20 20:51:32 -------- d-----w- C:\Users\Ramon\AppData\Roaming\IObit
    2014-10-20 20:51:32 -------- d-----w- C:\ProgramData\IObit
    2014-10-20 20:51:29 -------- d-----w- C:\Program Files (x86)\IObit
    2014-10-20 20:42:37 -------- d-----w- C:\Users\Ramon\AppData\Local\Skype
    2014-10-20 20:42:12 -------- d-----w- C:\Users\Ramon\AppData\Roaming\Ad-Aware Antivirus
    2014-10-20 20:33:16 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
    2014-10-20 20:30:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2014-10-20 20:30:47 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-10-20 20:23:28 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
    2014-10-20 20:19:27 -------- d-----w- C:\Users\Ramon\AppData\Roaming\SUPERAntiSpyware.com
    2014-10-20 20:19:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2014-10-20 20:19:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2014-10-20 20:16:33 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-10-20 20:16:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-20 20:14:33 -------- d-----w- C:\Program Files\Microsoft Security Client
    2014-10-20 19:47:05 -------- d-----w- C:\Users\Ramon\AppData\Roaming\Dropbox
    2014-10-20 19:34:11 260696 ----a-w- C:\Windows\System32\unrar64.dll
    2014-10-20 19:34:11 218200 ----a-w- C:\Windows\SysWow64\unrar.dll
    2014-10-20 19:34:08 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
    2014-10-20 19:34:07 -------- d-----w- C:\Users\Ramon\AppData\Local\Programs
    2014-10-20 19:27:20 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2014-10-20 19:27:08 -------- d-----w- C:\Windows\PCHEALTH
    2014-10-20 19:27:08 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-10-20 19:26:06 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2014-10-20 19:25:25 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2014-10-20 19:25:13 -------- d-----w- C:\Users\Ramon\AppData\Local\Microsoft Help
    2014-10-20 19:19:26 -------- d-----r- C:\Program Files (x86)\Skype
    2014-10-20 19:13:17 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2014-10-20 19:07:11 -------- d-----w- C:\Program Files (x86)\VS Revo Group
    2014-10-20 19:05:56 -------- d-----w- C:\Windows\SysWow64\Adobe
    2014-10-20 19:04:27 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-10-20 18:44:25 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-20 18:44:17 -------- d-----w- C:\ProgramData\Oracle
    2014-10-20 18:39:53 -------- d-----w- C:\Users\Ramon\AppData\Local\Adobe
    2014-10-20 18:35:48 -------- d-----w- C:\Users\Ramon\AppData\Local\Google
    2014-10-20 18:35:41 -------- d-sh--w- C:\Windows\Installer
    2014-10-20 18:27:25 11578928 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8F5A4BB-C545-49D9-8DDE-1AA3A0268B5B}\mpengine.dll
    2014-10-20 18:27:24 275080 ------w- C:\Windows\System32\MpSigStub.exe
    2014-10-20 18:13:21 -------- d-----w- C:\Users\Ramon\AppData\Local\Diagnostics
    .
    ==================== Find6M ====================
    .
    2014-11-29 01:55:56 628952 ----a-w- C:\Windows\System32\RtDataProc64.dll
    2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
    2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-11-22 02:35:43 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
    2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-11-22 01:55:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
    2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
    2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
    2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
    2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
    2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
    2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
    2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-22 17:28:43 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2014-10-22 17:28:43 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
    2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
    2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
    2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
    2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
    2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
    2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
    2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
    2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
    2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
    2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
    2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
    2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
    2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
    2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
    2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
    2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
    2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
    2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
    2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
    2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
    2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
    2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
    2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-21 06:43:26 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2014-08-21 06:40:32 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-08-21 06:26:21 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-08-21 06:23:10 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-08-12 02:02:49 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
    2014-08-12 01:36:37 701440 ----a-w- C:\Windows\SysWow64\IMJP10K.DLL
    2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2014-07-25 04:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
    2014-07-25 01:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
    2014-07-17 20:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2014-07-17 20:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2014-07-17 02:07:58 235520 ----a-w- C:\Windows\System32\winsta.dll
    2014-07-17 02:07:39 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2014-07-17 02:07:24 455168 ----a-w- C:\Windows\System32\winlogon.exe
    2014-07-17 01:40:03 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
    2014-07-17 01:21:54 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2014-07-17 01:21:27 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2014-06-24 03:29:36 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    .
    ============= FINISH: 8:26:09,18 ===============

    _____________________________________________________
     
  2. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20/10/2014 16:03:17
    System Uptime: 17/12/2014 05:43:12 (3 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M5A78L-M LX/BR
    Processor: AMD FX(tm)-6300 Six-Core Processor | AM3R2 | 3500/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 100 GiB total, 39,946 GiB free.
    D: is FIXED (NTFS) - 198 GiB total, 181,073 GiB free.
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    J: is FIXED (NTFS) - 101 GiB total, 16,252 GiB free.
    K: is FIXED (NTFS) - 365 GiB total, 248,438 GiB free.
    L: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB SD Reader
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#058F312D81B&0#
    Manufacturer: Generic
    Name: E:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#058F312D81B&0#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB SM Reader
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#058F312D81B&2#
    Manufacturer: Generic
    Name: G:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#058F312D81B&2#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB CF Reader
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#058F312D81B&1#
    Manufacturer: Generic
    Name: F:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#058F312D81B&1#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB MS Reader
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#058F312D81B&3#
    Manufacturer: Generic
    Name: H:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#058F312D81B&3#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP85: 11/12/2014 12:31:21 - Windows Update
    RP86: 13/12/2014 23:02:57 - Removed Plagiarism Checker X
    RP87: 14/12/2014 16:40:46 - Backup do Windows
    RP88: 14/12/2014 16:44:35 - Windows Update
    RP89: 16/12/2014 22:45:34 - Revo Uninstaller's restore point - Warsaw 1.3.1
    RP90: 16/12/2014 23:08:58 - Driver Booster : Realtek PCIe GBE Family Controller
    RP91: 17/12/2014 07:49:12 - Antes do novo anti vírus
    RP92: 17/12/2014 08:22:10 - Malwarebytes Anti-Rootkit Restore Point
    .
    ==== Installed Programs ======================
    .
    Abaqus 6.12-1
    Adobe AIR
    Adobe Flash Player 15 ActiveX
    Adobe Reader XI (11.0.10) - Português
    Adobe Shockwave Player 12.1
    Age of Empires III
    AI Suite
    AMD OverDrive
    Assassin's Creed Brotherhood
    ASUS Ai Charger
    ASUS GPU Tweak
    ASUSUpdate
    ATI Catalyst Install Manager
    µTorrent
    Atualizações da NVIDIA 16.13.65
    AutoCAD 2014 - English
    AutoCAD 2014 - Português - Brasil (Brazilian Portuguese)
    AutoCAD 2014 Language Pack - English
    AutoCAD 2014 Language Pack - Português - Brasil (Brazilian Portuguese)
    Autodesk 360
    Autodesk App Manager
    Autodesk AutoCAD 2014 - English
    Autodesk AutoCAD 2014 Language Pack - Português - Brasil (Brazilian Portuguese)
    Autodesk Content Service
    Autodesk Content Service Language Pack
    Autodesk Featured Apps
    Autodesk Material Library 2014
    Autodesk Material Library Base Resolution Image Library 2014
    Autodesk Material Library Medium Resolution Image Library 2014
    Autodesk ReCap
    Autodesk ReCap Language Pack-English
    CCleaner
    CopySpider 1.1.12
    Corel Graphics - Windows Shell Extension
    CorelDRAW Graphics Suite X5
    CorelDRAW Graphics Suite X5 - BR
    CorelDRAW Graphics Suite X5 - Capture
    CorelDRAW Graphics Suite X5 - Common
    CorelDRAW Graphics Suite X5 - Connect
    CorelDRAW Graphics Suite X5 - Custom Data
    CorelDRAW Graphics Suite X5 - Draw
    CorelDRAW Graphics Suite X5 - Filters
    CorelDRAW Graphics Suite X5 - FontNav
    CorelDRAW Graphics Suite X5 - IPM
    CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    CorelDRAW Graphics Suite X5 - Photozoom Plugin
    CorelDRAW Graphics Suite X5 - Redist
    CorelDRAW Graphics Suite X5 - Setup Files
    CorelDRAW Graphics Suite X5 - VBA
    CorelDRAW Graphics Suite X5 - VideoBrowser
    CorelDRAW Graphics Suite X5 - VSTA
    CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
    CorelDRAW Graphics Suite X5 - WT
    CorelDRAW(R) Graphics Suite X5
    CPUID CPU-Z 1.71
    CPUID HWMonitor 1.25
    CrystalDiskInfo 6.2.2
    DAEMON Tools Pro
    Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
    Disk Unlocker
    Driver Booster 2
    Dropbox
    EPU-4 Engine
    FARO LS 1.1.501.0 (64bit)
    Flow
    Ghostscript GPL 8.64 (Msi Setup)
    Google Chrome
    Google Drive
    Google Update Helper
    GPUTweakStreaming
    Guardião - Itaú 30 horas
    Heroes of Newerth
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    ImgBurn
    Java 8 Update 25
    Java 8 Update 25 (64-bit)
    Java Auto Updater
    K-Lite Codec Pack 10.8.0 Full
    Metro Last Light
    Microsoft .NET Framework 4.5.1
    Microsoft .NET Framework 4.5.1 (Português do Brasil)
    Microsoft .NET Framework 4.5.1 (PTB)
    Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack
    Microsoft Office Access MUI (Portuguese (Brazil)) 2010
    Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
    Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (Portuguese (Brazil)) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (Portuguese (Brazil)) 2010
    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
    Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010
    Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
    Microsoft Office Word MUI (Portuguese (Brazil)) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 33.0 (x86 pt-BR)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyFreeCodec
    Need for Speed(TM) Hot Pursuit
    Neverwinter Nights 2 - Platinum Edition
    NVIDIA Driver de controle do 3D Vision 344.75
    NVIDIA Driver de gráficos 344.75
    NVIDIA Driver de áudio HD 1.3.32.1
    NVIDIA Driver do 3D Vision 344.75
    NVIDIA GeForce Experience 2.1.4
    NVIDIA GeForce Experience Service
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA ShadowPlay 16.13.65
    NVIDIA Software do sistema PhysX 9.14.0702
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.26
    Painel de controle da NVIDIA 344.75
    PC Probe II
    PunkBuster Services
    RAIDXpert
    Realtek Ethernet Controller Driver
    Realtek Ethernet Diagnostic Utility
    Realtek High Definition Audio Driver
    RESIDENT EVIL REVELATIONS
    Revo Uninstaller 1.95
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    SHIELD Streaming
    SHIELD Wireless Controller Driver
    SIMULIA FLEXnet License Server
    SiSoftware Sandra Business 2013.SP3
    SketchUp Import for AutoCAD 2014
    Skype™ 6.21
    Sleeping Dogs version 1.4
    Speccy
    swMSM
    System Requirements Lab CYRI
    System Requirements Lab Detection
    TechPowerUp GPU-Z
    The Amazing Spider-Man
    The Sims™ 3
    Tombraider
    Turbo Key
    Ubisoft Game Launcher
    Unity Web Player
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
    Visual Basic for Applications (R) Core
    Visual Basic for Applications (R) Core - English
    Visual Basic for Applications (R) Core - Portuguese (Brazil)
    Visual C++ 2008 x64 Runtime - (v9.0.30729.4967)
    Visual C++ 2008 x64 Runtime - v9.0.30729.4967
    Visual C++ 2008 x86 Runtime - (v9.0.30729.4967)
    Visual C++ 2008 x86 Runtime - v9.0.30729.4967
    VLC media player
    Warsaw 1.3.1
    WinRAR 5.11 (64-bit)
    .
    ==== End Of File ===========================
     

  3. to hide this advert.

