Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

kiqui

Navegaki como pesquisador padrão

12 posts neste tópico

Amigos,

estou com um problema este tal de navegaki ficou como pesquisador padrão do Chrome e não da para tirá-lo, ele bloqueia a troca de pesquisador padrão e não da para desinstalá-lo com o ccleaner e o adicionar e remover hardware do sistema. Como posso excluí-lo?

Grato

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o meu log para exame:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:16:44, on 21/12/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.17153)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\eu\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7430 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, baixe o Malwarebytes' Anti-Malware (MBAM) neste link ou neste aqui.

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


 

 

xerl_roums_16.JPG

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

O Hijack está dando erro:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able do fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them.

Save the file as 'hosts'. (with quotes), and reboot.

For Vista: simply exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.

Segue o log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:16:07, on 21/12/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.17153)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\eu\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 6752 bytes

Segue o log do MBAM:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.12.21.17

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

eu :: PECE [administrador]

Proteção: Não permitir

21/12/2012 20:16:56

mbam-log-2012-12-21 (20-16-56).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 202086

Tempo decorrido: 1 minuto(s), 30 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Para o HijackThis não gerar erros, clique com o direito sobre o hijackthis.exe e selecione run_as_adm1.png

Rode os programas abaixo seguindo a ordem:

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

1 - Baixe o 2lsf8k9.png e salve no desktop.

Dê um duplo-clique sobre o adwcleaner.exe.

Clique no botão t8aneq.png. Dê o Ok na mensagem de que os programas abertos serão fechados.

Aguarde o exame terminar a ao final, será pedido para reiniciar o computador para completar a remoção. Dê o Ok.

Após reiniciar, será aberto o log AdwCleaner[s1].txt (fica salvo em C:\).

Mantenha desativados seus programas de proteção para não causar conflitos.

2 - Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta, juntamente com o conteúdo do AdwCleaner[s1].txt e um novo log do HijackThis.


 

 

xerl_roums_16.JPG

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue os logs:

# AdwCleaner v2.101 - Logfile created 12/21/2012 at 21:44:58

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : eu - PECE

# Boot Mode : Normal

# Running from : C:\Users\eu\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.17153

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [723 octets] - [21/12/2012 21:44:58]

########## EOF - C:\AdwCleaner[s1].txt - [782 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.2.1 (12.20.2012:1)

OS: Windows 7 Ultimate x64

Ran by eu on 21/12/2012 at 21:48:33,39

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21/12/2012 at 21:53:43,21

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:55:36, on 21/12/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.17153)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\eu\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7447 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix (by sUBs) e salve na área de trabalho.

  • Feche todas as janelas e programas.
  • Dê um duplo-clique no combo-fix.exe e tecle "Sim" para prosseguir.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Selecione, copie e cole o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete o Combofix.exe e baixe-o novamente. Veja bem: é somente para deletar o arquivo. NÃO É para desinstalá-lo.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de segurança.


 

 

xerl_roums_16.JPG

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como que loga com os privilégios de administrador?

Segue o log do combofix:

ComboFix 12-12-22.01 - eu 22/12/2012 12:51:20.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.12031.10371 [GMT -2:00]

Executando de: c:\users\eu\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-22 to 2012-12-22 ))))))))))))))))))))))))))))

.

.

2012-12-22 14:54 . 2012-12-22 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-21 23:48 . 2012-12-21 23:48 -------- d-----w- c:\windows\ERUNT

2012-12-21 23:48 . 2012-12-21 23:48 -------- d-----w- C:\JRT

2012-12-21 22:35 . 2012-12-21 22:35 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-12-21 22:35 . 2012-12-21 22:35 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-12-21 22:19 . 2012-12-21 23:37 -------- d-----w- c:\program files (x86)\Ubisoft

2012-12-21 21:51 . 2012-12-21 21:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-21 21:51 . 2012-09-29 21:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-21 15:15 . 2012-12-21 15:15 -------- d-----w- c:\program files\CCleaner

2012-12-20 23:53 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-20 23:53 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-20 23:53 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-20 23:53 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-19 13:42 . 2012-12-20 01:25 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-12-19 13:42 . 2012-12-19 13:42 -------- d-----w- c:\windows\PCHEALTH

2012-12-19 13:41 . 2012-12-19 13:41 -------- d-----w- c:\program files\Microsoft Office

2012-12-19 13:41 . 2012-12-19 13:41 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-12-19 13:40 . 2012-12-19 13:46 -------- d-----w- c:\programdata\Microsoft Help

