Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

jrgiacon

Virus, site falso do Bradesco

9 posts neste tópico

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:11:08, on 5/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvraidservice.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Microsoft Url Search Hook - {cfbfae00-17a6-11d0-99cb-00c04fd64497} - C:\WINDOWS\system32\ieframe.dll

O1 - Hosts: 72.167.248.72 www.credicarditau.com.br

O1 - Hosts: 72.167.248.72 www.itaucard.com.br

O1 - Hosts: 72.167.248.72 itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 www.itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 www.itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bancoreal.com.br

O1 - Hosts: 72.167.248.72 www.itau.com.br

O1 - Hosts: 72.167.248.72 itau.com.br

O1 - Hosts: 72.167.248.72 www.bradesco.com.br

O1 - Hosts: 72.167.248.72 bradesco.com.br

O1 - Hosts: 72.167.248.72 www.gravames.com.br

O1 - Hosts: 72.167.248.72 www.megadata.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomicafederal.com.br

O1 - Hosts: 72.167.248.72 www.cef.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomica.com.br

O1 - Hosts: 72.167.248.72 www.caixa.gov.br

O1 - Hosts: 72.167.248.72 caixa.gov.br

O1 - Hosts: 72.167.248.72 www.caixa.com.br

O1 - Hosts: 72.167.248.72 caixa.com.br

O1 - Hosts: 72.167.248.72 www.cef.gov.br

O1 - Hosts: 72.167.248.72 santander.com.br

O1 - Hosts: 72.167.248.72 www.santander.com.br

O1 - Hosts: 72.167.248.72 banespa.com.br

O1 - Hosts: 72.167.248.72 www.banespa.com.br

O1 - Hosts: 72.167.248.72 santanderbanespa.com.br

O1 - Hosts: 72.167.248.72 www.santanderbanespa.com.br

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Arquivos de programas\Foxie Suite\foxietoolbaru.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Arquivos de programas\Foxie Suite\foxiecoreu.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Arquivos de programas\Foxie Suite\foxiecoreu.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Desktop.htm

O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Desktop.htm

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Arquivos de programas\Foxie Suite\Cleaner.exe

O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Arquivos de programas\Foxie Suite\Cleaner.exe

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Arquivos de programas\Foxie Suite\Sweeper.exe

O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Arquivos de programas\Foxie Suite\Sweeper.exe

O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - C:\Arquivos de programas\GutshotMPP\MPPoker.exe

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Arquivos de programas\PokerTimeMPP\MPPoker.exe

O9 - Extra button: All In Poker - {7FD14A80-30CB-434e-90A3-DEC1B1EA2014} - C:\Arquivos de programas\allinpokerMPP\MPPoker.exe

O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Arquivos de programas\Gnuf\Casino\casinogame.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: TowerTorneosPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\ARQUIV~1\TOWERT~4\TowerTorneosPoker.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Arquivos de programas\Gnuf\Poker\MPPoker.exe

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Infinity.htm

O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Infinity.htm

O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Arquivos de programas\royalvegasMPP\MPPoker.exe

O9 - Extra button: POKER - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Microgaming\Poker\PokermMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\USER\Menu Iniciar\Programas\Poker.com\Poker.com.lnk (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoker.com/download_helper/Nyoko.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:8995/etc/var/TVUAx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Microsoft.com/microsoftupdat...b?1163037104449

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://152.1.131.130/activex/AMC.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://193.130.144.41/media/visitorchat/TLIEFlash.CAB

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.218/g_bin/eng/billard8_2_0_0_23.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MySQLTSE - Unknown owner - C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 17238 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus e AntiSpyware para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download Banker FIX

Dê um duplo-clique em bankerfix.exe . Dê Enter.

O Internet Explorer será finalizado.aguarde a Ferramenta acabar. Isso pode demorar um pouco.

Quando terminar, aparecerá uma mensagem na tela e então dê Enter.

Poste um novo Log do HijackThis + o Relatorio.txt que encontrará em C:\LinhaDefensiva aqui mesmo neste Tópico clicando no segundo BOTÃO RESPONDER.

Depois pode apagar esta Pasta LinhaDefensiva. Habilite novamente o seu Antivírus



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Desabilite o seu Antivírus e AntiSpyware para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download Banker FIX

Dê um duplo-clique em bankerfix.exe . Dê Enter.

O Internet Explorer será finalizado.aguarde a Ferramenta acabar. Isso pode demorar um pouco.

Quando terminar, aparecerá uma mensagem na tela e então dê Enter.

Poste um novo Log do HijackThis + o Relatorio.txt que encontrará em C:\LinhaDefensiva aqui mesmo neste Tópico clicando no segundo BOTÃO RESPONDER.

Depois pode apagar esta Pasta LinhaDefensiva. Habilite novamente o seu Antivírus

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:47:33, on 5/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvraidservice.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Windows NT\Acessórios\WORDPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Microsoft Url Search Hook - {cfbfae00-17a6-11d0-99cb-00c04fd64497} - C:\WINDOWS\system32\ieframe.dll

O1 - Hosts: 72.167.248.72 www.credicarditau.com.br

O1 - Hosts: 72.167.248.72 www.itaucard.com.br

O1 - Hosts: 72.167.248.72 itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 www.itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 www.itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bancoreal.com.br

O1 - Hosts: 72.167.248.72 www.itau.com.br

O1 - Hosts: 72.167.248.72 itau.com.br

O1 - Hosts: 72.167.248.72 www.bradesco.com.br

O1 - Hosts: 72.167.248.72 bradesco.com.br

O1 - Hosts: 72.167.248.72 www.gravames.com.br

O1 - Hosts: 72.167.248.72 www.megadata.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomicafederal.com.br

O1 - Hosts: 72.167.248.72 www.cef.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomica.com.br

O1 - Hosts: 72.167.248.72 www.caixa.gov.br

O1 - Hosts: 72.167.248.72 caixa.gov.br

O1 - Hosts: 72.167.248.72 www.caixa.com.br

O1 - Hosts: 72.167.248.72 caixa.com.br

O1 - Hosts: 72.167.248.72 www.cef.gov.br

O1 - Hosts: 72.167.248.72 santander.com.br

O1 - Hosts: 72.167.248.72 www.santander.com.br

O1 - Hosts: 72.167.248.72 banespa.com.br

O1 - Hosts: 72.167.248.72 www.banespa.com.br

O1 - Hosts: 72.167.248.72 santanderbanespa.com.br

O1 - Hosts: 72.167.248.72 www.santanderbanespa.com.br

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Arquivos de programas\Foxie Suite\foxietoolbaru.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Arquivos de programas\Foxie Suite\foxiecoreu.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Arquivos de programas\Foxie Suite\foxiecoreu.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Desktop.htm

O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Desktop.htm

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Arquivos de programas\Foxie Suite\Cleaner.exe

O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Arquivos de programas\Foxie Suite\Cleaner.exe