  4. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    I haved just follow this steps (http://www.windowsbbs.com/malware-virus-removal/108476-inactive-very-slow-computer.html)

    Download RogueKiller from one of the following links and save it to your Desktop:
    DONE

    RogueKiller V10.1.0.0 (x64) [Dec 11 2014] por Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Site : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Iniciou : Modo normal
    Usuário : Ramon [Administrador]
    Modo : Deletar -- Data : 12/17/2014 07:45:30

    ¤¤¤ Processos : 2 ¤¤¤
    [Suspicious.Path] warsaw_setup.exe -- C:\Users\Ramon\AppData\Local\Temp\GAS Tecnologia\GBBD\warsaw_setup.exe[7] -> Interrompido [TermThr]
    [Suspicious.Path] warsaw_setup.tmp -- C:\Windows\TEMP\is-CALSO.tmp\warsaw_setup.tmp[x] -> Interrompido [TermThr]

    ¤¤¤ Registro : 14 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Substituído (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Substituído (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Substituído (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Substituído (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896 -> Substituído (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896 -> Substituído (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2815827584-2808248378-3256661377-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896 -> Substituído (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2815827584-2808248378-3256661377-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896 -> Substituído (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896 -> Substituído (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896 -> Substituído (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Substituído (0)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Substituído (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Substituído (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Substituído (0)

    ¤¤¤ Tarefas : 0 ¤¤¤

    ¤¤¤ Arquivos : 0 ¤¤¤

    ¤¤¤ Arquivos de hosts : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Deletado

    ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

    ¤¤¤ Navegadores : 1 ¤¤¤
    [FIREFX:Addon] 3xpvdrgi.default : Guardião - Itaú 30 horas [{87F8774F-B485-47E2-A755-A40A8A5E8873}] -> Deletado

    ¤¤¤ Verificação da MBR : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS543232L9A300 ATA Device +++++
    --- User ---
    [MBR] ca18ad5d668555f53e729305a83ccd78
    [BSP] d6cdd316a86eb82c048b5561af5e9755 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102900 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210946048 | Size: 202243 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: HDS725050KLA360 ATA Device +++++
    --- User ---
    [MBR] 4ea8f9afec9b8494e9562dfd9d82d93b
    [BSP] 9d0104e9016d7653494ddd3cb1158338 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
    Error reading User MBR! ([15] O dispositivo não está pronto. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

    +++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
    Error reading User MBR! ([15] O dispositivo não está pronto. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

    +++++ PhysicalDrive4: Generic USB SM Reader USB Device +++++
    Error reading User MBR! ([15] O dispositivo não está pronto. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

    +++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
    Error reading User MBR! ([15] O dispositivo não está pronto. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] Não há suporte para o pedido. )


    ============================================
    RKreport_SCN_12172014_074308.log - RKreport_DEL_12172014_074513.log
     
  5. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    Create new restore point before proceeding with the next step....
    DONE

    Download Malwarebytes Anti-Rootkit to your desktop.
    DONE

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org

    Database version: v2014.12.17.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17501
    Ramon :: RAMON-PC [administrator]

    17/12/2014 08:00:30
    mbar-log-2014-12-17 (08-00-30).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 349965
    Time elapsed: 14 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\AutoKMS.exe (Riskware.Keygen) -> Delete on reboot. [9e47243fabd1bf7778028245c13f5ca4]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    __________________________________________________________________

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17501

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED
    CPU speed: 3.515000 GHz
    Memory total: 8571183104, free: 5784993792

    Downloaded database version: v2014.12.17.01
    Downloaded database version: v2014.12.14.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    12/17/2014 08:00:19
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\AiCharger.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vmbus.sys
    \SystemRoot\system32\drivers\winhv.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\VDiskBus64.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\SysWow64\drivers\AsUpIO.sys
    \SystemRoot\SysWow64\drivers\AsIO.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\RtNdPt60.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    \??\C:\Windows\system32\drivers\IOMap64.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\rpcrt4.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\nsi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\usp10.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\lpk.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\msctf.dll
    \Windows\System32\ole32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\user32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\userenv.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk5\DR9
    Upper Device Object: 0xfffffa8008d7c060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000a7\
    Lower Device Object: 0xfffffa800897a220
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR8
    Upper Device Object: 0xfffffa800910a790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000a6\
    Lower Device Object: 0xfffffa8008b4db60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR7
    Upper Device Object: 0xfffffa80090da790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000a5\
    Lower Device Object: 0xfffffa8008c55b60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR6
    Upper Device Object: 0xfffffa80090cb790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000a4\
    Lower Device Object: 0xfffffa8008c56b60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8007718790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
    Lower Device Object: 0xfffffa80076fa680
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800770e790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa800680b680
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800770e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007722330, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800770e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800680b680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A1BC18F3

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 210739200

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 210946048 Numsec = 414193664

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8007718790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800770e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007718790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80076fa680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: F7748F4

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3981534337
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34 LastUsableLba 976773134
    GPT Header Guid 6e135a48-cf80-48c7-bc8e-3aa2f13d4c52
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3981534337
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
    Backup GPT header Guid 6e135a48-cf80-48c7-bc8e-3aa2f13d4c52
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type 5808c8aa-7e8f-42e0-85d2-e1e9434cfb3
    Partition ID f429e484-ef7e-4d36-88d-969563b984d2
    FirstLBA 34 Last LBA 2081
    Attributes 0
    Partition Name LDM metadata partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b0d0678-b2c9-4fd6-b21a-26d883405ae1
    FirstLBA 4096 Last LBA 210948095
    Attributes 0
    Partition Name Basic data partition

    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID c7ee86a3-8440-4005-a710-e3ac59b36bf4
    FirstLBA 210948096 Last LBA 976773119
    Attributes 0
    Partition Name Basic data partition

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xfffffa80090cb790, DeviceName: \Device\Harddisk2\DR6\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008b5ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80090cb790, DeviceName: \Device\Harddisk2\DR6\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008c56b60, DeviceName: \Device\000000a4\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xfffffa80090da790, DeviceName: \Device\Harddisk3\DR7\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008b4cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80090da790, DeviceName: \Device\Harddisk3\DR7\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008c55b60, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xfffffa800910a790, DeviceName: \Device\Harddisk4\DR8\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800842f2b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800910a790, DeviceName: \Device\Harddisk4\DR8\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008b4db60, DeviceName: \Device\000000a6\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 5, DevicePointer: 0xfffffa8008d7c060, DeviceName: \Device\Harddisk5\DR9\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80084042b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008d7c060, DeviceName: \Device\Harddisk5\DR9\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800897a220, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Infected: C:\Windows\AutoKMS.exe --> [Riskware.Keygen]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
  6. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    Please download ComboFix from Here, Here or Here to your Desktop.
    DONE