2012-12-19 13:26 . 2012-12-19 13:26 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-12-19 13:26 . 2012-12-19 13:26 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2012-12-19 13:25 . 2012-12-19 13:36 -------- d-----w- c:\programdata\DAEMON Tools Lite

2012-12-19 13:06 . 2012-12-19 13:06 -------- d-----w- C:\2c0efbb208ebfa873a8a17dd5a

2012-12-19 12:59 . 2012-12-19 12:59 -------- d-----w- c:\windows\SysWow64\Wat

2012-12-19 12:59 . 2012-12-19 12:59 -------- d-----w- c:\windows\system32\Wat

2012-12-19 03:34 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-12-19 03:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-12-19 03:20 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

2012-12-19 03:20 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2012-12-19 03:14 . 2012-07-26 07:56 2560 ----a-w- c:\windows\system32\drivers\pt-BR\wdf01000.sys.mui

2012-12-19 03:14 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-19 03:14 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-19 03:14 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-19 03:07 . 2009-11-25 14:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-12-19 03:07 . 2009-11-25 14:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-12-19 03:07 . 2009-11-25 14:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-12-19 03:07 . 2009-11-25 14:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-12-19 03:07 . 2009-11-25 14:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-12-19 03:07 . 2009-11-25 14:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-12-19 03:07 . 2009-11-25 14:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-12-19 03:07 . 2009-11-25 14:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-12-19 03:07 . 2009-11-25 14:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-12-19 03:07 . 2009-11-25 14:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-12-19 03:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-19 03:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-19 03:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-19 03:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-19 03:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-19 03:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-19 03:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-19 02:59 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-12-19 02:59 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-12-19 02:59 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-12-19 02:59 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-12-19 02:59 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-12-19 02:57 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2012-12-19 02:32 . 2012-12-19 02:32 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-19 02:32 . 2012-12-19 02:32 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-19 02:32 . 2012-12-19 02:32 -------- d-----w- c:\windows\SysWow64\Macromed

2012-12-19 02:32 . 2012-12-19 02:32 -------- d-----w- c:\windows\system32\Macromed

2012-12-19 01:37 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll

2012-12-18 21:56 . 2012-12-18 21:56 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-18 21:56 . 2012-12-18 21:55 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-18 21:56 . 2012-12-18 21:55 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-18 21:56 . 2012-12-18 21:55 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-18 21:55 . 2012-12-18 21:55 -------- d-----w- c:\program files (x86)\Java

2012-12-18 07:06 . 2012-12-18 01:17 -------- d-----w- c:\windows\Panther

2012-12-18 05:39 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll

2012-12-18 05:38 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2012-12-18 05:38 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2012-12-18 05:38 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe

2012-12-18 05:38 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe

2012-12-18 05:37 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-18 05:37 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-18 05:36 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll

2012-12-18 05:36 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2012-12-18 05:36 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll

2012-12-18 05:36 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2012-12-18 05:36 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll

2012-12-18 05:36 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2012-12-18 05:36 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll

2012-12-18 05:36 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll

2012-12-18 05:34 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll

2012-12-18 05:34 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll

2012-12-18 05:34 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll

2012-12-18 05:34 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2012-12-18 05:34 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-12-18 05:34 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-12-18 05:34 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-12-18 05:34 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2012-12-18 05:34 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-12-18 05:32 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2012-12-18 05:31 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-12-18 05:29 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-18 05:28 . 2012-06-16 05:25 609792 ----a-w- c:\windows\system32\vbscript.dll

2012-12-18 05:27 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll

2012-12-18 05:26 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2012-12-18 05:06 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-12-18 05:06 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-12-18 04:57 . 2012-12-18 04:57 -------- d-----w- c:\program files (x86)\HD Tune Pro

2012-12-18 03:11 . 2012-12-18 03:11 -------- d-----w- c:\programdata\Nexon

2012-12-18 02:40 . 2012-12-03 17:36 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-12-18 02:40 . 2012-12-03 17:36 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-12-18 02:40 . 2012-11-16 22:17 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-12-18 02:40 . 2012-12-18 02:40 -------- d-----w- c:\programdata\Avira

2012-12-18 02:40 . 2012-12-18 02:40 -------- d-----w- c:\program files (x86)\Avira