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Arquivos de programas\Foxie Suite\Sweeper.exe

O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Arquivos de programas\Foxie Suite\Sweeper.exe

O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - C:\Arquivos de programas\GutshotMPP\MPPoker.exe

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Arquivos de programas\PokerTimeMPP\MPPoker.exe

O9 - Extra button: All In Poker - {7FD14A80-30CB-434e-90A3-DEC1B1EA2014} - C:\Arquivos de programas\allinpokerMPP\MPPoker.exe

O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Arquivos de programas\Gnuf\Casino\casinogame.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: TowerTorneosPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\ARQUIV~1\TOWERT~4\TowerTorneosPoker.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Arquivos de programas\Gnuf\Poker\MPPoker.exe

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Infinity.htm

O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Infinity.htm

O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Arquivos de programas\royalvegasMPP\MPPoker.exe

O9 - Extra button: POKER - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Microgaming\Poker\PokermMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\USER\Menu Iniciar\Programas\Poker.com\Poker.com.lnk (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoker.com/download_helper/Nyoko.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:8995/etc/var/TVUAx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Microsoft.com/microsoftupdat...b?1163037104449

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://152.1.131.130/activex/AMC.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://193.130.144.41/media/visitorchat/TLIEFlash.CAB

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.218/g_bin/eng/billard8_2_0_0_23.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MySQLTSE - Unknown owner - C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 17274 bytes

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-01-05 - 11:45

-------------------------------------------------------

Lista de Definição: 2008-12-14-1 | CORE: 2008-12-14-1

=======================================================

Arquivo infectado detectado: C:\sysmlog.log

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\system32\svhost.exe

Arquivo infectado removido com sucesso!

----- Fim -------------------------

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Continuando.....

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Continuando.....

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Malwarebytes' Anti-Malware 1.32

Versão do banco de dados: 1619

Windows 5.1.2600 Service Pack 2

5/1/2009 19:21:44

mbam-log-2009-01-05 (19-21-44).txt

Tipo de Verificação: Rápida

Objetos verificados: 53354

Tempo decorrido: 4 minute(s), 51 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 80

Valores do Registro infectados: 8

Ítens do Registro infectados: 0

Pastas infectadas: 18

Arquivos infectados: 35

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\foxie.foxiecore (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{53b8b576-27ef-4cf5-ad81-0487f96bf21f} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6db1d8a4-3493-4414-9fd2-3924617491b5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72fc8424-86d6-4100-8846-ff211f275897} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{96eb9c1c-140f-44d8-8674-840b318b7e0b} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{09c02180-3b46-4cd8-83ff-34daf442bdef} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09c02180-3b46-4cd8-83ff-34daf442bdef} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5b18fd94-2904-4aa0-ad63-7231d59e63a2} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c65185b1-d52b-44a9-861f-8201b50d1f37} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c65185b1-d52b-44a9-861f-8201b50d1f37} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c65185b1-d52b-44a9-861f-8201b50d1f37} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.foxiecore.1 (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.foxiesecuritymodule (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.foxiesecuritymodule.1 (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.foxietoolbar (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{618d0948-6cd1-4129-9fdb-221a7f973f37} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4879d63c-c3cc-42cc-9d1c-e861b42d0a5c} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5fba0f92-abe8-421c-992e-2a85db9910c1} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{432cae3b-690f-4c3b-bd97-070ebda210d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{432cae3b-690f-4c3b-bd97-070ebda210d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{432cae3b-690f-4c3b-bd97-070ebda210d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.foxietoolbar.1 (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.httpfilter (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.httpfilter.1 (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{86a44ef9-78fc-4e18-a564-b18f806f7f56} (Trojan.MultiDefender) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{306bbb66-d9e4-4481-833e-c1d5fca06774} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{546e08aa-809f-4f1a-be1a-6b122ebfcd5a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61039b22-563d-4922-b844-b076c318a66a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e4143585-2688-4ebc-b264-27c774f600d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{306bbb66-d9e4-4481-833e-c1d5fca06774} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{546e08aa-809f-4f1a-be1a-6b122ebfcd5a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{61039b22-563d-4922-b844-b076c318a66a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e4143585-2688-4ebc-b264-27c774f600d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\foxie privacy, security & productivity suite (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\FoxIE (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FoxIE (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{09c02180-3b46-4cd8-83ff-34daf442bdef} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{306bbb66-d9e4-4481-833e-c1d5fca06774} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{546e08aa-809f-4f1a-be1a-6b122ebfcd5a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{61039b22-563d-4922-b844-b076c318a66a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{e4143585-2688-4ebc-b264-27c774f600d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

C:\Arquivos de programas\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\AdBlock (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Firewall (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\HTML (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Icons (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Sweeper (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Updates (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Arquivos infectados:

C:\Arquivos de programas\Foxie Suite\foxiecoreu.dll (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\foxietoolbaru.dll (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Cleaner.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Firewall.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\firewall.sys (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\foxiecore.dll (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Sweeper.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\uninst.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Uninstaller.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\update.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\AdBlock\adblock.dat (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Firewall\spamservers.dat (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Firewall\spyservers.dat (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Firewall\wormservers.dat (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\HTML\Desktop.htm (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\HTML\index.gif (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\HTML\Infinity.htm (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\HTML\Query.htm (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Icons\Cleaner.ico (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Icons\Desktop.ico (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Icons\Infinity.ico (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Icons\Sweeper.ico (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Sweeper\pests.dtx (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Updates\index.dat (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ActivationManager\Uninstall.exe (Trojan.MultiDefender) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:30:19, on 5/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvraidservice.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Arquivos de programas\Windows NT\Acessórios\WORDPAD.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Microsoft Url Search Hook - {cfbfae00-17a6-11d0-99cb-00c04fd64497} - C:\WINDOWS\system32\ieframe.dll

O1 - Hosts: 72.167.248.72 www.credicarditau.com.br

O1 - Hosts: 72.167.248.72 www.itaucard.com.br

O1 - Hosts: 72.167.248.72 itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 www.itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 www.itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bancoreal.com.br

O1 - Hosts: 72.167.248.72 www.itau.com.br

O1 - Hosts: 72.167.248.72 itau.com.br

O1 - Hosts: 72.167.248.72 www.bradesco.com.br

O1 - Hosts: 72.167.248.72 bradesco.com.br

O1 - Hosts: 72.167.248.72 www.gravames.com.br

O1 - Hosts: 72.167.248.72 www.megadata.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomicafederal.com.br

O1 - Hosts: 72.167.248.72 www.cef.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomica.com.br