    ComboFix 14-12-14.01 - Ramon 17/12/2014 9:10.2.6 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.8174.6066 [GMT -2:00]
    Executando de: c:\users\Ramon\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2014-11-17 to 2014-12-17 ))))))))))))))))))))))))))))
    .
    .
    2014-12-17 11:15 . 2014-12-17 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-12-17 11:05 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67709842-09FD-4DD2-97A8-6FF82E0A76E3}\mpengine.dll
    2014-12-17 10:00 . 2014-12-17 10:59 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-12-17 10:00 . 2014-12-17 10:00 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-17 09:52 . 2014-12-17 09:52 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-17 09:37 . 2014-12-17 09:37 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-12-17 09:37 . 2014-12-17 09:37 -------- d-----w- c:\programdata\RogueKiller
    2014-12-17 09:37 . 2014-12-17 09:37 -------- d--h--w- c:\program files (x86)\GAS Tecnologia
    2014-12-17 09:37 . 2014-12-17 09:37 -------- d-----w- c:\program files (x86)\Diebold
    2014-12-16 10:21 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-12-14 20:10 . 2014-12-17 02:01 -------- d-----w- C:\LinhaDefensiva
    2014-12-14 20:00 . 2014-12-14 20:00 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
    2014-12-11 14:34 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
    2014-12-11 14:34 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
    2014-12-11 14:34 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
    2014-12-11 14:34 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
    2014-12-11 14:34 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
    2014-12-11 14:34 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
    2014-12-11 14:34 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
    2014-12-11 14:34 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
    2014-12-11 14:34 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
    2014-12-11 14:34 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
    2014-12-11 14:15 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-12-10 10:10 . 2014-10-22 17:22 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24271E36-8565-43F0-8014-071EAB4EE2FD}\gapaengine.dll
    2014-12-09 05:37 . 2014-11-12 20:46 615624 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2014-12-08 11:33 . 2014-12-08 11:33 -------- d-----w- c:\programdata\Caphyon
    2014-12-08 11:32 . 2014-12-08 11:32 -------- d-----w- c:\users\Ramon\AppData\Roaming\Plagiarism Checker X, LLC
    2014-12-08 06:18 . 2014-12-08 06:18 -------- d-----w- c:\users\Ramon\AppData\Roaming\br.com.copySpider.gui.v15.CSGuiMain
    2014-12-08 06:18 . 2014-12-08 06:19 -------- d-----w- c:\users\Ramon\AppData\Local\CopySpider
    2014-12-08 06:17 . 2014-12-08 06:17 -------- d-----w- c:\program files (x86)\CopySpider
    2014-12-05 17:32 . 2014-12-05 17:37 -------- d-----w- c:\users\Ramon\AppData\Local\ElevatedDiagnostics
    2014-12-02 15:38 . 2014-12-02 15:38 -------- d-----w- c:\program files (x86)\Microsoft WSE
    2014-12-02 01:27 . 2014-12-02 01:27 -------- d-sh--w- c:\users\Ramon\AppData\Local\EmieBrowserModeList
    2014-11-29 10:42 . 2014-11-29 10:42 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
    2014-11-29 01:58 . 2014-11-29 01:58 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-11-29 01:58 . 2014-11-29 01:58 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-11-29 01:58 . 2014-11-29 01:58 -------- d-----w- c:\windows\SysWow64\Macromed
    2014-11-29 01:58 . 2014-11-29 01:58 -------- d-----w- c:\windows\system32\Macromed
    2014-11-29 01:56 . 2010-11-23 20:16 2565736 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2014-11-29 01:55 . 2014-11-29 01:55 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
    2014-11-29 01:54 . 2014-11-29 01:54 11944 ----a-w- c:\windows\system32\drivers\amdide64.sys
    2014-11-29 01:54 . 2014-11-29 01:54 83176 ----a-w- c:\windows\system32\drivers\amd_sata.sys
    2014-11-29 01:54 . 2014-11-29 01:54 43240 ----a-w- c:\windows\system32\drivers\amd_xata.sys
    2014-11-29 01:53 . 2014-11-29 01:53 4028928 ----a-w- c:\windows\system32\drivers\athrx.sys
    2014-11-29 01:53 . 2014-11-29 01:52 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    2014-11-29 01:52 . 2014-11-29 01:52 941784 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
    2014-11-29 01:52 . 2014-11-29 01:52 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
    2014-11-26 17:41 . 2014-11-26 17:41 -------- d-----w- c:\users\Ramon\abaqus_plugins
    2014-11-26 17:35 . 2014-11-26 17:35 -------- d-----w- c:\program files\Microsoft HPC Pack 2008 R2
    2014-11-26 17:35 . 2014-11-26 17:35 -------- d-----w- c:\programdata\DassaultSystemes
    2014-11-26 17:35 . 2014-11-26 17:35 -------- d-----w- c:\users\Ramon\AppData\Roaming\DassaultSystemes
    2014-11-26 17:35 . 2014-11-26 17:35 -------- d-----w- c:\users\Ramon\AppData\Local\DassaultSystemes
    2014-11-26 17:31 . 2014-11-26 17:31 -------- d--h--w- c:\program files (x86)\Zero G Registry
    2014-11-26 17:29 . 2014-11-26 17:29 -------- d-----w- c:\programdata\Macrovision
    2014-11-26 17:25 . 2014-11-26 17:25 -------- d--h--w- c:\users\Ramon\InstallAnywhere
    2014-11-25 15:59 . 2014-11-25 15:59 18638520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    2014-11-23 14:13 . 2010-08-30 10:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
    2014-11-23 14:13 . 2014-12-17 00:43 -------- d-----w- C:\AdwCleaner
    2014-11-23 14:09 . 2014-12-14 01:08 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
    2014-11-23 14:09 . 2014-12-14 01:10 -------- d-----w- c:\program files\Adware-Removal-Tool
    2014-11-23 14:09 . 2014-11-23 14:09 -------- d-----w- c:\program files\Common Files\Microsoft
    2014-11-22 14:36 . 2014-11-22 14:37 -------- d-----w- c:\programdata\Protexis
    2014-11-22 14:36 . 2014-11-22 14:37 -------- d-----w- c:\users\Ramon\AppData\Roaming\Corel
    2014-11-22 14:02 . 2014-11-22 14:02 -------- d-----w- c:\program files (x86)\Microsoft SDKs
    2014-11-22 14:02 . 2014-11-22 14:03 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
    2014-11-22 14:02 . 2014-11-22 14:02 -------- d-----w- c:\program files (x86)\gs
    2014-11-22 14:02 . 2014-11-22 14:02 -------- d-----w- c:\program files (x86)\Common Files\Corel
    2014-11-22 14:01 . 2014-11-22 14:01 -------- d-----w- c:\programdata\Corel
    2014-11-19 06:31 . 2014-11-19 06:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-11 14:37 . 2014-10-22 14:10 112710672 ----a-w- c:\windows\system32\MRT.exe
    2014-11-13 00:20 . 2014-10-21 02:33 74056 ----a-w- c:\windows\system32\OpenCL.dll
    2014-11-13 00:20 . 2014-10-21 02:33 59592 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-11-13 00:20 . 2014-10-21 02:15 989056 ----a-w- c:\windows\system32\nvumdshimx.dll
    2014-11-13 00:20 . 2014-10-21 02:15 3262784 ----a-w- c:\windows\system32\nvapi64.dll
    2014-11-13 00:20 . 2014-10-21 02:15 2874456 ----a-w- c:\windows\SysWow64\nvapi.dll
    2014-11-13 00:20 . 2014-10-21 02:15 20986592 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2014-11-13 00:20 . 2014-10-21 02:15 18514616 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2014-11-13 00:20 . 2014-10-21 02:15 16884632 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2014-11-12 21:56 . 2014-10-21 02:33 6897352 ----a-w- c:\windows\system32\nvcpl.dll
    2014-11-12 21:56 . 2014-10-21 02:33 3534152 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-11-12 21:56 . 2014-10-21 02:33 934032 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-11-12 21:56 . 2014-10-21 02:33 62608 ----a-w- c:\windows\system32\nvshext.dll
    2014-11-12 21:56 . 2014-10-21 02:33 386368 ----a-w- c:\windows\system32\nvmctray.dll
    2014-11-12 21:56 . 2014-10-21 02:33 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
    2014-11-11 10:29 . 2014-10-21 02:33 4100776 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-11-06 17:06 . 2014-10-21 02:54 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2014-11-06 17:06 . 2014-10-21 02:54 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2014-11-06 17:06 . 2014-10-21 02:54 2800296 ----a-w- c:\windows\system32\nvspcap64.dll
    2014-11-06 17:06 . 2014-10-21 02:54 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
    2014-11-04 00:04 . 2014-11-16 14:18 1876296 ----a-w- c:\windows\system32\nvdispco6434465.dll
    2014-11-04 00:04 . 2014-11-16 14:18 1539272 ----a-w- c:\windows\system32\nvdispgenco6434465.dll
    2014-10-30 11:25 . 2014-10-20 18:27 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-10-30 03:13 . 2014-10-30 03:13 16896 ----a-w- c:\windows\AsTaskSched.dll
    2014-10-25 01:57 . 2014-11-15 15:41 77824 ----a-w- c:\windows\system32\packager.dll
    2014-10-25 01:32 . 2014-11-15 15:41 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-24 19:47 . 2014-10-24 19:47 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2014-10-24 19:47 . 2014-10-24 19:47 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2014-10-24 12:43 . 2014-10-24 12:43 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2014-10-24 12:43 . 2014-10-24 12:43 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2014-10-24 12:43 . 2014-10-24 12:43 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
    2014-10-24 12:43 . 2014-10-24 12:43 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
    2014-10-24 12:43 . 2014-10-24 12:43 337408 ----a-w- c:\windows\SysWow64\html.iec
    2014-10-24 12:43 . 2014-10-24 12:43 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2014-10-24 12:43 . 2014-10-24 12:43 235008 ----a-w- c:\windows\system32\elshyph.dll
    2014-10-24 12:43 . 2014-10-24 12:43 182272 ----a-w- c:\windows\SysWow64\msls31.dll
    2014-10-24 12:43 . 2014-10-24 12:43 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
    2014-10-24 12:43 . 2014-10-24 12:43 139264 ----a-w- c:\windows\SysWow64\wextract.exe
    2014-10-24 12:43 . 2014-10-24 12:43 942592 ----a-w- c:\windows\system32\jsIntl.dll
    2014-10-24 12:43 . 2014-10-24 12:43 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2014-10-24 12:43 . 2014-10-24 12:43 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2014-10-24 12:43 . 2014-10-24 12:43 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2014-10-24 12:43 . 2014-10-24 12:43 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2014-10-24 12:43 . 2014-10-24 12:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2014-10-24 12:43 . 2014-10-24 12:43 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
    2014-10-24 12:43 . 2014-10-24 12:43 247808 ----a-w- c:\windows\system32\msls31.dll
    2014-10-24 12:43 . 2014-10-24 12:43 13312 ----a-w- c:\windows\SysWow64\mshta.exe
    2014-10-24 12:43 . 2014-10-24 12:43 13312 ----a-w- c:\windows\system32\msfeedssync.exe
    2014-10-24 12:43 . 2014-10-24 12:43 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2014-10-24 12:43 . 2014-10-24 12:43 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
    2014-10-24 12:43 . 2014-10-24 12:43 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2014-10-24 12:43 . 2014-10-24 12:43 81408 ----a-w- c:\windows\system32\icardie.dll
    2014-10-24 12:43 . 2014-10-24 12:43 77312 ----a-w- c:\windows\system32\tdc.ocx
    2014-10-24 12:43 . 2014-10-24 12:43 616104 ----a-w- c:\windows\system32\ieapfltr.dat
    2014-10-24 12:43 . 2014-10-24 12:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2014-10-24 12:43 . 2014-10-24 12:43 413696 ----a-w- c:\windows\system32\html.iec
    2014-10-24 12:43 . 2014-10-24 12:43 30208 ----a-w- c:\windows\system32\licmgr10.dll
    2014-10-24 12:43 . 2014-10-24 12:43 243200 ----a-w- c:\windows\system32\webcheck.dll
    2014-10-24 12:43 . 2014-10-24 12:43 235520 ----a-w- c:\windows\system32\url.dll
    2014-10-24 12:43 . 2014-10-24 12:43 167424 ----a-w- c:\windows\system32\iexpress.exe
    2014-10-24 12:43 . 2014-10-24 12:43 143872 ----a-w- c:\windows\system32\wextract.exe
    2014-10-24 12:43 . 2014-10-24 12:43 105984 ----a-w- c:\windows\system32\iesysprep.dll
    2014-10-24 12:43 . 2014-10-24 12:43 101376 ----a-w- c:\windows\system32\inseng.dll
    2014-10-24 12:43 . 2014-10-24 12:43 774144 ----a-w- c:\windows\system32\jscript.dll
    2014-10-24 12:43 . 2014-10-24 12:43 62464 ----a-w- c:\windows\system32\pngfilt.dll
    2014-10-24 12:43 . 2014-10-24 12:43 48128 ----a-w- c:\windows\system32\imgutil.dll
    2014-10-24 12:43 . 2014-10-24 12:43 147968 ----a-w- c:\windows\system32\occache.dll
    2014-10-24 12:43 . 2014-10-24 12:43 13824 ----a-w- c:\windows\system32\mshta.exe
    2014-10-24 12:43 . 2014-10-24 12:43 135680 ----a-w- c:\windows\system32\iepeers.dll
    2014-10-22 17:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2014-10-22 17:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2014-10-22 17:22 . 2014-11-03 04:48 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-10-21 03:59 . 2014-10-21 03:59 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2014-10-20 22:36 . 2014-10-20 22:36 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
    2014-10-20 19:04 . 2014-10-20 19:04 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-10-20 18:44 . 2014-10-20 18:44 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-18 02:05 . 2014-11-15 15:40 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-18 01:33 . 2014-11-15 15:40 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-10-14 02:16 . 2014-11-15 15:42 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-10-14 02:13 . 2014-11-15 15:42 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 02:13 . 2014-11-15 15:41 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 02:12 . 2014-11-15 15:42 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-14 02:09 . 2014-11-15 15:42 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-14 02:07 . 2014-11-15 15:42 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-14 01:50 . 2014-11-15 15:42 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-10-14 01:50 . 2014-11-15 15:41 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-10-14 01:49 . 2014-11-15 15:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-10-14 01:47 . 2014-11-15 15:42 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2014-10-14 01:46 . 2014-11-15 15:42 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
    2014-10-10 00:57 . 2014-11-15 15:41 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-10-03 19:23 . 2014-11-15 12:52 38216 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2014-10-03 19:23 . 2014-10-21 02:15 35144 ----a-w- c:\windows\system32\nvaudcap64v.dll
    2014-10-03 19:23 . 2014-11-15 12:52 32584 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2014-10-03 02:12 . 2014-11-15 15:41 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-10-03 02:11 . 2014-11-15 15:41 284672 ----a-w- c:\windows\system32\EncDump.dll
    2014-10-03 02:11 . 2014-11-15 15:41 680960 ----a-w- c:\windows\system32\audiosrv.dll
    2014-10-03 02:11 . 2014-11-15 15:41 440832 ----a-w- c:\windows\system32\AudioEng.dll
    2014-10-03 02:11 . 2014-11-15 15:41 296448 ----a-w- c:\windows\system32\AudioSes.dll
    2014-10-03 01:44 . 2014-11-15 15:41 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:44 . 2014-11-15 15:41 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt1"]
    @= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt2"]
    @= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt3"]
    @= "{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt4"]
    @= "{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt5"]
    @= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt6"]
    @= "{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt7"]
    @= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt8"]
    @= "{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Pro Agent "= "k:\programas diversos - instalados\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
    "CCleaner Monitoring "= "c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
    "Autodesk Sync "= "c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync "= "c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
    "Diebold - Warsaw "= "c:\program files (x86)\Diebold\Warsaw\core.exe" [2014-07-12 518968]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Autodesk Sync "= "c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{E37CB5F0-51F5-4395-A808-5FA49E399008} "= "c:\program files (x86)\GbPlugin\gbiehuni.dll" [2014-08-12 1760312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
    2014-08-12 16:19 1760312 ----a-w- c:\program files (x86)\GbPlugin\gbiehuni.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
    R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 cpuz138;cpuz138;c:\users\Ramon\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Ramon\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
    R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
    R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys;c:\windows\SYSNATIVE\drivers\nvflash.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
    R3 ssdudfu;SAMSUNG Mobile USB DFU2 Device;c:\windows\system32\DRIVERS\ssdudfu.sys;c:\windows\SYSNATIVE\DRIVERS\ssdudfu.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
    S1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\DRIVERS\VDiskBus64.sys;c:\windows\SYSNATIVE\DRIVERS\VDiskBus64.sys [x]
    S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
    S2 AODDriver4.3.0;AODDriver4.3.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
    S2 ASDiskUnlocker;ASDiskUnlocker;c:\program files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe;c:\program files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 Warsaw Technology;Warsaw Technology;c:\program files (x86)\Diebold\Warsaw\core.exe;c:\program files (x86)\Diebold\Warsaw\core.exe [x]
    S3 ASFLTDrv.sys;ASFLTDrv.sys;c:\program files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys;c:\program files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- =Outros Serviços/Drivers Na Memória ---
    .
    *NewlyCreated* - ASFLTDRV.SYS
    *Deregistered* - mbamchameleon
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-12-11 21:51 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2014-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-29 01:58]
    .
    2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 18:35]
    .
    2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 18:35]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt1"]
    @= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt2"]
    @= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt3"]
    @= "{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt4"]
    @= "{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt5"]
    @= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt6"]
    @= "{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt7"]
    @= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt8"]
    @= "{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} "
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-10-21 19:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} "
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-10-21 19:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} "
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-10-21 19:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} "
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-10-21 19:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} "
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-10-21 19:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvBackend "= "c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
    "ShadowPlay "= "c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-11-29 7575768]
    .
    ------- Scan Suplementar -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    IE: &Enviar para o OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    Trusted Zone: itau.com.br
    Trusted Zone: itau.com.br\bankline
    Trusted Zone: itau.com.br\clickbanking
    Trusted Zone: itau.com.br\guardiao
    Trusted Zone: itau.com.br\www
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\3xpvdrgi.default\
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    AddRemove-{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1 - c:\users\Ramon\AppData\Roaming\unins000.exe
    .
    .
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker6 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.15 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker3 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @= "{6EF568F4-D437-4466-AA63-A3645136D93E} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker6 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @= "{6EF568F4-D437-4466-AA63-A3645136D93E} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker2 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @= "{6EF568F4-D437-4466-AA63-A3645136D93E} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key "= "ActionsPane3 "
    "Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Tempo para conclusão: 2014-12-17 09:17:01
    ComboFix-quarantined-files.txt 2014-12-17 11:17
    ComboFix2.txt 2014-12-14 19:37
    .
    Pré-execução: 42.907.803.648 bytes disponíveis
    Pós execução: 42.338.926.592 bytes disponíveis
    .
    - - End Of File - - 50509948602ABAEA35AF39DD39D153C9
    A36C5E4F47E84449FF07ED3517B43A31
     
  7. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    Please download AdwCleaner by Xplode onto your desktop.
    DONE
    # AdwCleaner v4.105 - Relatório criado 17/12/2014 às 09:24:28
    # Atualizado 08/12/2014 por Xplode
    # Database : 2014-12-16.1 [Live]
    # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Usuário : Ramon - RAMON-PC
    # Executando de : C:\Users\Ramon\Desktop\adwcleaner_4.105.exe
    # Opção : Limpar

    ***** [ Serviços ] *****


    ***** [ Arquivos / Pastas ] *****


    ***** [ Tarefas ] *****

    Tarefa Deletedo : Driver Booster Scan
    Tarefa Deletedo : Driver Booster Update