2012-12-18 02:23 . 2012-12-18 02:23 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61935EA6-98D1-420B-9CEF-ECE170237E27}\offreg.dll

2012-12-18 02:21 . 2012-12-18 02:21 -------- d-----w- c:\program files\TeamSpeak 3 Client

2012-12-18 02:19 . 2012-12-18 02:49 -------- d-----w- c:\program files (x86)\CleanDoD

2012-12-18 02:15 . 2012-12-18 02:15 -------- d-----w- C:\Level Up! Games

2012-12-18 02:14 . 2012-12-18 02:14 -------- d-----w- c:\programdata\Malwarebytes

2012-12-18 02:12 . 2012-12-21 14:44 -------- d-----w- c:\programdata\Spyware Terminator

2012-12-18 02:12 . 2012-12-18 02:12 51496 ----a-w- c:\windows\system32\drivers\stflt.sys

2012-12-18 02:12 . 2012-12-18 02:12 -------- d-----w- c:\program files (x86)\Spyware Terminator

2012-12-18 02:12 . 2012-11-19 03:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61935EA6-98D1-420B-9CEF-ECE170237E27}\mpengine.dll

2012-12-18 02:12 . 2012-05-31 13:25 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-12-18 02:10 . 2012-12-18 02:10 -------- d-----w- c:\program files (x86)\TeamViewer

2012-12-18 02:02 . 2012-12-18 02:02 -------- d-----w- c:\program files (x86)\Google

2012-12-18 01:55 . 2012-12-18 01:55 -------- d-----w- c:\programdata\ATI

2012-12-18 01:54 . 2012-12-18 01:54 0 ----a-w- c:\windows\ativpsrm.bin

2012-12-18 01:51 . 2010-01-28 01:33 116736 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys

2012-12-18 01:51 . 2010-02-10 14:06 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-12-18 01:51 . 2010-02-10 13:27 55296 ----a-w- c:\windows\system32\coinst.dll

2012-12-18 01:51 . 2012-12-18 01:51 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-12-18 01:51 . 2012-12-18 01:52 -------- d-----w- c:\program files\ATI Technologies

2012-12-18 01:49 . 2012-12-18 01:49 -------- dc----w- c:\windows\system32\DRVSTORE

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-16 21:20 . 2012-12-18 05:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20 . 2012-12-18 05:28 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34 . 2012-12-18 05:28 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-04 16:45 . 2012-12-18 05:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R3 ALSysIO;ALSysIO;c:\users\eu\AppData\Local\Temp\ALSysIO64.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-19 1255736]

S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2009-07-08 11832]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-19 283200]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-10 202752]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-04 85280]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-12-18 51496]

S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-11-09 1148664]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 02:32]

.

2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18 02:02]

.

2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18 02:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-30 10806816]

"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-11-09 2777296]

"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-11-09 3673808]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-12-22 12:56:29

ComboFix-quarantined-files.txt 2012-12-22 14:56

.

Pré-execução: 190.343.684.096 bytes disponíveis

Pós execução: 190.592.905.216 bytes disponíveis

.

- - End Of File - - 264AB3177D379C5EBDC4E42B85F6E046

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, houve uma migração do fórum e alguns posts foram perdidos. Já tinha dado as instruções finais e pediria que desse um retorno para confirmar se as recebeu ou não.


Obrigado.


 

 

xerl_roums_16.JPG

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Recebi, mas o micro voltou a apresentar problemas. Segue o log:

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:37:41, on 04/01/2013
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17153)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\eu\Downloads\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 6409 bytes
 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Que problemas?


 

 

xerl_roums_16.JPG

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 6 Mensagens
    • 157 Visualizações
    • 2 Mensagens
    • 104 Visualizações
    • 2 Mensagens
    • 179 Visualizações
    • 4 Mensagens
    • 272 Visualizações
    • 4 Mensagens
    • 288 Visualizações