O1 - Hosts: 72.167.248.72 www.caixa.gov.br

O1 - Hosts: 72.167.248.72 caixa.gov.br

O1 - Hosts: 72.167.248.72 www.caixa.com.br

O1 - Hosts: 72.167.248.72 caixa.com.br

O1 - Hosts: 72.167.248.72 www.cef.gov.br

O1 - Hosts: 72.167.248.72 santander.com.br

O1 - Hosts: 72.167.248.72 www.santander.com.br

O1 - Hosts: 72.167.248.72 banespa.com.br

O1 - Hosts: 72.167.248.72 www.banespa.com.br

O1 - Hosts: 72.167.248.72 santanderbanespa.com.br

O1 - Hosts: 72.167.248.72 www.santanderbanespa.com.br

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - C:\Arquivos de programas\GutshotMPP\MPPoker.exe

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Arquivos de programas\PokerTimeMPP\MPPoker.exe

O9 - Extra button: All In Poker - {7FD14A80-30CB-434e-90A3-DEC1B1EA2014} - C:\Arquivos de programas\allinpokerMPP\MPPoker.exe

O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Arquivos de programas\Gnuf\Casino\casinogame.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: TowerTorneosPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\ARQUIV~1\TOWERT~4\TowerTorneosPoker.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Arquivos de programas\Gnuf\Poker\MPPoker.exe

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Arquivos de programas\royalvegasMPP\MPPoker.exe

O9 - Extra button: POKER - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Microgaming\Poker\PokermMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\USER\Menu Iniciar\Programas\Poker.com\Poker.com.lnk (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoker.com/download_helper/Nyoko.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:8995/etc/var/TVUAx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Microsoft.com/microsoftupdat...b?1163037104449

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://152.1.131.130/activex/AMC.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://193.130.144.41/media/visitorchat/TLIEFlash.CAB

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.218/g_bin/eng/billard8_2_0_0_23.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MySQLTSE - Unknown owner - C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 15159 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download HostsXpert

Descompacte, abra o Programa, execute o arquivo HostsXpert.exe, clique em “Restore Microsoft's Hosts File” e aperte em OK.

Finalize o Programa.

O PC está limpo. (H)



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Download HostsXpert

Descompacte, abra o Programa, execute o arquivo HostsXpert.exe, clique em "Restore Microsoft's Hosts File" e aperte em OK.

Finalize o Programa.

O PC está limpo. (H)

Mr Million só uma pergunta estes que ficaram na quarentena posso deixa-los como estão ou devo remove-los ? cara muito obrigado pela atenção gostaria de saber quanto é seu serviço ?

obrigado por tudo

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pode deletar tudo na Quarentena.

No resto.........., um abraço. (H)

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.

Depois desmarque novamente. Aplicar > OK.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Pode deletar tudo na Quarentena.

No resto.........., um abraço. (H)

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.

Depois desmarque novamente. Aplicar > OK.

Uma abraço feliz ano novo, tudo de melhor pra você !!!

agradecido

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico é muito antigo e está impedido de receber novos posts. Se você quiser ajuda ou suporte, crie um novo tópico.
    • 3 Mensagens
    • 205 Visualizações
    • 7 Mensagens
    • 182 Visualizações
    • 4 Mensagens
    • 367 Visualizações
    • 1 Mensagens
    • 193 Visualizações
    • 1 Mensagens
    • 317 Visualizações

  • Postagens Recentes

    • Analise de log. - encaminhamento para sites duvidosos
      r> MSIE: Internet Explorer v11.0 (11.00.9600.18123)
      Boot mode: Normal Running processes:
      C:\Program Files\AVAST Software\Avast\AvastUI.exe
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      D:\Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      F2 - REG:system.ini: UserInit=userinit.exe,
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
      O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
      O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
      O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
      O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
      O8 - Extra context menu item: Adicionar a AMV/AVI Video Converter... - C:\Program Files (x86)\MediaPlayer Utilities 4.37\AMVConverter\grab.html
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: imagem.caixa.gov.br
      O15 - Trusted Zone: internetbanking.caixa.gov.br
      O15 - Trusted Zone: internetbankingpf.caixa.gov.br
      O15 - Trusted Zone: www.caixa.gov.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
      O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 8564 bytes
        -->
    • Análise de logs - encaminhamento para sites duvidosos
      service - C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
      NetSvcs:64bit: XboxNetApiSvc - C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
      NetSvcs:64bit: UsoSvc - C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
      NetSvcs:64bit: XblGameSave - C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
      NetSvcs:64bit: DmEnrollmentSvc - C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
      NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
      NetSvcs:64bit: UserManager - C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
      NetSvcs:64bit: XblAuthManager - C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
       