    ***** [ Atalhos ] *****


    ***** [ Registro ] *****

    Chave Deletedo : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

    ***** [ Navegadores ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v33.0 (x86 pt-BR)


    -\\ Google Chrome v39.0.2171.95


    *************************

    AdwCleaner[R0].txt - [2049 octets] - [23/11/2014 12:13:12]
    AdwCleaner[R1].txt - [1246 octets] - [13/12/2014 23:15:23]
    AdwCleaner[R2].txt - [1037 octets] - [16/12/2014 22:42:31]
    AdwCleaner[R3].txt - [1422 octets] - [17/12/2014 09:22:27]
    AdwCleaner[S0].txt - [2020 octets] - [23/11/2014 12:13:58]
    AdwCleaner[S1].txt - [1243 octets] - [13/12/2014 23:17:11]
    AdwCleaner[S2].txt - [1324 octets] - [17/12/2014 09:24:28]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1384 octets] ##########

    ______________________________________________________________________

    Please download Junkware Removal Tool to your desktop.
    DONE

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Ramon on 17/12/2014 at 9:29:18,35
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\DRIVERBOOSTER.EXE-11CC72FC.pf



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 17/12/2014 at 9:32:07,58
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    DONE

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
    Ran by Ramon (administrator) on RAMON-PC on 17-12-2014 09:36:04
    Running from C:\Users\Ramon\Desktop
    Loaded Profile: Ramon (Available profiles: Ramon)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
    () C:\Windows\SysWOW64\ASGT.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (DT Soft Ltd) K:\Programas Diversos - Instalados\DAEMON Tools Pro\DTShellHlp.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
    () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-11-28] (Realtek Semiconductor)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Diebold - Warsaw] => C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
    Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Run: [DAEMON Tools Pro Agent] => K:\Programas Diversos - Instalados\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Policies\Explorer: []
    HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\3xpvdrgi.default
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2815827584-2808248378-3256661377-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ramon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-2815827584-2808248378-3256661377-1000: gastecnologia.com.br/sf/uni -> C:\Users\Ramon\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
    FF HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Ramon\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
    FF Extension: Guardião - Itaú 30 horas - C:\Users\Ramon\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-10-22]

    Chrome:
    =======
    CHR Profile: C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Apresentações) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-20]
    CHR Extension: (Google Docs) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20]
    CHR Extension: (Google Drive) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]
    CHR Extension: (YouTube) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]
    CHR Extension: (Adblock Plus) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-20]
    CHR Extension: (Pesquisa do Google) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]
    CHR Extension: (Planilhas do Google) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-20]
    CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-10-22]
    CHR Extension: (Google Wallet) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]
    CHR Extension: (Gmail) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
    S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
    R2 ASDiskUnlocker; C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [258688 2010-12-02] (ASUSTeK Computer Inc.)
    R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
    R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
    R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-10-24] ()
    R2 Warsaw Technology; C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
    R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-10-21] (DT Soft Ltd)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-11-29] (REALiX(tm))
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15648 2013-04-19] ()
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
    S3 ssdudfu; C:\Windows\System32\DRIVERS\ssdudfu.sys [101960 2014-06-16] (MCCI)
    R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [43136 2010-09-21] (ASUSTeK Computer Inc.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz138; \??\C:\Users\Ramon\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
     
  9. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
    Ran by Ramon (administrator) on RAMON-PC on 17-12-2014 09:36:04
    Running from C:\Users\Ramon\Desktop
    Loaded Profile: Ramon (Available profiles: Ramon)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
    () C:\Windows\SysWOW64\ASGT.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (DT Soft Ltd) K:\Programas Diversos - Instalados\DAEMON Tools Pro\DTShellHlp.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
    () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-11-28] (Realtek Semiconductor)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Diebold - Warsaw] => C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
    Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Run: [DAEMON Tools Pro Agent] => K:\Programas Diversos - Instalados\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Policies\Explorer: []
    HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\3xpvdrgi.default
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2815827584-2808248378-3256661377-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ramon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-2815827584-2808248378-3256661377-1000: gastecnologia.com.br/sf/uni -> C:\Users\Ramon\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
    FF HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Ramon\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
    FF Extension: Guardião - Itaú 30 horas - C:\Users\Ramon\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-10-22]

    Chrome:
    =======
    CHR Profile: C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Apresentações) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-20]
    CHR Extension: (Google Docs) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20]
    CHR Extension: (Google Drive) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]
    CHR Extension: (YouTube) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]
    CHR Extension: (Adblock Plus) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-20]
    CHR Extension: (Pesquisa do Google) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]
    CHR Extension: (Planilhas do Google) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-20]
    CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-10-22]
    CHR Extension: (Google Wallet) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]
    CHR Extension: (Gmail) - C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
    S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
    R2 ASDiskUnlocker; C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [258688 2010-12-02] (ASUSTeK Computer Inc.)
    R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
    R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
    R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-10-24] ()
    R2 Warsaw Technology; C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
    R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-10-21] (DT Soft Ltd)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-11-29] (REALiX(tm))
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15648 2013-04-19] ()
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
    S3 ssdudfu; C:\Windows\System32\DRIVERS\ssdudfu.sys [101960 2014-06-16] (MCCI)
    R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [43136 2010-09-21] (ASUSTeK Computer Inc.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz138; \??\C:\Users\Ramon\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
     
  10. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    ========================== Drivers MD5 =======================