  • Postagens Recentes

    • Analise de log. - encaminhamento para sites duvidosos
      CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
      [-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
      [-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} ***** [ Navegadores ] ***** [-] [C:\Users\Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\4mdf0zf7.default-1436985977120\prefs.js] Excluída : user_pref("browser.newtab.url", "hxxps://br.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10196_swoc_campaign_151229__yaff");
      [-] [C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : cmfgjfhhmajdnadjbfflgjjkgdbhihdc ************************* :: Chaves "Tracing" excluídas
      :: Configurações Winsock restauradas ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [4599 bytes] - [29/07/2016 22:38:49]
      C:\AdwCleaner\AdwCleaner[S2].txt - [4524 bytes] - [29/07/2016 22:33:58] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4745 bytes] ##########
        HijackThis Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 22:59:30, on 29/07/2016
      Platform: Windows 7 SP1 (WinNT 6.00.3505)
      MSIE: Internet Explorer v11.0 (11.00.9600.18123)
      Boot mode: Normal Running processes:
      C:\Program Files\AVAST Software\Avast\AvastUI.exe
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      D:\Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      F2 - REG:system.ini: UserInit=userinit.exe,
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
      O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
      O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
      O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
      O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
      O8 - Extra context menu item: Adicionar a AMV/AVI Video Converter... - C:\Program Files (x86)\MediaPlayer Utilities 4.37\AMVConverter\grab.html
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: imagem.caixa.gov.br
      O15 - Trusted Zone: internetbanking.caixa.gov.br
      O15 - Trusted Zone: internetbankingpf.caixa.gov.br
      O15 - Trusted Zone: www.caixa.gov.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
      O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 8564 bytes
        -->
    • Análise de logs - encaminhamento para sites duvidosos
      rv.sys
      [2016/07/28 18:59:21 | 000,000,000 | R-SD | C] -- C:\Users\FreeFall\Documents\McAfee Vaults
      [2016/07/28 18:59:21 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Local\McAfee File Lock
      [2016/07/28 18:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
      [2016/07/28 18:58:53 | 000,207,968 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\drivers\HipShieldK.sys
      [2016/07/28 18:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel Security
      [2016/07/28 18:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
      [2016/07/28 18:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
      [2016/07/28 18:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Security
      [2016/07/28 18:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
      [2016/07/28 18:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
      [2016/07/28 18:50:03 | 000,277,744 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\mfevtps.exe
      [2016/07/28 18:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
      [2016/07/26 06:14:19 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Roaming\Fantasy Grounds
      [2016/07/26 06:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fantasy Grounds
      [2016/07/25 21:51:13 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\Desktop\Quinta Edição
      [2016/07/13 17:47:38 | 000,610,336 | ---- | C] (Qualcomm Atheros) -- C:\WINDOWS\SysNative\drivers\btfilter.sys
      [2016/07/13 17:47:38 | 000,271,600 | ---- | C] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll
      [2016/07/13 17:47:38 | 000,269,048 | ---- | C] (Qualcomm Atheros Communications Inc.) -- C:\WINDOWS\SysNative\btcoinst.dll
      [2016/07/13 17:47:38 | 000,098,552 | ---- | C] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll.muien-US
      [2016/06/27 19:51:47 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\Tracing
      [2016/06/27 19:50:57 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Roaming\Skype
      [2016/06/27 19:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [2016/06/27 19:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
      [2016/06/27 19:50:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
      [2016/06/27 19:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
      [2016/06/22 23:00:07 | 000,077,824 | ---- | C] (Fox Magic Software) -- C:\WINDOWS\SysWow64\fmcodec.DLL
      [2016/06/21 07:17:20 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\aTubeCatcher
      [2016/06/08 19:10:34 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\Desktop\Pesquisa
       