      ========== Files/Folders - Created Within 90 Days ==========
       
      [2016/07/29 21:28:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\FreeFall\Desktop\OTL.exe
      [2016/07/29 19:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
      [2016/07/29 19:31:24 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
      [2016/07/29 19:30:52 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\Deployment
      [2016/07/29 19:30:52 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\Apps
      [2016/07/29 19:16:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe
      [2016/07/29 19:02:01 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\ActiveSync
      [2016/07/29 19:00:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
      [2016/07/29 18:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
      [2016/07/29 18:18:12 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\Temp
      [2016/07/29 18:11:41 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\NetworkTiles
      [2016/07/29 18:01:59 | 000,000,000 | ---D | C] -- C:\zoek_backup
      [2016/07/29 17:18:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
      [2016/07/29 17:12:36 | 001,610,560 | ---- | C] (Malwarebytes) -- C:\Users\FreeFall\Desktop\JRT.exe
      [2016/07/29 16:53:45 | 000,000,000 | -H-D | C] -- C:\OneDriveTemp
      [2016/07/29 15:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
      [2016/07/29 15:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2016/07/29 14:08:57 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\ElevatedDiagnostics
      [2016/07/29 11:33:32 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\Comms
      [2016/07/29 11:22:52 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\MicrosoftEdge
      [2016/07/29 11:21:23 | 000,000,000 | R--D | C] -- C:\Users\FreeFall\OneDrive
      [2016/07/29 11:13:25 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\Publishers
      [2016/07/29 11:09:22 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\Packages
      [2016/07/29 11:09:16 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\TileDataLayer
      [2016/07/29 10:37:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
      [2016/07/29 10:37:22 | 000,000,000 | -HSD | C] -- C:\Recovery
      [2016/07/29 10:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeechEngines
      [2016/07/29 10:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
      [2016/07/29 10:14:18 | 000,000,000 | --SD | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft
      [2016/07/29 10:14:18 | 000,000,000 | R-SD | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
      [2016/07/29 10:14:18 | 000,000,000 | R--D | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
      [2016/07/29 10:14:18 | 000,000,000 | R--D | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
      [2016/07/29 10:14:18 | 000,000,000 | R--D | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\AppData\Local\Temporary Internet Files
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\SendTo
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Recent
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Modelos
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Documents\Minhas Músicas
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Documents\Minhas Imagens
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Documents\Meus Vídeos
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Meus Documentos
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Menu Iniciar
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\AppData\Local\Histórico
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Dados de Aplicativos
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\AppData\Local\Dados de Aplicativos
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Cookies
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Configurações Locais
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Ambiente de Rede
      [2016/07/29 10:14:18 | 000,000,000 | -HSD | C] -- C:\Users\FreeFall\Ambiente de Impressão
      [2016/07/29 10:14:18 | 000,000,000 | -H-D | C] -- C:\Users\FreeFall\AppData
      [2016/07/29 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\Microsoft
      [2016/07/29 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
      [2016/07/29 10:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Atheros
      [2016/07/29 10:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
      [2016/07/29 10:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
      [2016/07/29 10:09:53 | 011,941,376 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\idtsg64.cpl
      [2016/07/29 10:09:53 | 004,642,816 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\SysNative\stlang64.dll
      [2016/07/29 10:07:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
      [2016/07/29 10:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
      [2016/07/29 10:01:36 | 000,000,000 | ---D | C] -- C:\Windows.old
      [2016/07/29 09:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer
      [2016/07/29 09:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\msmq
      [2016/07/29 09:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\BestPractices
      [2016/07/29 09:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\BestPractices
      [2016/07/29 09:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
      [2016/07/29 09:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
      [2016/07/29 09:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
      [2016/07/29 09:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
      [2016/07/29 09:43:44 | 000,000,000 | ---D | C] -- C:\inetpub
      [2016/07/29 08:50:50 | 000,000,000 | R--D | C] -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
      [2016/07/28 18:59:21 | 000,079,192 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\drivers\McPvDrv.sys
      [2016/07/28 18:59:21 | 000,000,000 | R-SD | C] -- C:\Users\FreeFall\Documents\McAfee Vaults
      [2016/07/28 18:59:21 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\McAfee File Lock
      [2016/07/28 18:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
      [2016/07/28 18:58:53 | 000,207,968 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\drivers\HipShieldK.sys
      [2016/07/28 18:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel Security
      [2016/07/28 18:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
      [2016/07/28 18:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
      [2016/07/28 18:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Security
      [2016/07/28 18:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
      [2016/07/28 18:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
      [2016/07/28 18:50:03 | 000,277,744 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\mfevtps.exe
      [2016/07/28 18:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
      [2016/07/26 06:14:19 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Roaming\Fantasy Grounds
      [2016/07/26 06:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fantasy Grounds
      [2016/07/25 21:51:13 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\Desktop\Quinta Edição
      [2016/07/13 17:47:38 | 000,610,336 | ---- | C] (Qualcomm Atheros) -- C:\WINDOWS\SysNative\drivers\btfilter.sys
      [2016/07/13 17:47:38 | 000,271,600 | ---- | C] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll
      [2016/07/13 17:47:38 | 000,269,048 | ---- | C] (Qualcomm Atheros Communications Inc.) -- C:\WINDOWS\SysNative\btcoinst.dll
      [2016/07/13 17:47:38 | 000,098,552 | ---- | C] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll.muien-US
      [2016/06/27 19:51:47 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\Tracing
      [2016/06/27 19:50:57 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Roaming\Skype
      [2016/06/27 19:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [2016/06/27 19:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
      [2016/06/27 19:50:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
      [2016/06/27 19:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
      [2016/06/22 23:00:07 | 000,077,824 | ---- | C] (Fox Magic Software) -- C:\WINDOWS\SysWow64\fmcodec.DLL
      [2016/06/21 07:17:20 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\aTubeCatcher
      [2016/06/08 19:10:34 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\Desktop\Pesquisa
       
      ========== Files - Modified Within 90 Days ==========
       
      [2016/07/29 21:49:08 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2016/07/29 21:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FreeFall\Desktop\OTL.exe
      [2016/07/29 19:18:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
      [2016/07/29 18:59:53 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2016/07/29 18:59:44 | 000,891,918 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0416.dat
      [2016/07/29 18:59:44 | 000,832,568 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
      [2016/07/29 18:59:44 | 000,197,030 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0416.dat
      [2016/07/29 18:59:44 | 000,176,804 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
      [2016/07/29 18:59:44 | 000,006,792 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
      [2016/07/29 18:58:28 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
      [2016/07/29 18:58:27 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2016/07/29 18:46:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
      [2016/07/29 18:03:48 | 000,000,753 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
      [2016/07/29 18:01:59 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe
      [2016/07/29 17:58:46 | 001,309,184 | ---- | M] () -- C:\Users\FreeFall\Desktop\zoek.exe
      [2016/07/29 17:12:40 | 001,610,560 | ---- | M] (Malwarebytes) -- C:\Users\FreeFall\Desktop\JRT.exe
      [2016/07/29 17:06:08 | 003,712,064 | ---- | M] () -- C:\Users\FreeFall\Desktop\AdwCleaner.exe
      [2016/07/29 10:36:06 | 000,010,451 | ---- | M] () -- C:\WINDOWS\diagerr.xml
      [2016/07/29 10:36:06 | 000,009,528 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
      [2016/07/29 10:34:10 | 000,022,956 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
      [2016/07/29 10:26:29 | 000,329,184 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
      [2016/07/29 10:13:18 | 002,021,072 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
      [2016/07/29 10:10:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
      [2016/07/29 10:10:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
      [2016/07/29 09:59:29 | 000,015,703 | ---- | M] () -- C:\WINDOWS\SysNative\OEMDefaultAssociations.xml
      [2016/07/29 09:57:24 | 000,002,186 | ---- | M] () -- C:\WINDOWS\SysWow64\AppxProvisioning.xml
      [2016/07/29 09:57:04 | 000,002,186 | ---- | M] () -- C:\WINDOWS\SysNative\AppxProvisioning.xml
      [2016/07/29 09:56:56 | 000,235,008 | ---- | M] () -- C:\WINDOWS\SysNative\MTF.dll
      [2016/07/29 09:56:54 | 002,656,408 | ---- | M] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
      [2016/07/29 09:56:54 | 001,862,008 | ---- | M] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
      [2016/07/29 09:56:44 | 000,162,816 | ---- | M] () -- C:\WINDOWS\SysWow64\MTF.dll
      [2016/07/29 09:43:24 | 000,009,096 | ---- | M] () -- C:\WINDOWS\SysWow64\msmqtrc.mof
      [2016/07/29 09:43:02 | 000,009,096 | ---- | M] () -- C:\WINDOWS\SysNative\msmqtrc.mof
      [2016/07/29 09:27:44 | 000,021,072 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2016/07/29 09:27:44 | 000,021,072 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2016/07/29 08:50:48 | 000,001,950 | ---- | M] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Officejet Pro 8100 (Rede).lnk
      [2016/07/28 19:00:00 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\McAfee® Total Protection.lnk
      [2016/07/27 20:41:32 | 000,748,434 | ---- | M] () -- C:\Users\FreeFall\Desktop\divisórias.jpg
      [2016/07/26 06:17:36 | 000,002,028 | ---- | M] () -- C:\Users\FreeFall\Desktop\Fantasy Grounds.lnk
      [2016/07/13 17:47:38 | 000,610,336 | ---- | M] (Qualcomm Atheros) -- C:\WINDOWS\SysNative\drivers\btfilter.sys
      [2016/07/13 17:47:38 | 000,271,600 | ---- | M] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll
      [2016/07/13 17:47:38 | 000,269,048 | ---- | M] (Qualcomm Atheros Communications Inc.) -- C:\WINDOWS\SysNative\btcoinst.dll
      [2016/07/13 17:47:38 | 000,098,552 | ---- | M] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll.muien-US
      [2016/06/27 19:56:57 | 000,007,429 | ---- | M] () -- C:\Users\FreeFall\Desktop\perfil roxo.jpg
      [2016/06/27 19:50:49 | 000,002,699 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
      [2016/06/21 08:25:59 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf0.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x21.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x11.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40.dfu
      [2016/05/19 09:33:44 | 000,001,922 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_nf01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40.dfu
      [2016/05/19 09:33:44 | 000,001,796 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020000_40.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_LV01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf1.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x22.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x12.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,512 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,242 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,228 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,001,214 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40.dfu
      [2016/05/19 09:33:44 | 000,001,198 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26.dfu
      [2016/05/19 09:33:44 | 000,001,192 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,296 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,278 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26.dfu
      [2016/05/19 09:33:42 | 000,246,804 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AtherosBT.bin
      [2016/05/19 09:33:42 | 000,046,972 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020000.dfu
      [2016/05/19 09:33:42 | 000,046,908 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000.dfu
      [2016/05/19 09:33:42 | 000,046,852 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020100.dfu
      [2016/05/19 09:33:42 | 000,045,868 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020201.dfu
      [2016/05/19 09:33:42 | 000,044,028 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020200.dfu
      [2016/05/19 09:33:42 | 000,042,908 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010100.dfu
      [2016/05/19 09:33:42 | 000,040,684 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000_ss01.dfu
      [2016/05/10 23:26:43 | 008,375,799 | ---- | M] () -- C:\Users\FreeFall\Desktop\RacesofAnsalon.pdf
      [2016/05/10 21:28:17 | 030,905,645 | ---- | M] () -- C:\Users\FreeFall\Desktop\AD&D -2E -Complete Set of 26 Books.PDF
       