    C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AiCharger.sys A41B855EDC1F141851E27F984827942C
    C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
    C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
    C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys E21DECAFC572EEF6F63D9513BA8F8817
    C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
    C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys 2921131F9A111FD6C6D2C5E1E5B6B75C
    C:\Windows\SysWow64\drivers\AsIO.sys A82C01606DC27D05D9D3BFB6BB807E32
    C:\Windows\SysWow64\drivers\AsUpIO.sys 26D66E32E78D3059715B3A17BC679CD9
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\athrx.sys 0E5AC20F34E22766647F33F66F1E4D55
    C:\Windows\System32\DRIVERS\AtiPcie.sys C07A040D6B5A42DD41EE386CF90974C8
    C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
    C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 1ED08A6264C5C92099D6D1DAE5E8F530
    C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
    C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
    C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
    C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
    C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
    C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
    C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS E5805896A55D4166C20F216249F40FA3
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
    C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\RTKVHD64.sys 589B94A9B73A0E819FF873743A480834
    C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
    C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
    C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
    C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
    C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
    C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
    C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ASACPI.sys 19B006B181E3875FD254F7B67ACF1E7C
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\NisDrvWFP.sys F9EEFFC65C68A45001D1349E652B8B6F
    C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
    C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\system32\drivers\nvflash.sys 385044010950C76471A4F1AE47435157
    C:\Windows\System32\drivers\nvhda64v.sys C87B11EB78428853F9E8495C47E53C10
    C:\Windows\System32\DRIVERS\nvlddmkm.sys 185B4FFECD886A424B57B58AE173FBBE
    C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
    C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 63734B0FBD8E6DAF841AD3DD47DEFFFB
    C:\Windows\System32\drivers\nvvad64v.sys 1FE5C1F4CCA8EAEA75C90FB2A85D9CC3
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
    C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
    C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
    C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\Rt64win7.sys 7B486E26DCA97766F3617A395690E76A
    C:\Windows\System32\DRIVERS\RtNdPt60.sys E16B7C030A05EF649B18FAB0A93D871F
    C:\Windows\System32\DRIVERS\RtTeam60.sys 1DE78F5008120CD79B34C12394DCD493
    C:\Windows\System32\DRIVERS\RtVlan620.sys ED0624ED83121E1BC141F49B1316CAA0
    C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
    C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
    C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
    C:\Windows\System32\DRIVERS\ssdudfu.sys 29011AE5334C1E1A3141B7BE199858FC
    C:\Windows\System32\DRIVERS\ss_bus.sys D21FF3592DAEE244EE8376830A672B52
    C:\Windows\System32\DRIVERS\ss_mdfl.sys 451DB3D10E6112E06B4506D4A7BECEC1
    C:\Windows\System32\DRIVERS\ss_mdm.sys EF40C8A268A5263A0EF48FED8E57CBED
    C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
    C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
    C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
    C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
    C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
    C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
    C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
    C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
    C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
    C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
    C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
    C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
    C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
    C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
    C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
    C:\Windows\System32\DRIVERS\VDiskBus64.sys 1D3D716E05CAA17122DE65D0DBA4F6D7
    C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
    C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-17 09:36 - 2014-12-17 09:37 - 00033891 _____ () C:\Users\Ramon\Desktop\FRST.txt
    2014-12-17 09:35 - 2014-12-17 09:36 - 00000000 ____D () C:\FRST
    2014-12-17 09:35 - 2014-12-17 09:35 - 02119168 _____ (Farbar) C:\Users\Ramon\Desktop\FRST64.exe
    2014-12-17 09:32 - 2014-12-17 09:32 - 00000703 _____ () C:\Users\Ramon\Desktop\JRT.txt
    2014-12-17 09:29 - 2014-12-17 09:29 - 00000000 ____D () C:\Windows\ERUNT
    2014-12-17 09:28 - 2014-12-17 09:28 - 01707646 _____ (Thisisu) C:\Users\Ramon\Desktop\JRT.exe
    2014-12-17 09:26 - 2014-12-17 09:26 - 00001472 _____ () C:\Users\Ramon\Desktop\AdwCleaner[S2].txt
    2014-12-17 09:17 - 2014-12-17 09:17 - 00040226 _____ () C:\ComboFix.txt
    2014-12-17 09:01 - 2014-12-17 09:02 - 05601641 ____R (Swearware) C:\Users\Ramon\Desktop\ComboFix.exe
    2014-12-17 08:26 - 2014-12-17 08:26 - 00049842 _____ () C:\Users\Ramon\Desktop\dds.txt
    2014-12-17 08:26 - 2014-12-17 08:26 - 00012609 _____ () C:\Users\Ramon\Desktop\attach.txt
    2014-12-17 08:00 - 2014-12-17 09:25 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable)
    2014-12-17 08:00 - 2014-12-17 09:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-17 08:00 - 2014-12-17 08:00 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-17 07:52 - 2014-12-17 08:22 - 00000000 ____D () C:\Users\Ramon\Desktop\mbar
    2014-12-17 07:52 - 2014-12-17 07:52 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-17 07:50 - 2014-12-17 07:51 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Ramon\Desktop\mbar-1.08.2.1001.exe
    2014-12-17 07:46 - 2014-12-17 07:46 - 00005918 _____ () C:\Users\Ramon\Desktop\RKreport_DEL_12172014_074530.log
    2014-12-17 07:37 - 2014-12-17 07:37 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-12-17 07:37 - 2014-12-17 07:37 - 00000000 ___HD () C:\Program Files (x86)\GAS Tecnologia
    2014-12-17 07:37 - 2014-12-17 07:37 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller
    2014-12-17 07:37 - 2014-12-17 07:37 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-12-17 07:37 - 2014-12-17 07:37 - 00000000 ____D () C:\Program Files (x86)\Diebold
    2014-12-17 07:32 - 2014-12-17 07:34 - 18315864 _____ () C:\Users\Ramon\Desktop\RogueKillerX64.exe
    2014-12-14 18:10 - 2014-12-17 00:01 - 00000000 ____D () C:\LinhaDefensiva
    2014-12-14 18:00 - 2014-12-14 18:00 - 00001197 _____ () C:\Users\Ramon\Desktop\CrystalDiskInfo.lnk
    2014-12-14 18:00 - 2014-12-14 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
    2014-12-14 18:00 - 2014-12-14 18:00 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
    2014-12-14 17:27 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-12-14 17:27 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-12-14 17:27 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-12-14 17:27 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-12-14 17:27 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-12-14 17:27 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-12-14 17:27 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-12-14 17:27 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-12-14 17:25 - 2014-12-17 09:17 - 00000000 ____D () C:\Qoobox
    2014-12-14 17:24 - 2014-12-14 17:36 - 00000000 ____D () C:\Windows\erdnt
    2014-12-13 23:19 - 2014-12-17 00:03 - 00003610 _____ () C:\Windows\AutoKMS.log
    2014-12-13 23:18 - 2014-12-17 09:26 - 00002576 _____ () C:\Windows\setupact.log
    2014-12-13 23:18 - 2014-12-17 09:25 - 00006060 _____ () C:\Windows\PFRO.log
    2014-12-13 23:18 - 2014-12-13 23:18 - 00000000 _____ () C:\Windows\setuperr.log
    2014-12-13 23:14 - 2014-12-13 23:14 - 02166272 _____ () C:\Users\Ramon\Desktop\adwcleaner_4.105.exe
    2014-12-13 23:07 - 2014-12-13 23:07 - 00023310 _____ () C:\Users\Ramon\Documents\cc_20141213_230732.reg
    2014-12-13 23:00 - 2014-12-13 23:05 - 00000000 ____D () C:\Users\Ramon\Desktop\Juliana_2014
    2014-12-13 23:00 - 2014-12-13 23:00 - 00002120 _____ () C:\Users\Ramon\Desktop\Arquivos Pessoais_2014 - Atalho.lnk
    2014-12-13 23:00 - 2014-12-13 23:00 - 00000000 ____D () C:\Users\Ramon\Documents\Arquivos Pessoais_2014
    2014-12-13 18:33 - 2014-12-13 18:33 - 02097152 _____ () C:\Users\Ramon\Documents\BACKUP BIOS.ROM
    2014-12-11 12:42 - 2014-12-11 12:42 - 00000000 ____D () C:\Users\Usuário Padrão\Documents\Visual Studio 2008
    2014-12-11 12:42 - 2014-12-11 12:42 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
    2014-12-11 12:42 - 2014-12-11 12:42 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
    2014-12-11 12:34 - 2014-10-18 00:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-11 12:34 - 2014-10-17 23:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-12-11 12:34 - 2014-07-07 00:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-12-11 12:34 - 2014-07-07 00:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2014-12-11 12:34 - 2014-07-07 00:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2014-12-11 12:34 - 2014-07-07 00:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2014-12-11 12:34 - 2014-07-06 23:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2014-12-11 12:34 - 2014-07-06 23:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2014-12-11 12:34 - 2014-07-06 23:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2014-12-11 12:34 - 2014-07-06 23:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2014-12-11 12:27 - 2014-11-26 23:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-12-11 12:27 - 2014-11-26 23:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-12-11 12:27 - 2014-11-22 01:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-11 12:27 - 2014-11-22 01:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-11 12:27 - 2014-11-22 01:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-12-11 12:27 - 2014-11-22 00:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-11 12:27 - 2014-11-22 00:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-12-11 12:27 - 2014-11-22 00:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-11 12:27 - 2014-11-22 00:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-12-11 12:27 - 2014-11-22 00:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-12-11 12:27 - 2014-11-22 00:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-11 12:27 - 2014-11-22 00:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-12-11 12:27 - 2014-11-22 00:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-11 12:27 - 2014-11-22 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-11 12:27 - 2014-11-22 00:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-12-11 12:27 - 2014-11-22 00:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-11 12:27 - 2014-11-22 00:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-12-11 12:27 - 2014-11-22 00:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-12-11 12:27 - 2014-11-22 00:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-11 12:27 - 2014-11-22 00:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-11 12:27 - 2014-11-22 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-11 12:27 - 2014-11-22 00:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-12-11 12:27 - 2014-11-22 00:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-12-11 12:27 - 2014-11-22 00:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-11 12:27 - 2014-11-22 00:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-11 12:27 - 2014-11-22 00:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-12-11 12:27 - 2014-11-22 00:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-12-11 12:27 - 2014-11-22 00:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-11 12:27 - 2014-11-22 00:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-12-11 12:27 - 2014-11-22 00:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-11 12:27 - 2014-11-21 23:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-11 12:27 - 2014-11-21 23:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-12-11 12:27 - 2014-11-21 23:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-11 12:27 - 2014-11-21 23:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-11 12:27 - 2014-11-21 23:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-12-11 12:27 - 2014-11-21 23:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-11 12:27 - 2014-11-21 23:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-12-11 12:27 - 2014-11-21 23:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-12-11 12:27 - 2014-11-21 23:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-11 12:27 - 2014-11-21 23:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-11 12:27 - 2014-11-21 23:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-11 12:27 - 2014-11-21 23:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-12-11 12:27 - 2014-11-21 23:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-12-11 12:27 - 2014-11-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-11 12:27 - 2014-11-21 23:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-11 12:27 - 2014-11-21 23:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-11 12:27 - 2014-11-21 23:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-11 12:27 - 2014-11-21 23:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-11 12:27 - 2014-11-21 23:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-11 12:27 - 2014-11-21 23:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-12-11 12:27 - 2014-11-21 23:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-11 12:27 - 2014-11-21 23:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-11 12:27 - 2014-11-21 23:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-12-11 12:27 - 2014-11-21 23:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-11 12:27 - 2014-11-21 22:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-11 12:27 - 2014-11-21 22:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-12-11 12:15 - 2014-11-11 01:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-11 12:15 - 2014-11-11 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-12-11 12:15 - 2014-11-11 01:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-12-11 12:15 - 2014-11-11 00:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-11 12:15 - 2014-11-11 00:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-12-11 12:15 - 2014-11-11 00:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2014-12-11 12:15 - 2014-11-10 23:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-11 12:15 - 2014-11-08 01:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-11 12:15 - 2014-11-08 00:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-11 12:15 - 2014-10-30 00:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-11 12:15 - 2014-10-29 23:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2014-12-11 12:15 - 2014-10-03 00:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-11 12:15 - 2014-10-03 00:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-11 12:15 - 2014-10-03 00:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-11 12:15 - 2014-10-03 00:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-11 12:15 - 2014-10-03 00:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-11 12:15 - 2014-10-02 23:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2014-12-11 12:15 - 2014-10-02 23:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-11 12:15 - 2014-10-02 23:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2014-12-11 12:15 - 2014-10-02 23:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2014-12-11 12:15 - 2014-10-02 23:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-09 03:37 - 2014-11-12 18:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2014-12-09 03:34 - 2014-11-12 22:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2014-12-09 03:34 - 2014-11-12 22:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2014-12-09 03:34 - 2014-11-12 22:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2014-12-08 09:35 - 2014-12-08 09:35 - 00000000 ____D () C:\Users\Ramon\Documents\PlagiarismCheckerX
    2014-12-08 09:33 - 2014-12-08 09:33 - 00000362 _____ () C:\Users\Ramon\AppData\Local\winconf.pxt
    2014-12-08 09:33 - 2014-12-08 09:33 - 00000000 ____D () C:\Users\Todos os Usuários\Caphyon
    2014-12-08 09:33 - 2014-12-08 09:33 - 00000000 ____D () C:\ProgramData\Caphyon
    2014-12-08 09:32 - 2014-12-08 09:32 - 00000000 ____D () C:\Users\Ramon\AppData\Roaming\Plagiarism Checker X, LLC
    2014-12-08 04:18 - 2014-12-08 04:19 - 00000000 ____D () C:\Users\Ramon\AppData\Local\CopySpider
    2014-12-08 04:18 - 2014-12-08 04:18 - 00000000 ____D () C:\Users\Ramon\AppData\Roaming\br.com.copySpider.gui.v15.CSGuiMain
    2014-12-08 04:17 - 2014-12-08 04:17 - 00001232 _____ () C:\Users\Public\Desktop\CopySpider.lnk
    2014-12-08 04:17 - 2014-12-08 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CopySpider
    2014-12-08 04:17 - 2014-12-08 04:17 - 00000000 ____D () C:\Program Files (x86)\CopySpider
    2014-12-02 21:53 - 2014-12-02 21:53 - 00000047 _____ () C:\Windows\SysWOW64\local.cfg
    2014-12-02 13:45 - 2014-12-02 13:45 - 00000000 ____D () C:\Users\Ramon\Documents\Electronic Arts
    2014-12-02 13:38 - 2014-12-02 13:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
    2014-12-01 23:27 - 2014-12-01 23:27 - 00000000 __SHD () C:\Users\Ramon\AppData\Local\EmieBrowserModeList
    2014-11-29 23:12 - 2014-11-29 23:12 - 00000741 _____ () C:\Users\Ramon\Desktop\Heroes of Newerth.lnk
    2014-11-29 23:12 - 2014-11-29 23:12 - 00000000 ____D () C:\Users\Ramon\Documents\Heroes of Newerth
    2014-11-29 23:12 - 2014-11-29 23:12 - 00000000 ____D () C:\Users\Ramon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
    2014-11-29 23:12 - 2014-11-29 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
    2014-11-29 08:42 - 2014-11-29 08:42 - 00026528 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
    2014-11-29 00:42 - 2014-11-29 01:32 - 13512704 _____ () C:\Users\Ramon\AppData\Roaming\Sandra.mdb
    2014-11-29 00:41 - 2014-11-29 00:41 - 00000984 _____ () C:\Users\Public\Desktop\SiSoftware Sandra Business 2013.SP3.lnk
    2014-11-29 00:41 - 2014-11-29 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
    2014-11-28 23:58 - 2014-12-17 08:40 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-28 23:58 - 2014-11-28 23:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-11-28 23:58 - 2014-11-28 23:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-28 23:58 - 2014-11-28 23:58 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-28 23:58 - 2014-11-28 23:58 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
    2014-11-28 23:58 - 2014-11-28 23:58 - 00000000 ____D () C:\Windows\system32\Macromed
    2014-11-28 23:57 - 2010-11-23 18:44 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2014-11-28 23:57 - 2010-11-22 11:39 - 00626792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2014-11-28 23:57 - 2010-11-18 15:01 - 02186344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2014-11-28 23:57 - 2010-11-18 11:49 - 00121744 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
    2014-11-28 23:57 - 2010-11-08 18:36 - 00544768 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
    2014-11-28 23:57 - 2010-11-03 18:31 - 01146984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2014-11-28 23:57 - 2010-11-03 18:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 01327208 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 01179752 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 01111656 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 00504936 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 00491112 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 00475752 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 00317032 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 00269928 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 00266856 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 00126056 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 00125544 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
    2014-11-28 23:57 - 2010-11-03 18:29 - 00125032 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
    2014-11-28 23:57 - 2010-11-02 09:35 - 01718616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
    2014-11-28 23:57 - 2010-11-02 09:35 - 00127832 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
    2014-11-28 23:57 - 2010-11-02 09:34 - 00421720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
    2014-11-28 23:57 - 2010-11-02 09:34 - 00108888 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
    2014-11-28 23:57 - 2010-11-02 09:34 - 00074584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
    2014-11-28 23:57 - 2010-10-29 10:29 - 01937312 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2014-11-28 23:57 - 2010-10-03 14:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
    2014-11-28 23:57 - 2010-07-22 17:48 - 00220496 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFNHK64.dll
    2014-11-28 23:57 - 2010-07-22 17:48 - 00081232 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFCOM64.dll
    2014-11-28 23:57 - 2010-07-22 17:48 - 00078160 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFAPO64.dll
    2014-11-28 23:57 - 2010-07-22 17:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2014-11-28 23:57 - 2010-05-06 18:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
    2014-11-28 23:57 - 2009-11-17 18:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 02117424 _____ () C:\Windows\system32\SStudio.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
    2014-11-28 23:56 - 2014-11-28 23:56 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
    2014-11-28 23:56 - 2010-11-23 18:16 - 02565736 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2014-11-28 23:55 - 2014-11-28 23:55 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
    2014-11-28 23:55 - 2014-11-28 23:55 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
    2014-11-28 23:55 - 2014-11-28 23:55 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
    2014-11-28 23:55 - 2014-11-28 23:55 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2014-11-28 23:54 - 2014-11-28 23:54 - 00083176 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
    2014-11-28 23:54 - 2014-11-28 23:54 - 00043240 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
    2014-11-28 23:54 - 2014-11-28 23:54 - 00011944 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\amdide64.sys
    2014-11-28 23:53 - 2014-11-28 23:53 - 04028928 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
    2014-11-28 23:53 - 2014-11-28 23:52 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
    2014-11-28 23:52 - 2014-11-28 23:52 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
    2014-11-28 23:52 - 2014-11-28 23:52 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
    2014-11-28 23:43 - 2014-12-17 09:01 - 00002866 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Ramon)
    2014-11-28 23:43 - 2014-12-03 21:17 - 00001014 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
    2014-11-28 23:43 - 2014-11-28 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
    2014-11-28 21:45 - 2013-07-08 18:52 - 02551808 _____ (wPrime Systems) C:\Users\Ramon\Desktop\SuperPI.exe
    2014-11-26 15:41 - 2014-11-26 15:41 - 00000000 ____D () C:\Users\Ramon\abaqus_plugins
    2014-11-26 15:40 - 2014-11-26 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abaqus 6.12-1
    2014-11-26 15:35 - 2014-11-26 15:35 - 00000000 ____D () C:\Users\Todos os Usuários\DassaultSystemes
    2014-11-26 15:35 - 2014-11-26 15:35 - 00000000 ____D () C:\Users\Ramon\AppData\Roaming\DassaultSystemes
    2014-11-26 15:35 - 2014-11-26 15:35 - 00000000 ____D () C:\Users\Ramon\AppData\Local\DassaultSystemes
    2014-11-26 15:35 - 2014-11-26 15:35 - 00000000 ____D () C:\ProgramData\DassaultSystemes
    2014-11-26 15:35 - 2014-11-26 15:35 - 00000000 ____D () C:\Program Files\Microsoft HPC Pack 2008 R2
    2014-11-26 15:31 - 2014-11-26 15:31 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
    2014-11-26 15:29 - 2014-11-26 15:29 - 00000000 ____D () C:\Users\Todos os Usuários\Macrovision
    2014-11-26 15:29 - 2014-11-26 15:29 - 00000000 ____D () C:\ProgramData\Macrovision
    2014-11-26 15:26 - 2014-11-26 15:26 - 00000000 ____D () C:\Users\Ramon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SIMULIA FLEXnet Licensing
    2014-11-26 15:25 - 2014-11-26 15:25 - 00000000 ___HD () C:\Users\Ramon\InstallAnywhere
    2014-11-26 15:18 - 2014-11-26 15:18 - 00003032 _____ () C:\Windows\System32\Tasks\{1C96789D-1C2E-461B-A11C-867746E00D38}
    2014-11-26 15:11 - 2014-11-26 15:39 - 00000000 ____D () C:\Users\Ramon\Documents\Currículo
    2014-11-23 12:13 - 2014-12-17 09:24 - 00000000 ____D () C:\AdwCleaner
    2014-11-23 12:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-11-23 12:09 - 2014-12-13 23:10 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
    2014-11-23 12:09 - 2014-12-13 23:08 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
    2014-11-22 20:08 - 2014-11-22 20:08 - 00000937 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
    2014-11-22 15:32 - 2014-12-13 18:51 - 00007598 _____ () C:\Users\Ramon\AppData\Local\Resmon.ResmonCfg
    2014-11-22 12:43 - 2014-11-22 12:43 - 00000000 ____D () C:\Users\Ramon\Documents\Minhas paletas
    2014-11-22 12:36 - 2014-11-22 12:37 - 00000000 ____D () C:\Users\Todos os Usuários\Protexis
    2014-11-22 12:36 - 2014-11-22 12:37 - 00000000 ____D () C:\Users\Ramon\AppData\Roaming\Corel
    2014-11-22 12:36 - 2014-11-22 12:37 - 00000000 ____D () C:\ProgramData\Protexis
    2014-11-22 12:04 - 2014-11-22 12:43 - 00000000 ____D () C:\Users\Ramon\Documents\Corel
    2014-11-22 12:03 - 2014-11-22 12:03 - 00000000 ____D () C:\Users\Ramon\Documents\Visual Studio 2008
    2014-11-22 12:02 - 2014-11-22 12:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
    2014-11-22 12:02 - 2014-11-22 12:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
    2014-11-22 12:02 - 2014-11-22 12:02 - 00000000 ____D () C:\Program Files (x86)\gs
    2014-11-22 12:01 - 2014-11-22 12:01 - 00000000 ____D () C:\Users\Todos os Usuários\Corel
    2014-11-22 12:01 - 2014-11-22 12:01 - 00000000 ____D () C:\ProgramData\Corel
    2014-11-22 11:59 - 2014-11-22 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5
    2014-11-21 00:29 - 2014-11-21 00:29 - 00000000 ____D () C:\Users\Ramon\Documents\Heroes of Newerth (Latin America)
    2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
    2014-11-17 03:35 - 2014-11-17 03:35 - 00000135 _____ () C:\Windows\AutoKMS.ini
     