      ========== Files - Modified Within 90 Days ==========
       
      [2016/07/29 21:49:08 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2016/07/29 21:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FreeFall\Desktop\OTL.exe
      [2016/07/29 19:18:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
      [2016/07/29 18:59:53 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2016/07/29 18:59:44 | 000,891,918 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0416.dat
      [2016/07/29 18:59:44 | 000,832,568 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
      [2016/07/29 18:59:44 | 000,197,030 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0416.dat
      [2016/07/29 18:59:44 | 000,176,804 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
      [2016/07/29 18:59:44 | 000,006,792 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
      [2016/07/29 18:58:28 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
      [2016/07/29 18:58:27 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2016/07/29 18:46:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
      [2016/07/29 18:03:48 | 000,000,753 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
      [2016/07/29 18:01:59 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe
      [2016/07/29 17:58:46 | 001,309,184 | ---- | M] () -- C:\Users\FreeFall\Desktop\zoek.exe
      [2016/07/29 17:12:40 | 001,610,560 | ---- | M] (Malwarebytes) -- C:\Users\FreeFall\Desktop\JRT.exe
      [2016/07/29 17:06:08 | 003,712,064 | ---- | M] () -- C:\Users\FreeFall\Desktop\AdwCleaner.exe
      [2016/07/29 10:36:06 | 000,010,451 | ---- | M] () -- C:\WINDOWS\diagerr.xml
      [2016/07/29 10:36:06 | 000,009,528 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
      [2016/07/29 10:34:10 | 000,022,956 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
      [2016/07/29 10:26:29 | 000,329,184 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
      [2016/07/29 10:13:18 | 002,021,072 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
      [2016/07/29 10:10:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
      [2016/07/29 10:10:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
      [2016/07/29 09:59:29 | 000,015,703 | ---- | M] () -- C:\WINDOWS\SysNative\OEMDefaultAssociations.xml
      [2016/07/29 09:57:24 | 000,002,186 | ---- | M] () -- C:\WINDOWS\SysWow64\AppxProvisioning.xml
      [2016/07/29 09:57:04 | 000,002,186 | ---- | M] () -- C:\WINDOWS\SysNative\AppxProvisioning.xml
      [2016/07/29 09:56:56 | 000,235,008 | ---- | M] () -- C:\WINDOWS\SysNative\MTF.dll
      [2016/07/29 09:56:54 | 002,656,408 | ---- | M] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
      [2016/07/29 09:56:54 | 001,862,008 | ---- | M] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
      [2016/07/29 09:56:44 | 000,162,816 | ---- | M] () -- C:\WINDOWS\SysWow64\MTF.dll
      [2016/07/29 09:43:24 | 000,009,096 | ---- | M] () -- C:\WINDOWS\SysWow64\msmqtrc.mof
      [2016/07/29 09:43:02 | 000,009,096 | ---- | M] () -- C:\WINDOWS\SysNative\msmqtrc.mof
      [2016/07/29 09:27:44 | 000,021,072 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2016/07/29 09:27:44 | 000,021,072 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2016/07/29 08:50:48 | 000,001,950 | ---- | M] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Officejet Pro 8100 (Rede).lnk
      [2016/07/28 19:00:00 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\McAfee® Total Protection.lnk
      [2016/07/27 20:41:32 | 000,748,434 | ---- | M] () -- C:\Users\FreeFall\Desktop\divisórias.jpg
      [2016/07/26 06:17:36 | 000,002,028 | ---- | M] () -- C:\Users\FreeFall\Desktop\Fantasy Grounds.lnk
      [2016/07/13 17:47:38 | 000,610,336 | ---- | M] (Qualcomm Atheros) -- C:\WINDOWS\SysNative\drivers\btfilter.sys
      [2016/07/13 17:47:38 | 000,271,600 | ---- | M] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll
      [2016/07/13 17:47:38 | 000,269,048 | ---- | M] (Qualcomm Atheros Communications Inc.) -- C:\WINDOWS\SysNative\btcoinst.dll
      [2016/07/13 17:47:38 | 000,098,552 | ---- | M] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll.muien-US
      [2016/06/27 19:56:57 | 000,007,429 | ---- | M] () -- C:\Users\FreeFall\Desktop\perfil roxo.jpg
      [2016/06/27 19:50:49 | 000,002,699 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
      [2016/06/21 08:25:59 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf0.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x21.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x11.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40.dfu
      [2016/05/19 09:33:44 | 000,001,922 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_nf01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40.dfu
      [2016/05/19 09:33:44 | 000,001,796 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020000_40.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_LV01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf1.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x22.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x12.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,512 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,242 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,228 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,001,214 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40.dfu
      [2016/05/19 09:33:44 | 000,001,198 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26.dfu
      [2016/05/19 09:33:44 | 000,001,192 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,296 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,278 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26.dfu
      [2016/05/19 09:33:42 | 000,246,804 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AtherosBT.bin
      [2016/05/19 09:33:42 | 000,046,972 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020000.dfu
      [2016/05/19 09:33:42 | 000,046,908 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000.dfu
      [2016/05/19 09:33:42 | 000,046,852 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020100.dfu
      [2016/05/19 09:33:42 | 000,045,868 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020201.dfu
      [2016/05/19 09:33:42 | 000,044,028 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020200.dfu
      [2016/05/19 09:33:42 | 000,042,908 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010100.dfu
      [2016/05/19 09:33:42 | 000,040,684 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000_ss01.dfu
      [2016/05/10 23:26:43 | 008,375,799 | ---- | M] () -- C:\Users\FreeFall\Desktop\RacesofAnsalon.pdf
      [2016/05/10 21:28:17 | 030,905,645 | ---- | M] () -- C:\Users\FreeFall\Desktop\AD&D -2E -Complete Set of 26 Books.PDF
       