      ========== Files Created - No Company Name ==========
       
      [2016/07/29 18:18:12 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe
      [2016/07/29 17:58:43 | 001,309,184 | ---- | C] () -- C:\Users\FreeFall\Desktop\zoek.exe
      [2016/07/29 17:06:00 | 003,712,064 | ---- | C] () -- C:\Users\FreeFall\Desktop\AdwCleaner.exe
      [2016/07/29 11:21:23 | 000,002,384 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      [2016/07/29 11:20:07 | 000,001,053 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursos Opcionais.lnk
      [2016/07/29 10:34:10 | 000,022,956 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
      [2016/07/29 10:22:02 | 000,001,576 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      [2016/07/29 10:13:18 | 002,021,072 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
      [2016/07/29 10:10:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
      [2016/07/29 10:10:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
      [2016/07/29 10:06:11 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
      [2016/07/29 10:04:58 | 000,043,409 | ---- | C] () -- C:\WINDOWS\SysWow64\license.rtf
      [2016/07/29 10:04:58 | 000,043,409 | ---- | C] () -- C:\WINDOWS\SysNative\license.rtf
      [2016/07/29 09:57:24 | 000,002,186 | ---- | C] () -- C:\WINDOWS\SysWow64\AppxProvisioning.xml
      [2016/07/29 09:57:04 | 000,002,186 | ---- | C] () -- C:\WINDOWS\SysNative\AppxProvisioning.xml
      [2016/07/29 09:56:56 | 000,235,008 | ---- | C] () -- C:\WINDOWS\SysNative\MTF.dll
      [2016/07/29 09:56:54 | 002,656,408 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
      [2016/07/29 09:56:54 | 001,862,008 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
      [2016/07/29 09:56:44 | 000,162,816 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
      [2016/07/29 09:23:32 | 000,010,451 | ---- | C] () -- C:\WINDOWS\diagerr.xml
      [2016/07/29 09:23:32 | 000,009,528 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
      [2016/07/28 19:00:00 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\McAfee® Total Protection.lnk
      [2016/07/27 20:37:52 | 000,748,434 | ---- | C] () -- C:\Users\FreeFall\Desktop\divisórias.jpg
      [2016/07/26 06:17:36 | 000,002,028 | ---- | C] () -- C:\Users\FreeFall\Desktop\Fantasy Grounds.lnk
      [2016/06/27 19:56:56 | 000,007,429 | ---- | C] () -- C:\Users\FreeFall\Desktop\perfil roxo.jpg
      [2016/06/27 19:50:49 | 000,002,699 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf0.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x21.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x11.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40.dfu
      [2016/05/19 09:33:44 | 000,001,922 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_nf01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40.dfu
      [2016/05/19 09:33:44 | 000,001,796 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020000_40.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_LV01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf1.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x22.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x12.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,512 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,242 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,228 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,001,214 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40.dfu
      [2016/05/19 09:33:44 | 000,001,198 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26.dfu
      [2016/05/19 09:33:44 | 000,001,192 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,296 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,278 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26.dfu
      [2016/05/19 09:33:42 | 000,246,804 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AtherosBT.bin
      [2016/05/19 09:33:42 | 000,046,972 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020000.dfu
      [2016/05/19 09:33:42 | 000,046,908 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000.dfu
      [2016/05/19 09:33:42 | 000,046,852 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020100.dfu
      [2016/05/19 09:33:42 | 000,045,868 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020201.dfu
      [2016/05/19 09:33:42 | 000,044,028 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020200.dfu
      [2016/05/19 09:33:42 | 000,042,908 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010100.dfu
      [2016/05/19 09:33:42 | 000,040,684 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000_ss01.dfu
      [2016/05/10 23:26:43 | 008,375,799 | ---- | C] () -- C:\Users\FreeFall\Desktop\RacesofAnsalon.pdf
      [2016/05/10 21:28:17 | 030,905,645 | ---- | C] () -- C:\Users\FreeFall\Desktop\AD&D -2E -Complete Set of 26 Books.PDF
      [2016/04/27 04:04:42 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
      [2015/10/30 04:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
      [2015/10/30 04:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
      [2015/10/30 04:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
      [2015/10/30 04:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
      [2015/10/30 04:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
      [2015/10/30 04:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
      [2015/10/30 04:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
      [2015/10/30 04:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
      [2015/10/30 04:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
      [2015/10/30 04:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
      [2015/10/30 04:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
      [2015/10/30 04:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
      [2015/10/30 04:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
      [2015/10/30 04:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
      [2015/06/01 21:00:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
      [2015/06/01 19:46:58 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
      [2015/06/01 19:45:24 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
      [2015/05/10 16:46:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
      [2015/05/05 20:19:36 | 000,811,218 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\unins000.exe
      [2015/05/05 20:19:36 | 000,017,292 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\unins000.dat
       