  11. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-17 09:33 - 2009-07-14 02:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-17 09:33 - 2009-07-14 02:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-17 09:29 - 2014-10-20 14:56 - 01526992 _____ () C:\Windows\WindowsUpdate.log
    2014-12-17 09:26 - 2014-10-20 16:35 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-17 09:25 - 2014-10-20 17:11 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
    2014-12-17 09:25 - 2014-10-20 17:11 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-12-17 09:25 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-17 09:15 - 2009-07-14 00:34 - 00000215 _____ () C:\Windows\system.ini
    2014-12-17 08:52 - 2014-10-20 16:35 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-17 08:00 - 2014-10-20 18:16 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
    2014-12-17 08:00 - 2014-10-20 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-17 07:37 - 2014-10-22 20:26 - 00001024 _____ () C:\.rnd
    2014-12-17 00:16 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-16 22:48 - 2014-10-21 01:45 - 00000000 ____D () C:\Users\Ramon\AppData\Roaming\uTorrent
    2014-12-16 22:28 - 2014-10-22 20:28 - 00000000 ____D () C:\Users\Todos os Usuários\boost_interprocess
    2014-12-16 22:28 - 2014-10-22 20:28 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-12-15 22:19 - 2009-07-29 14:08 - 00705798 _____ () C:\Windows\system32\prfh0416.dat
    2014-12-15 22:19 - 2009-07-29 14:08 - 00147638 _____ () C:\Windows\system32\prfc0416.dat
    2014-12-15 22:19 - 2009-07-14 03:13 - 01635826 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-15 10:50 - 2014-10-22 20:28 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
    2014-12-15 10:50 - 2014-10-22 20:28 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
    2014-12-14 17:32 - 2014-10-22 20:24 - 00000000 ____D () C:\Users\Todos os Usuários\Temp
    2014-12-14 17:32 - 2014-10-22 20:24 - 00000000 ____D () C:\ProgramData\Temp
    2014-12-13 23:05 - 2014-10-20 18:51 - 00000000 ____D () C:\Users\Todos os Usuários\ProductData
    2014-12-13 23:05 - 2014-10-20 18:51 - 00000000 ____D () C:\ProgramData\ProductData
    2014-12-13 19:22 - 2014-10-30 03:03 - 00000000 ____D () C:\Windows\pss
    2014-12-13 18:26 - 2014-10-20 18:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-11 14:35 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\rescache
    2014-12-11 13:35 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-12-11 12:43 - 2014-10-20 17:25 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
    2014-12-11 12:43 - 2014-10-20 17:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-11 12:40 - 2014-10-22 12:10 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-11 12:37 - 2014-10-22 12:10 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-09 03:37 - 2014-10-21 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2014-12-09 03:37 - 2014-10-21 00:33 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2014-12-05 15:36 - 2009-07-14 01:20 - 00000000 __RHD () C:\Users\Public\Libraries
    2014-12-03 21:57 - 2014-10-21 01:59 - 00000000 ____D () C:\Users\Ramon\AppData\Roaming\DAEMON Tools Pro
    2014-12-02 13:38 - 2009-07-14 03:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-12-02 13:33 - 2014-10-21 02:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-11-29 15:30 - 2014-10-24 17:51 - 00009495 _____ () C:\Users\Ramon\Documents\TombRaider.log
    2014-11-29 08:37 - 2014-10-30 03:02 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
    2014-11-28 23:43 - 2014-10-20 18:51 - 00000000 ____D () C:\Users\Todos os Usuários\IObit
    2014-11-28 23:43 - 2014-10-20 18:51 - 00000000 ____D () C:\ProgramData\IObit
    2014-11-26 15:41 - 2014-10-20 16:03 - 00000000 ____D () C:\Users\Ramon
    2014-11-26 15:26 - 2014-10-20 16:03 - 00000000 ____D () C:\Users\Ramon\AppData\Local\VirtualStore
    2014-11-26 15:16 - 2009-07-14 00:34 - 00000887 _____ () C:\Windows\system32\Drivers\etc\hosts.old
    2014-11-22 20:45 - 2009-07-14 02:45 - 00503256 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-22 20:08 - 2014-10-20 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    2014-11-22 20:08 - 2014-10-20 20:41 - 00000000 ____D () C:\Program Files\CPUID
    2014-11-22 12:36 - 2014-10-20 17:42 - 00149408 _____ () C:\Users\Ramon\AppData\Local\GDIPFONTCACHEV1.DAT

    Some content of TEMP:
    ====================
    C:\Users\Ramon\AppData\Local\Temp\Quarantine.exe
    C:\Users\Ramon\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    ==================== BCD ================================

    Gerenciador de Inicializa‡Æo do Windows
    --------------------
    identificador {bootmgr}
    device partition=\Device\HarddiskVolume1
    description Windows Boot Manager
    locale pt-BR
    inherit {globalsettings}
    default {current}
    resumeobject {ba0fe5fd-58ab-11e4-bb2a-bc199a746f3f}
    displayorder {current}
    toolsdisplayorder {memdiag}
    timeout 30

    Carregador de Inicializa‡Æo do Windows
    -------------------
    identificador {current}
    device partition=C:
    path \Windows\system32\winload.exe
    description Windows 7
    locale pt-BR
    inherit {bootloadersettings}
    recoverysequence {ba0fe5ff-58ab-11e4-bb2a-bc199a746f3f}
    recoveryenabled Yes
    osdevice partition=C:
    systemroot \Windows
    resumeobject {ba0fe5fd-58ab-11e4-bb2a-bc199a746f3f}
    nx OptIn
    usefirmwarepcisettings No

    Carregador de Inicializa‡Æo do Windows
    -------------------
    identificador {ba0fe5ff-58ab-11e4-bb2a-bc199a746f3f}
    device ramdisk=[C:]\Recovery\ba0fe5ff-58ab-11e4-bb2a-bc199a746f3f\Winre.wim,{ba0fe600-58ab-11e4-bb2a-bc199a746f3f}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    inherit {bootloadersettings}
    osdevice ramdisk=[C:]\Recovery\ba0fe5ff-58ab-11e4-bb2a-bc199a746f3f\Winre.wim,{ba0fe600-58ab-11e4-bb2a-bc199a746f3f}
    systemroot \windows
    nx OptIn
    winpe Yes

    Continuar da Hiberna‡Æo
    ---------------------
    identificador {ba0fe5fd-58ab-11e4-bb2a-bc199a746f3f}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale pt-BR
    inherit {resumeloadersettings}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No

    Testador de Mem¢ria do Windows
    ---------------------
    identificador {memdiag}
    device partition=\Device\HarddiskVolume1
    path \boot\memtest.exe
    description Diagn¢stico de Mem¢ria do Windows
    locale pt-BR
    inherit {globalsettings}
    badmemoryaccess Yes

    Configura‡äes de EMS
    ------------
    identificador {emssettings}
    bootems Yes

    Configura‡äes do Depurador
    -----------------
    identificador {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    Defeitos de RAM
    -----------
    identificador {badmemory}

    Configura‡äes Globais
    ---------------
    identificador {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Configura‡äes do Carregador de Inicializa‡Æo
    --------------------
    identificador {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}

    Configura‡äes do Hypervisor
    -------------------
    identificador {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200
    Configura‡äes do Carregador de Retorno
    ----------------------
    identificador {resumeloadersettings}
    inherit {globalsettings}

    Op‡äes de dispositivo
    --------------
    identificador {ba0fe600-58ab-11e4-bb2a-bc199a746f3f}
    description Ramdisk Options
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\ba0fe5ff-58ab-11e4-bb2a-bc199a746f3f\boot.sdi



    LastRegBack: 2014-12-15 10:48

    ==================== End Of Log ============================
     
  12. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
    Ran by Ramon at 2014-12-17 09:37:30
    Running from C:\Users\Ramon\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
    Abaqus 6.12-1 (HKLM-x32\...\Abaqus 6.12-1) (Version: 6.12.0.0 - Dassault Systemes Simulia Corp.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
    Age of Empires III (HKLM-x32\...\InstallShield_{FABB02D6-A7FD-4845-A6FA-60C565516712}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
    AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.06.20 - )
    AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Nome de sua empresa:)
    Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
    ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
    ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
    ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
    ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
    ATI Catalyst Install Manager (HKLM\...\{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
    Atualizações da NVIDIA 16.13.65 (Version: 16.13.65 - NVIDIA Corporation) Hidden
    AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
    AutoCAD 2014 - Português - Brasil (Brazilian Portuguese) (Version: 19.1.18.0 - Autodesk) Hidden
    AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
    AutoCAD 2014 Language Pack - Português - Brasil (Brazilian Portuguese) (Version: 19.1.18.0 - Autodesk) Hidden
    Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
    Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
    Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
    Autodesk AutoCAD 2014 Language Pack - Português - Brasil (Brazilian Portuguese) (HKLM\...\AutoCAD 2014 Language Pack - Português - Brasil (Brazilian Portuguese)) (Version: 19.1.18.0 - Autodesk)
    Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
    Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
    Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.19.0 - Autodesk)
    Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
    Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
    Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
    CopySpider 1.1.12 (HKLM-x32\...\{5D8A8C41-C834-42C2-94DE-94A4B899BEAB}_is1) (Version: 1.1.12 - CopySpider Software)
    Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
    Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
    CPUID CPU-Z 1.71 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
    CrystalDiskInfo 6.2.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.2 - Crystal Dew World)
    DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
    Disk Unlocker (HKLM-x32\...\{FE73C47E-0FF8-47A6-A903-FFA827A4B43D}) (Version: 2.0.8 - ASUS)
    Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit)
    Dropbox (HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
    EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
    FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
    Flow (HKLM-x32\...\Flow) (Version: 1.0.0.0 - GameVicio)
    Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
    Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
    Google Chrome (HKLM-x32\...\{D0759C6C-1F01-345D-8F59-E3B43977D754}) (Version: 66.19.16488 - Google, Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
    GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
    Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.10.0.1 - )
    Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    K-Lite Codec Pack 10.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
    Metro Last Light (HKLM-x32\...\Metro Last Light_is1) (Version: - )
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack (HKLM\...\{D3299935-57F7-403A-9D7B-0B8F9F56F44B}) (Version: 3.0.2369.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Mozilla Firefox 33.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 pt-BR)) (Version: 33.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MyFreeCodec (HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\MyFreeCodec) (Version: - )
    Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
    Neverwinter Nights 2 - Platinum Edition (HKLM-x32\...\Neverwinter Nights 2 - Platinum Edition_is1) (Version: - )
    NVIDIA Driver de áudio HD 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
    NVIDIA Driver de controle do 3D Vision 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA Driver de gráficos 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA Driver do 3D Vision 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
    NVIDIA Software do sistema PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    Painel de controle da NVIDIA 344.75 (Version: 344.75 - NVIDIA Corporation) Hidden
    PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.92 - ASUSTeK Computer Inc.)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
    RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
    RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
    Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
    RESIDENT EVIL REVELATIONS (HKLM-x32\...\RESIDENT EVIL REVELATIONS_is1) (Version: - )
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
    SIMULIA FLEXnet License Server (HKLM-x32\...\SIMULIA FLEXnet License Server) (Version: 6.12.0.0 - Dassault Systemes Simulia Corp.)
    SIMULIA FLEXnet License Server (HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\SIMULIA FLEXnet License Server) (Version: 6.12.0.0 - Dassault Systemes Simulia Corp.)
    SiSoftware Sandra Business 2013.SP3 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.40.2013.5 - SiSoftware)
    SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
    Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
    Sleeping Dogs version 1.4 (HKLM-x32\...\Sleeping Dogs_is1) (Version: 1.4 - )
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
    System Requirements Lab Detection (HKLM-x32\...\{E362FA15-0E77-44B9-A604-575A01568F11}) (Version: 2.2.1.0 - Husdawg, LLC)
    TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
    The Amazing Spider-Man (HKLM-x32\...\The Amazing Spider-Man_is1) (Version: - )
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.632 - Electronic Arts)
    Tombraider (HKLM-x32\...\Tombraider_is1) (Version: - )
    Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    Unity Web Player (HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
    Visual C++ 2008 x64 Runtime - v9.0.30729.4967 (HKLM-x32\...\{2FD19779-BD96-31F4-954D-7C7FE546BFD1}.vc_x64runtime_30729_4967) (Version: 9.0.30729.4967 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.4967 (HKLM-x32\...\{EC1F1209-E48D-38B0-BE25-B37C6BFCF676}.vc_x86runtime_30729_4967) (Version: 9.0.30729.4967 - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Warsaw 1.3.1 (HKLM-x32\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Ramon\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Ramon\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> K:\Programas Diversos - Instalados\AutoDesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> K:\Programas Diversos - Instalados\AutoDesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> K:\Programas Diversos - Instalados\AutoDesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> K:\Programas Diversos - Instalados\AutoDesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    11-12-2014 14:31:21 Windows Update
    14-12-2014 01:02:57 Removed Plagiarism Checker X
    14-12-2014 18:40:46 Backup do Windows
    14-12-2014 18:44:35 Windows Update
    17-12-2014 00:45:34 Revo Uninstaller's restore point - Warsaw 1.3.1
    17-12-2014 01:08:58 Driver Booster : Realtek PCIe GBE Family Controller
    17-12-2014 09:49:12 Antes do novo anti vírus
    17-12-2014 10:22:10 Malwarebytes Anti-Rootkit Restore Point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2014-12-14 17:34 - 2014-12-17 07:45 - 00000000 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {05D251FC-AC1E-49E0-B21F-83EE1534251B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {4A05A7C8-C8BF-4A82-A4D9-242CACB81ABD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {588B9C04-5C25-4073-8DCA-B89A8130F48D} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.12\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
    Task: {64C74EF8-6133-4C16-9C5C-1B17A505DD04} - System32\Tasks\Driver Booster SkipUAC (Ramon) => K:\Programas Diversos - Instalados\Driver Booster\DriverBooster.exe [2014-11-27] (IObit)
    Task: {6871850C-0CDE-42F9-A54A-1BF6BB0B8473} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
    Task: {8721C75E-D05E-4BD3-A68B-8B94CE798751} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-28] (Adobe Systems Incorporated)
    Task: {9660539B-654D-45C3-AD6E-CD484F89A612} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2009-12-28] ()
    Task: {B35D2B4F-14C8-4A88-A6A7-773CC63369B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
    Task: {C647FF1B-DE97-4C1F-B20A-F8875FB6B8AE} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
    Task: {D3D1A357-F979-4314-AEDD-18C2500E1E21} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-10-06] ()
    Task: {E6E95978-DA45-4732-A7E2-F2B5808FB3CC} - System32\Tasks\{1C96789D-1C2E-461B-A11C-867746E00D38} => pcalua.exe -a L:\setup.exe -d L:\
    Task: {E72570B1-2E43-408D-96DA-B1EC1CE7BB6E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-10-21 00:33 - 2014-11-12 19:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2009-12-15 17:40 - 2009-12-15 17:40 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
    2014-10-24 17:47 - 2014-10-24 17:47 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
    2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
    2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
    2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
    2009-12-15 17:40 - 2009-12-15 17:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    2009-12-15 17:41 - 2009-12-15 17:41 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2009-12-15 23:44 - 2009-12-15 23:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
    2014-10-29 23:54 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
    2014-10-29 23:54 - 2009-03-19 22:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
    2014-10-29 23:54 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
    2014-10-21 02:02 - 2014-10-21 01:54 - 00107520 ____R () K:\Programas Diversos - Instalados\DAEMON Tools Pro\BRD.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2014-12-11 19:55 - 2014-12-05 23:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2014-12-11 19:55 - 2014-12-05 23:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2014-12-11 19:55 - 2014-12-05 23:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-11 19:55 - 2014-12-05 23:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows\System32:5EB9D150_Uni.gbp

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Ramon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: ASUS Ai Charger => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
    MSCONFIG\startupreg: Cpu Level Up help => "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe "
    MSCONFIG\startupreg: KiesPDLR.exe => K:\Programas Diversos - Instalados\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
    MSCONFIG\startupreg: KiesTrayAgent => K:\Programas Diversos - Instalados\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    MSCONFIG\startupreg: Turbo Key => "C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe "

    ========================= Accounts: ==========================

    Administrador (S-1-5-21-2815827584-2808248378-3256661377-500 - Administrator - Disabled)
    Convidado (S-1-5-21-2815827584-2808248378-3256661377-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2815827584-2808248378-3256661377-1002 - Limited - Enabled)
    Ramon (S-1-5-21-2815827584-2808248378-3256661377-1000 - Administrator - Enabled) => C:\Users\Ramon

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-12-14 17:33:52.924
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-14 17:33:52.846
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-6300 Six-Core Processor
    Percentage of memory in use: 24%
    Total physical RAM: 8174.12 MB
    Available physical RAM: 6149.72 MB
    Total Pagefile: 16346.41 MB
    Available Pagefile: 14176.85 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.79 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:100.49 GB) (Free:39.26 GB) NTFS
    Drive d: (Instaladores & UFOP) (Fixed) (Total:197.5 GB) (Free:181.07 GB) NTFS
    Drive j: (Backup_RamonPC) (Fixed) (Total:100.59 GB) (Free:40.15 GB) NTFS
    Drive k: (Programas) (Fixed) (Total:365.17 GB) (Free:248.44 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A1BC18F3)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=100.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=197.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 465.8 GB) (Disk ID: 0F7748F4)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  13. 2014/12/17
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
    Ran by Ramon at 2014-12-17 09:37:30
    Running from C:\Users\Ramon\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
    Abaqus 6.12-1 (HKLM-x32\...\Abaqus 6.12-1) (Version: 6.12.0.0 - Dassault Systemes Simulia Corp.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
    Age of Empires III (HKLM-x32\...\InstallShield_{FABB02D6-A7FD-4845-A6FA-60C565516712}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
    AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.06.20 - )
    AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Nome de sua empresa:)
    Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
    ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
    ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
    ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
    ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
    ATI Catalyst Install Manager (HKLM\...\{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
    Atualizações da NVIDIA 16.13.65 (Version: 16.13.65 - NVIDIA Corporation) Hidden
    AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
    AutoCAD 2014 - Português - Brasil (Brazilian Portuguese) (Version: 19.1.18.0 - Autodesk) Hidden
    AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
    AutoCAD 2014 Language Pack - Português - Brasil (Brazilian Portuguese) (Version: 19.1.18.0 - Autodesk) Hidden
    Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
    Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
    Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
    Autodesk AutoCAD 2014 Language Pack - Português - Brasil (Brazilian Portuguese) (HKLM\...\AutoCAD 2014 Language Pack - Português - Brasil (Brazilian Portuguese)) (Version: 19.1.18.0 - Autodesk)
    Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
    Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
    Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.19.0 - Autodesk)
    Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
    Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
    Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
    CopySpider 1.1.12 (HKLM-x32\...\{5D8A8C41-C834-42C2-94DE-94A4B899BEAB}_is1) (Version: 1.1.12 - CopySpider Software)
    Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
    Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
    CPUID CPU-Z 1.71 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
    CrystalDiskInfo 6.2.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.2 - Crystal Dew World)
    DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
    Disk Unlocker (HKLM-x32\...\{FE73C47E-0FF8-47A6-A903-FFA827A4B43D}) (Version: 2.0.8 - ASUS)
    Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit)
    Dropbox (HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
    EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
    FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
    Flow (HKLM-x32\...\Flow) (Version: 1.0.0.0 - GameVicio)
    Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
    Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
    Google Chrome (HKLM-x32\...\{D0759C6C-1F01-345D-8F59-E3B43977D754}) (Version: 66.19.16488 - Google, Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
    GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
    Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.10.0.1 - )
    Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    K-Lite Codec Pack 10.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
    Metro Last Light (HKLM-x32\...\Metro Last Light_is1) (Version: - )
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack (HKLM\...\{D3299935-57F7-403A-9D7B-0B8F9F56F44B}) (Version: 3.0.2369.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Mozilla Firefox 33.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 pt-BR)) (Version: 33.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MyFreeCodec (HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\MyFreeCodec) (Version: - )
    Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
    Neverwinter Nights 2 - Platinum Edition (HKLM-x32\...\Neverwinter Nights 2 - Platinum Edition_is1) (Version: - )
    NVIDIA Driver de áudio HD 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
    NVIDIA Driver de controle do 3D Vision 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA Driver de gráficos 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA Driver do 3D Vision 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
    NVIDIA Software do sistema PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    Painel de controle da NVIDIA 344.75 (Version: 344.75 - NVIDIA Corporation) Hidden
    PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.92 - ASUSTeK Computer Inc.)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
    RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
    RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
    Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
    RESIDENT EVIL REVELATIONS (HKLM-x32\...\RESIDENT EVIL REVELATIONS_is1) (Version: - )
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
    SIMULIA FLEXnet License Server (HKLM-x32\...\SIMULIA FLEXnet License Server) (Version: 6.12.0.0 - Dassault Systemes Simulia Corp.)
    SIMULIA FLEXnet License Server (HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\SIMULIA FLEXnet License Server) (Version: 6.12.0.0 - Dassault Systemes Simulia Corp.)
    SiSoftware Sandra Business 2013.SP3 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.40.2013.5 - SiSoftware)
    SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
    Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
    Sleeping Dogs version 1.4 (HKLM-x32\...\Sleeping Dogs_is1) (Version: 1.4 - )
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
    System Requirements Lab Detection (HKLM-x32\...\{E362FA15-0E77-44B9-A604-575A01568F11}) (Version: 2.2.1.0 - Husdawg, LLC)
    TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
    The Amazing Spider-Man (HKLM-x32\...\The Amazing Spider-Man_is1) (Version: - )
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.632 - Electronic Arts)
    Tombraider (HKLM-x32\...\Tombraider_is1) (Version: - )
    Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    Unity Web Player (HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
    Visual C++ 2008 x64 Runtime - v9.0.30729.4967 (HKLM-x32\...\{2FD19779-BD96-31F4-954D-7C7FE546BFD1}.vc_x64runtime_30729_4967) (Version: 9.0.30729.4967 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.4967 (HKLM-x32\...\{EC1F1209-E48D-38B0-BE25-B37C6BFCF676}.vc_x86runtime_30729_4967) (Version: 9.0.30729.4967 - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Warsaw 1.3.1 (HKLM-x32\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Ramon\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Ramon\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> K:\Programas Diversos - Instalados\AutoDesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> K:\Programas Diversos - Instalados\AutoDesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> K:\Programas Diversos - Instalados\AutoDesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> K:\Programas Diversos - Instalados\AutoDesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2815827584-2808248378-3256661377-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ramon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    11-12-2014 14:31:21 Windows Update
    14-12-2014 01:02:57 Removed Plagiarism Checker X
    14-12-2014 18:40:46 Backup do Windows
    14-12-2014 18:44:35 Windows Update
    17-12-2014 00:45:34 Revo Uninstaller's restore point - Warsaw 1.3.1
    17-12-2014 01:08:58 Driver Booster : Realtek PCIe GBE Family Controller
    17-12-2014 09:49:12 Antes do novo anti vírus
    17-12-2014 10:22:10 Malwarebytes Anti-Rootkit Restore Point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2014-12-14 17:34 - 2014-12-17 07:45 - 00000000 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {05D251FC-AC1E-49E0-B21F-83EE1534251B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {4A05A7C8-C8BF-4A82-A4D9-242CACB81ABD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {588B9C04-5C25-4073-8DCA-B89A8130F48D} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.12\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
    Task: {64C74EF8-6133-4C16-9C5C-1B17A505DD04} - System32\Tasks\Driver Booster SkipUAC (Ramon) => K:\Programas Diversos - Instalados\Driver Booster\DriverBooster.exe [2014-11-27] (IObit)
    Task: {6871850C-0CDE-42F9-A54A-1BF6BB0B8473} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
    Task: {8721C75E-D05E-4BD3-A68B-8B94CE798751} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-28] (Adobe Systems Incorporated)
    Task: {9660539B-654D-45C3-AD6E-CD484F89A612} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2009-12-28] ()
    Task: {B35D2B4F-14C8-4A88-A6A7-773CC63369B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
    Task: {C647FF1B-DE97-4C1F-B20A-F8875FB6B8AE} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
    Task: {D3D1A357-F979-4314-AEDD-18C2500E1E21} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-10-06] ()
    Task: {E6E95978-DA45-4732-A7E2-F2B5808FB3CC} - System32\Tasks\{1C96789D-1C2E-461B-A11C-867746E00D38} => pcalua.exe -a L:\setup.exe -d L:\
    Task: {E72570B1-2E43-408D-96DA-B1EC1CE7BB6E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-10-21 00:33 - 2014-11-12 19:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2009-12-15 17:40 - 2009-12-15 17:40 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
    2014-10-24 17:47 - 2014-10-24 17:47 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
    2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
    2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
    2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
    2009-12-15 17:40 - 2009-12-15 17:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    2009-12-15 17:41 - 2009-12-15 17:41 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2009-12-15 23:44 - 2009-12-15 23:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
    2014-10-29 23:54 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
    2014-10-29 23:54 - 2009-03-19 22:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
    2014-10-29 23:54 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
    2014-10-21 02:02 - 2014-10-21 01:54 - 00107520 ____R () K:\Programas Diversos - Instalados\DAEMON Tools Pro\BRD.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2014-12-11 19:55 - 2014-12-05 23:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2014-12-11 19:55 - 2014-12-05 23:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2014-12-11 19:55 - 2014-12-05 23:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-11 19:55 - 2014-12-05 23:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows\System32:5EB9D150_Uni.gbp