      ========== ZeroAccess Check ==========
       
      [2016/07/29 16:52:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\windows.storage.dll -- [2016/07/29 09:56:51 | 006,605,544 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\windows.storage.dll -- [2016/07/29 09:56:52 | 005,240,960 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 04:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 04:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 04:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
       
      ========== LOP Check ==========
       
      [2016/07/26 06:30:01 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Fantasy Grounds
      [2015/04/30 13:29:05 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Fingertapps
      [2016/07/29 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\PCDr
      [2016/07/29 19:12:15 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Spotify
       
      ========== Purity Check ==========
       
       
       
      ========== Custom Scans ==========
       
      < %systemroot%\system32\drivers\*.* /90 >
       
      < %systemdrive%\drivers\*.exe >
       
      < %SYSTEMDRIVE%\*.* >
      [2015/10/30 04:18:34 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
      [2012/04/05 20:59:57 | 000,033,797 | RH-- | M] () -- C:\dell.sdr
      [2016/07/29 18:58:28 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
      [2016/07/29 19:18:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
      [2016/07/29 18:46:02 | 4294,967,295 | -HS- | M] () -- C:\pagefile.sys
      [2016/07/29 18:46:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
       
      < %LOCALAPPDATA%\*.exe >
       
      < %LOCALAPPDATA%\*.txt >
       
      < %LOCALAPPDATA%\*.ini >
       
      < %LOCALAPPDATA%\*.dll >
       
      < %LOCALAPPDATA%\*.dat >
      [2015/07/29 21:01:02 | 000,105,576 | ---- | M] () -- C:\Users\FreeFall\AppData\Local\GDIPFONTCACHEV1.DAT
       
      < %USERPROFILE%\*.exe >
       
      < %USERPROFILE%\*.txt >
       
      < %USERPROFILE%\*.ini >
      [2016/07/29 11:09:05 | 000,000,020 | -HS- | M] () -- C:\Users\FreeFall\ntuser.ini
       
      < %USERPROFILE%\*.dll >
       
      < %USERPROFILE%\*.dat /30 >
      [2016/07/29 18:18:55 | 002,883,584 | -HS- | M] () -- C:\Users\FreeFall\NTUSER.DAT
       
      < C:\windows\system32\Tasks\*.* /s >
      [2015/05/22 21:24:12 | 000,001,066 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
      [2015/05/22 21:24:12 | 000,001,070 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
      [2016/04/27 04:10:46 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
       