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Ramon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: ASUS Ai Charger => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
    MSCONFIG\startupreg: Cpu Level Up help => "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe "
    MSCONFIG\startupreg: KiesPDLR.exe => K:\Programas Diversos - Instalados\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
    MSCONFIG\startupreg: KiesTrayAgent => K:\Programas Diversos - Instalados\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    MSCONFIG\startupreg: Turbo Key => "C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe "

    ========================= Accounts: ==========================

    Administrador (S-1-5-21-2815827584-2808248378-3256661377-500 - Administrator - Disabled)
    Convidado (S-1-5-21-2815827584-2808248378-3256661377-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2815827584-2808248378-3256661377-1002 - Limited - Enabled)
    Ramon (S-1-5-21-2815827584-2808248378-3256661377-1000 - Administrator - Enabled) => C:\Users\Ramon

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-12-14 17:33:52.924
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-14 17:33:52.846
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-6300 Six-Core Processor
    Percentage of memory in use: 24%
    Total physical RAM: 8174.12 MB
    Available physical RAM: 6149.72 MB
    Total Pagefile: 16346.41 MB
    Available Pagefile: 14176.85 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.79 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:100.49 GB) (Free:39.26 GB) NTFS
    Drive d: (Instaladores & UFOP) (Fixed) (Total:197.5 GB) (Free:181.07 GB) NTFS
    Drive j: (Backup_RamonPC) (Fixed) (Total:100.59 GB) (Free:40.15 GB) NTFS
    Drive k: (Programas) (Fixed) (Total:365.17 GB) (Free:248.44 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A1BC18F3)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=100.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=197.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 465.8 GB) (Disk ID: 0F7748F4)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

    ______________________________________

    Waiting for next step.

    Thx for all support guys!
     
  14. 2014/12/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================
     

    Attached Files:

  15. 2014/12/19
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    Hi Broni, thx for support me.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
    Ran by Ramon at 2014-12-19 21:17:45 Run:1
    Running from C:\Users\Ramon\Desktop
    Loaded Profile: Ramon (Available profiles: Ramon)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz138; \??\C:\Users\Ramon\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    AlternateDataStreams: C:\Windows\System32:5EB9D150_Uni.gbp

    *****************

    "HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    catchme => Service deleted successfully.
    cpuz138 => Service deleted successfully.
    Synth3dVsc => Service deleted successfully.
    tsusbhub => Service deleted successfully.
    VGPU => Service deleted successfully.
    C:\Windows\System32 => ":5EB9D150_Uni.gbp" ADS removed successfully.

    ==== End of Fixlog ====
     
  16. 2014/12/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  17. 2014/12/19
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.93
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Microsoft Security Essentials
    (On Access scanning disabled!)
    Error obtaining update status for antivirus!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 25
    Java version 32-bit out of Date!
    Adobe Reader XI
    Mozilla Firefox (33.0)
    Google Chrome (39.0.2171.71)
    Google Chrome (39.0.2171.95)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: =
    ````````````````````End of Log``````````````````````
     
  18. 2014/12/19
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    Farbar Service Scanner Version: 21-07-2014
    Ran by Ramon (administrator) on 19-12-2014 at 21:29:05
    Running from "C:\Users\Ramon\Desktop "
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall "=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware "=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  19. 2014/12/19
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 57311 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Ramon
    ->Temp folder emptied: 12458045 bytes
    ->Temporary Internet Files folder emptied: 6512265 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 8939535 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 57817 bytes

    User: Todos os Usuários

    User: Usuário Padrão
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 107552 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9602156 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 56349624 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 90,00 mb
     
  20. 2014/12/19
    terodne

    terodne Inactive Thread Starter

    Joined:
    2014/12/17
    Messages:
    21
    Likes Received:
    0
    2014-12-19 23:56:39.142 Sophos Virus Removal Tool version 2.5.4
    2014-12-19 23:56:39.142 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2014-12-19 23:56:39.142 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2014-12-19 23:56:39.142 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2014-12-19 23:56:39.144 Checking for updates...
    2014-12-19 23:56:44.568 Update progress: proxy server not available
    2014-12-19 23:56:47.881 Option all = no
    2014-12-19 23:56:47.881 Option recurse = yes
    2014-12-19 23:56:47.881 Option archive = no
    2014-12-19 23:56:47.881 Option service = yes
    2014-12-19 23:56:47.881 Option confirm = yes
    2014-12-19 23:56:47.881 Option sxl = yes
    2014-12-19 23:56:47.881 Option max-data-age = 35
    2014-12-19 23:56:47.881 Option EnableSafeClean = yes
    2014-12-19 23:56:49.851 Option vdl-logging = yes
    2014-12-19 23:56:49.866 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2014-12-19 23:56:49.866 Machine ID: 92a70eb3b7744d138ee6d1c14a687e43
    2014-12-19 23:56:49.866 Component SVRTcli.exe version 2.5.4
    2014-12-19 23:56:49.866 Component control.dll version 2.5.4
    2014-12-19 23:56:49.866 Component SVRTservice.exe version 2.5.4
    2014-12-19 23:56:49.866 Component engine\osdp.dll version 1.44.1.2183
    2014-12-19 23:56:49.866 Component engine\veex.dll version 3.58.3.2183
    2014-12-19 23:56:49.866 Component engine\savi.dll version 8.1.5.2183
    2014-12-19 23:56:49.866 Component rkdisk.dll version 1.5.30.0
    2014-12-19 23:56:49.866 Version info: Product version 2.5.4
    2014-12-19 23:56:49.866 Version info: Detection engine 3.58.3
    2014-12-19 23:56:49.866 Version info: Detection data 5.08
    2014-12-19 23:56:49.866 Version info: Build date 11/11/2014
    2014-12-19 23:56:49.866 Version info: Data files added 425
    2014-12-19 23:56:49.866 Version info: Last successful update (not yet updated)
    2014-12-19 23:57:34.026 Downloading updates...
    2014-12-19 23:57:34.026 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2014-12-19 23:57:34.026 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2014-12-19 23:57:34.026 Update progress: [I49502] Found supplement IDE509 LATEST
    2014-12-19 23:57:34.026 Update progress: [I49502] Found supplement IDE510 LATEST
    2014-12-19 23:57:34.026 Update progress: [I49502] Found supplement IDE511 LATEST
    2014-12-19 23:57:34.026 Update progress: [I49502] Found supplement IDE512 LATEST
    2014-12-19 23:57:34.026 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2014-12-19 23:57:34.026 Update progress: [I19463] Syncing product SAVIW32 48
    2014-12-19 23:57:40.170 Update progress: [I19463] Syncing product IDE509 177
    2014-12-19 23:57:42.126 Update progress: [I19463] Syncing product IDE510 179
    2014-12-19 23:57:42.126 Update progress: [I19463] Syncing product IDE511 73
    2014-12-19 23:57:42.796 Installing updates...
    2014-12-19 23:57:43.815 Error level 1
    2014-12-19 23:57:43.847 Update progress: [I19463] Syncing product IDE512 1
    2014-12-19 23:58:25.521 Update successful
    2014-12-19 23:58:47.460 Option all = no
    2014-12-19 23:58:47.460 Option recurse = yes
    2014-12-19 23:58:47.460 Option archive = no
    2014-12-19 23:58:47.460 Option service = yes
    2014-12-19 23:58:47.460 Option confirm = yes
    2014-12-19 23:58:47.460 Option sxl = yes
    2014-12-19 23:58:47.462 Option max-data-age = 35
    2014-12-19 23:58:47.462 Option EnableSafeClean = yes
    2014-12-19 23:58:47.505 Option vdl-logging = yes
    2014-12-19 23:58:47.507 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2014-12-19 23:58:47.507 Machine ID: 92a70eb3b7744d138ee6d1c14a687e43
    2014-12-19 23:58:47.508 Component SVRTcli.exe version 2.5.4
    2014-12-19 23:58:47.508 Component control.dll version 2.5.4
    2014-12-19 23:58:47.508 Component SVRTservice.exe version 2.5.4
    2014-12-19 23:58:47.508 Component engine\osdp.dll version 1.44.1.2183
    2014-12-19 23:58:47.508 Component engine\veex.dll version 3.58.3.2183
    2014-12-19 23:58:47.508 Component engine\savi.dll version 8.1.5.2183
    2014-12-19 23:58:47.508 Component rkdisk.dll version 1.5.30.0
    2014-12-19 23:58:47.508 Version info: Product version 2.5.4
    2014-12-19 23:58:47.509 Version info: Detection engine 3.58.3
    2014-12-19 23:58:47.509 Version info: Detection data 5.08G
    2014-12-19 23:58:47.509 Version info: Build date 11/11/2014
    2014-12-19 23:58:47.509 Version info: Data files added 426
    2014-12-19 23:58:47.509 Version info: Last successful update 19/12/2014 21:58:25

    2014-12-20 00:00:06.580 >>> Virus 'Mal/VMProtBad-A' found in file K:\Programas Diversos - Instalados\DAEMON Tools Pro\BRD.dll:pid:00001254:file
    2014-12-20 00:00:06.580 >>> Virus 'Mal/VMProtBad-A' found in file K:\Programas Diversos - Instalados\DAEMON Tools Pro\BRD.dll
    2014-12-20 00:00:06.580 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2014-12-20 00:00:06.580 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-2815827584-2808248378-3256661377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2014-12-20 00:00:06.580 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2014-12-20 00:00:08.615 The following items will be cleaned up:
    2014-12-20 00:00:08.615 Mal/VMProtBad-A
     
  21. 2014/12/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Is your firewall turned on?

    I'm asking because I see this in FSS log:

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
    "EnableFirewall "=DWORD:0
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.