      < C:\windows\system32\Tasks\*.* /s /64 >
      [2016/07/29 10:34:35 | 000,003,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Adobe Acrobat Update Task
      [2016/07/29 10:34:37 | 000,003,924 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\GoogleUpdateTaskMachineCore
      [2016/07/29 10:34:45 | 000,004,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\GoogleUpdateTaskMachineUA
      [2016/07/29 10:34:49 | 000,003,738 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\HPCustParticipation HP Officejet Pro 8100
      [2016/07/29 19:40:56 | 000,004,020 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
      [2016/07/29 15:56:10 | 000,004,208 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
      [2016/07/29 10:34:36 | 000,003,194 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\McAfeeLogon
      [2016/07/29 17:43:29 | 000,004,182 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\User_Feed_Synchronization-{F913369A-30D6-49AF-A679-1FFF203BAE96}
      [2016/07/29 10:34:47 | 000,003,040 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\McAfee\McAfee Idle Detection Task
      [2016/07/29 10:34:42 | 000,004,196 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat
      [2016/07/29 10:34:37 | 000,003,658 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack
      [2016/07/29 10:34:36 | 000,003,596 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn
      [2016/07/29 10:34:38 | 000,004,268 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
      [2016/07/29 10:34:47 | 000,002,660 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
      [2016/07/29 10:34:43 | 000,002,666 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
      [2016/07/29 10:34:47 | 000,002,822 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
      [2016/07/29 10:34:43 | 000,002,816 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
      [2016/07/29 10:34:49 | 000,003,978 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
      [2016/07/29 10:34:37 | 000,003,426 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
      [2016/07/29 10:34:48 | 000,003,436 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
      [2016/07/29 10:34:50 | 000,002,722 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter
      [2016/07/29 10:34:37 | 000,003,320 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
      [2016/07/29 10:34:35 | 000,003,346 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
      [2016/07/29 11:10:19 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
      [2016/07/29 10:34:50 | 000,003,014 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
      [2016/07/29 10:34:49 | 000,003,090 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
      [2016/07/29 10:34:39 | 000,003,052 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState
      [2016/07/29 10:34:45 | 000,002,716 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup
      [2016/07/29 10:34:38 | 000,003,026 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
      [2016/07/29 10:34:35 | 000,002,870 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy
      [2016/07/29 10:34:50 | 000,002,328 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
      [2016/07/29 10:34:42 | 000,002,936 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
      [2016/07/29 10:34:40 | 000,002,830 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
      [2016/07/29 10:34:40 | 000,003,092 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
      [2016/07/29 10:34:50 | 000,003,694 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
      [2016/07/29 10:34:38 | 000,003,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
      [2016/07/29 10:34:50 | 000,003,554 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
      [2016/07/29 10:34:46 | 000,002,780 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
      [2016/07/29 10:34:35 | 000,003,428 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Clip\License Validation
      [2016/07/29 10:34:44 | 000,002,242 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CloudExperienceHost\CreateObjectTask
      [2016/07/29 10:34:48 | 000,003,030 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
      [2016/07/29 10:34:50 | 000,003,410 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
      [2016/07/29 10:34:44 | 000,003,260 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
      [2016/07/29 10:34:35 | 000,003,714 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
      [2016/07/29 10:34:46 | 000,003,354 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
      [2016/07/29 10:34:45 | 000,002,930 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
      [2016/07/29 10:34:43 | 000,002,984 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
      [2016/07/29 11:44:23 | 000,003,198 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
      [2016/07/29 10:34:45 | 000,003,192 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
      [2016/07/29 11:44:23 | 000,003,112 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
      [2016/07/29 11:44:23 | 000,003,204 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
      [2016/07/29 11:08:38 | 000,003,444 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
      [2016/07/29 11:44:23 | 000,003,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
      [2016/07/29 11:44:23 | 000,003,212 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
      [2016/07/29 10:34:43 | 000,003,202 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
      [2016/07/29 10:34:36 | 000,003,308 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
      [2016/07/29 10:34:50 | 000,003,092 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled
      [2016/07/29 10:34:46 | 000,003,072 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup
      [2016/07/29 10:34:50 | 000,003,034 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
      [2016/07/29 10:34:37 | 000,002,766 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
      [2016/07/29 10:34:41 | 000,002,398 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
      [2016/07/29 10:34:45 | 000,002,562 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
      [2016/07/29 10:34:45 | 000,002,384 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DUSM\dusmtask
      [2016/07/29 10:34:40 | 000,002,782 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
      [2016/07/29 10:34:44 | 000,002,948 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
      [2016/07/29 10:34:41 | 000,002,880 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient
      [2016/07/29 10:34:43 | 000,002,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
      [2016/07/29 10:34:38 | 000,003,550 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
      [2016/07/29 10:34:39 | 000,003,168 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
      [2016/07/29 10:34:48 | 000,003,340 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
      [2016/07/29 10:34:47 | 000,002,638 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Location\Notifications
      [2016/07/29 10:34:42 | 000,002,572 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Location\WindowsActionDialog
      [2016/07/29 10:34:50 | 000,003,002 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT
      [2016/07/29 10:34:36 | 000,002,998 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Management\Provisioning\Logon
      [2016/07/29 10:34:42 | 000,002,946 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maps\MapsToastTask
      [2016/07/29 10:34:39 | 000,003,474 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
      [2016/07/29 10:34:46 | 000,005,684 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
      [2016/07/29 10:34:39 | 000,003,446 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
      [2016/07/29 10:34:41 | 000,003,582 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
      [2016/07/29 10:34:38 | 000,003,578 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MobilePC\HotStart
      [2016/07/29 10:34:40 | 000,002,796 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MUI\LPRemove
      [2016/07/29 10:34:37 | 000,002,574 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
      [2016/07/29 10:34:46 | 000,002,444 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
      [2016/07/29 10:34:48 | 000,002,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\NlaSvc\WiFiTask
      [2016/07/29 10:34:45 | 000,002,944 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
      [2016/07/29 10:34:44 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
      [2016/07/29 10:34:43 | 000,002,880 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PI\Sqm-Tasks
      [2016/07/29 10:34:47 | 000,002,972 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
      [2016/07/29 10:34:38 | 000,002,992 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
      [2016/07/29 10:34:41 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
      [2016/07/29 10:34:45 | 000,002,338 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
      [2016/07/29 10:34:50 | 000,003,128 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
      [2016/07/29 10:34:50 | 000,003,462 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Ras\MobilityManager
      [2016/07/29 10:34:39 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
      [2016/07/29 10:34:49 | 000,003,218 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Registry\RegIdleBackup
      [2016/07/29 10:34:50 | 000,003,796 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
      [2016/07/29 10:37:28 | 000,004,030 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
      [2016/07/29 10:34:49 | 000,002,502 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
      [2016/07/29 10:34:42 | 000,002,544 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
      [2016/07/29 10:34:42 | 000,002,904 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
      [2016/07/29 10:34:40 | 000,002,838 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
      [2016/07/29 10:34:46 | 000,002,636 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\CreateObjectTask
      [2016/07/29 10:34:51 | 000,003,512 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor
      [2016/07/29 10:34:51 | 000,004,052 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
      [2016/07/29 10:34:45 | 000,002,756 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
      [2016/07/29 10:34:37 | 000,003,802 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
      [2016/07/29 10:34:36 | 000,003,912 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
      [2016/07/29 21:05:27 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
      [2016/07/29 11:09:08 | 000,003,372 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
      [2016/07/29 10:34:41 | 000,004,048 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
      [2016/07/29 10:34:35 | 000,003,006 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask
      [2016/07/29 10:34:35 | 000,003,070 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask
      [2016/07/29 10:34:40 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
      [2016/07/29 10:34:40 | 000,003,286 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
      [2016/07/29 10:34:49 | 000,003,056 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
      [2016/07/29 10:34:40 | 000,003,126 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
      [2016/07/29 10:34:48 | 000,002,972 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
      [2016/07/29 10:34:42 | 000,002,968 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
      [2016/07/29 10:34:49 | 000,002,976 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SystemRestore\SR
      [2016/07/29 10:34:44 | 000,002,762 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Task Manager\Interactive
      [2016/07/29 10:34:39 | 000,004,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
      [2016/07/29 10:34:39 | 000,004,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
      [2016/07/29 10:34:37 | 000,002,566 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
      [2016/07/29 10:34:39 | 000,002,932 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
      [2016/07/29 10:34:42 | 000,002,902 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
      [2016/07/29 10:34:44 | 000,002,600 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone
      [2016/07/29 10:34:45 | 000,002,816 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
      [2016/07/29 10:34:46 | 000,003,592 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
      [2016/07/29 10:34:42 | 000,002,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install
      [2016/07/29 10:34:40 | 000,002,342 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install
      [2016/07/29 10:34:49 | 000,002,904 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot
      [2016/07/29 16:33:28 | 000,002,268 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot
      [2016/07/29 16:25:49 | 000,005,286 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
      [2016/07/29 10:34:43 | 000,002,330 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
      [2016/07/29 10:34:40 | 000,002,396 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
      [2016/07/29 10:34:50 | 000,002,328 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
      [2016/07/29 10:34:47 | 000,003,650 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
      [2016/07/29 10:34:44 | 000,002,920 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WCM\WiFiTask
      [2016/07/29 10:34:49 | 000,002,892 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WDI\ResolutionHost
      [2016/07/29 10:34:50 | 000,003,990 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
      [2016/07/29 10:34:50 | 000,003,288 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
      [2016/07/29 10:34:44 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
      [2016/07/29 11:09:08 | 000,003,224 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
      [2016/07/29 10:34:37 | 000,003,426 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
      [2016/07/29 21:26:41 | 000,005,246 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
      [2016/07/29 10:34:46 | 000,003,300 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\sih
      [2016/07/29 10:34:34 | 000,003,186 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\sihboot
      [2016/07/29 10:34:51 | 000,002,564 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Wininet\CacheTask
      [2016/07/29 10:34:48 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
      [2016/07/29 10:34:41 | 000,002,794 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
      [2016/07/29 10:34:36 | 000,002,790 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
      [2016/07/29 10:34:36 | 000,003,090 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
      [2016/07/29 10:34:38 | 000,002,744 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join
      [2016/07/29 10:34:44 | 000,004,116 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WS\License Validation
      [2016/07/29 10:34:47 | 000,002,784 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WS\WSTask
      [2016/07/29 10:34:42 | 000,004,490 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\WPD\SqmUpload_S-1-5-21-2517854909-2660416918-4196023361-1000
       
      < %windir%\tasks\*.* /s >
      [2016/07/29 18:59:53 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2016/07/29 21:49:08 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2016/07/29 18:46:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
       
      < %systemroot%\*.scr >
      [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
      "SavedLegacySettings" = 46 00 00 00 22 04 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 12 B3 26 50 6C 84 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
      "DefaultConnectionSettings" = 46 00 00 00 FF 03 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 12 B3 26 50 6C 84 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
       
      < HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
       
      < HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl >
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MEMPROTECT_MODE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
       
      < \FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
       
      < HKCU\Software\Microsoft\Internet Explorer\Downloads >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >
      "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2015/10/30 04:24:29 | 000,000,000 | --SD | M]
      "CodeBaseSearchPath" = CODEBASE
      "EnablePunycode" = 1
      "MinorVersion" = 0
      "WarnOnIntranet" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\LUI]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings >
      "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2015/10/30 04:24:29 | 000,000,000 | --SD | M]
      "CodeBaseSearchPath" = CODEBASE
      "EnablePunycode" = 1
      "MinorVersion" = 0
      "WarnOnIntranet" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\LUI]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server >
      "AllowRemoteRPC" = 0
      "DelayConMgrTimeout" = 0
      "DeleteTempDirsOnExit" = 1
      "fDenyTSConnections" = 1
      "fSingleSessionPerUser" = 1
      "NotificationTimeOut" = 0
      "PerSessionTempDir" = 0
      "ProductVersion" = 5.1
      "RCDependentServices" = CertPropSvcSessionEnv [binary data]
      "SnapshotMonitors" = 1
      "StartRCM" = 0
      "TSUserEnabled" = 0
      "InstanceID" = 0988b076-e88a-4260-a571-7e151ad
      "GlassSessionId" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >
      "DefaultDomainName" =
      "DefaultUserName" =
      "EnableSIHostIntegration" = 1
      "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
      "Shell" = explorer.exe -- [2016/07/29 09:57:37 | 004,074,160 | ---- | M] (Microsoft Corporation)
      "ShellCritical" = 0
      "SiHostCritical" = 0
      "SiHostReadyTimeOut" = 0
      "SiHostRestartCountLimit" = 0
      "SiHostRestartTimeGap" = 0
      "Userinit" = C:\WINDOWS\system32\userinit.exe,
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa >
      "auditbasedirectories" = 0
      "auditbaseobjects" = 0
      "Bounds" = 0  [binary data]
      "crashonauditfail" = 0
      "LimitBlankPasswordUse" = 1
      "NoLmHash" = 1
      "Notification Packages" = scecli [binary data] -- [2015/10/30 04:18:26 | 000,227,840 | ---- | M] (Microsoft Corporation)
      "Authentication Packages" = msv1_0 [binary data] -- [2016/07/29 09:56:54 | 000,294,752 | ---- | M] (Microsoft Corporation)
      "SecureBoot" = 1
      "disabledomaincreds" = 0
      "everyoneincludesanonymous" = 0
      "forceguest" = 0
      "restrictanonymous" = 0
      "restrictanonymoussam" = 1
      "fullprivilegeauditing" =  [binary data]
      "LsaPid" = 812
      "ProductType" = 3
      "Security Packages" = kerberosmsv1_0schannelwdigestt [Binary data over 200 bytes]
      "SamConnectedAccountsExist" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CentralizedAccessPolicies]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts >
       
      < \UserList >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
      "Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
      "ApplicationTileImmersiveActivation" = 1
      "AssociationActivationMode" = 0
      "AutoHide" = yes
      "Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
      "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL" =  [binary data]
      "Delete_Temp_Files_On_Exit" = yes
      "Enable_Disk_Cache" = yes
      "Extensions Off Page" = about:NoAdd-ons
      "Local Page" = C:\Windows\SysWOW64\blank.htm
      "Placeholder_Height" = 1A 00 00 00  [binary data]
      "Placeholder_Width" = 1A 00 00 00  [binary data]
      "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page" = about:SecurityRisk
      "Start Page" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS" = yes
      "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2016/07/29 09:57:46 | 000,820,416 | ---- | M] (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon >
      "DefaultDomainName" =
      "DefaultUserName" =
      "EnableSIHostIntegration" = 1
      "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
      "Shell" = explorer.exe -- [2016/07/29 09:57:37 | 004,074,160 | ---- | M] (Microsoft Corporation)
      "ShellCritical" = 0
      "SiHostCritical" = 0
      "SiHostReadyTimeOut" = 0
      "SiHostRestartCountLimit" = 0
      "SiHostRestartTimeGap" = 0
      "Userinit" = C:\WINDOWS\system32\userinit.exe,
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
       
      < \SpecialAccounts\UserList >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
      "Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
      "ApplicationTileImmersiveActivation" = 1
      "AssociationActivationMode" = 0
      "AutoHide" = yes
      "Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
      "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL" =  [binary data]
      "Delete_Temp_Files_On_Exit" = yes
      "Enable_Disk_Cache" = yes
      "Extensions Off Page" = about:NoAdd-ons
      "Local Page" = C:\Windows\SysWOW64\blank.htm
      "Placeholder_Height" = 1A 00 00 00  [binary data]
      "Placeholder_Width" = 1A 00 00 00  [binary data]
      "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page" = about:SecurityRisk
      "Start Page" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS" = yes
      "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2016/07/29 09:57:46 | 000,820,416 | ---- | M] (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService >
      "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2015/10/30 04:18:25 | 000,037,256 | ---- | M] (Microsoft Corporation)
      "DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268
      "ErrorControl" = 1
      "Start" = 3
      "Type" = 32
      "Description" = @%SystemRoot%\System32\termsrv.dll,-267
      "DependOnService" = RPCSS [binary data]
      "ObjectName" = NT Authority\NetworkService
      "ServiceSidType" = 1
      "RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [Binary data over 200 bytes]
      "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00  [binary data]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance]
       
      < net user /c >
      Contas de usu rio para \\FREEFALL-PC
      -------------------------------------------------------------------------------
      Administrador            Convidado                DefaultAccount          
      FreeFall                
      Comando conclu¡do com ˆxito.
       
      < MD5 for: TERMSRV.DLL  >
      [2014/10/13 23:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows.old\Windows\System32\termsrv.dll
      [2014/10/13 23:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
      [2015/10/30 04:18:18 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=14307D4801C8CEF0A615907C09E886B3 -- C:\WINDOWS\SysNative\termsrv.dll
      [2015/10/30 04:18:18 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=14307D4801C8CEF0A615907C09E886B3 -- C:\Windows\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_10.0.10586.0_none_1b24da20fe9b4a93\termsrv.dll
      [2010/11/21 00:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
      [2014/07/16 23:07:44 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=4FC4C50985E5B840F4D72E57286887B8 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
      [2014/10/13 23:16:40 | 000,686,592 | ---- | M] (Microsoft Corporation) MD5=6A5B600AD0041E9AF564DE73B716F3D2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
      [2014/07/16 00:23:41 | 000,686,080 | ---- | M] (Microsoft Corporation) MD5=F4D7114060C034134A440846F411BB7F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
       
      < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
       
      ========== Alternate Data Streams ==========
       
      @Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt   < End of report > -->