      ========== Files Created - No Company Name ==========
       
      [2016/07/29 18:18:12 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe
      [2016/07/29 17:58:43 | 001,309,184 | ---- | C] () -- C:\Users\FreeFall\Desktop\zoek.exe
      [2016/07/29 17:06:00 | 003,712,064 | ---- | C] () -- C:\Users\FreeFall\Desktop\AdwCleaner.exe
      [2016/07/29 11:21:23 | 000,002,384 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      [2016/07/29 11:20:07 | 000,001,053 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursos Opcionais.lnk
      [2016/07/29 10:34:10 | 000,022,956 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
      [2016/07/29 10:22:02 | 000,001,576 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      [2016/07/29 10:13:18 | 002,021,072 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
      [2016/07/29 10:10:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
      [2016/07/29 10:10:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
      [2016/07/29 10:06:11 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
      [2016/07/29 10:04:58 | 000,043,409 | ---- | C] () -- C:\WINDOWS\SysWow64\license.rtf
      [2016/07/29 10:04:58 | 000,043,409 | ---- | C] () -- C:\WINDOWS\SysNative\license.rtf
      [2016/07/29 09:57:24 | 000,002,186 | ---- | C] () -- C:\WINDOWS\SysWow64\AppxProvisioning.xml
      [2016/07/29 09:57:04 | 000,002,186 | ---- | C] () -- C:\WINDOWS\SysNative\AppxProvisioning.xml
      [2016/07/29 09:56:56 | 000,235,008 | ---- | C] () -- C:\WINDOWS\SysNative\MTF.dll
      [2016/07/29 09:56:54 | 002,656,408 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
      [2016/07/29 09:56:54 | 001,862,008 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
      [2016/07/29 09:56:44 | 000,162,816 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
      [2016/07/29 09:23:32 | 000,010,451 | ---- | C] () -- C:\WINDOWS\diagerr.xml
      [2016/07/29 09:23:32 | 000,009,528 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
      [2016/07/28 19:00:00 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\McAfee® Total Protection.lnk
      [2016/07/27 20:37:52 | 000,748,434 | ---- | C] () -- C:\Users\FreeFall\Desktop\divisórias.jpg
      [2016/07/26 06:17:36 | 000,002,028 | ---- | C] () -- C:\Users\FreeFall\Desktop\Fantasy Grounds.lnk
      [2016/06/27 19:56:56 | 000,007,429 | ---- | C] () -- C:\Users\FreeFall\Desktop\perfil roxo.jpg
      [2016/06/27 19:50:49 | 000,002,699 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf0.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x21.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x11.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40.dfu
      [2016/05/19 09:33:44 | 000,001,922 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_nf01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40.dfu
      [2016/05/19 09:33:44 | 000,001,796 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020000_40.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_LV01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf1.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x22.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x12.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,512 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,242 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,228 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,001,214 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40.dfu
      [2016/05/19 09:33:44 | 000,001,198 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26.dfu
      [2016/05/19 09:33:44 | 000,001,192 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,296 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,278 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26.dfu
      [2016/05/19 09:33:42 | 000,246,804 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AtherosBT.bin
      [2016/05/19 09:33:42 | 000,046,972 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020000.dfu
      [2016/05/19 09:33:42 | 000,046,908 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000.dfu
      [2016/05/19 09:33:42 | 000,046,852 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020100.dfu
      [2016/05/19 09:33:42 | 000,045,868 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020201.dfu
      [2016/05/19 09:33:42 | 000,044,028 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020200.dfu
      [2016/05/19 09:33:42 | 000,042,908 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010100.dfu
      [2016/05/19 09:33:42 | 000,040,684 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000_ss01.dfu
      [2016/05/10 23:26:43 | 008,375,799 | ---- | C] () -- C:\Users\FreeFall\Desktop\RacesofAnsalon.pdf
      [2016/05/10 21:28:17 | 030,905,645 | ---- | C] () -- C:\Users\FreeFall\Desktop\AD&D -2E -Complete Set of 26 Books.PDF
      [2016/04/27 04:04:42 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
      [2015/10/30 04:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
      [2015/10/30 04:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
      [2015/10/30 04:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
      [2015/10/30 04:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
      [2015/10/30 04:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
      [2015/10/30 04:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
      [2015/10/30 04:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
      [2015/10/30 04:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
      [2015/10/30 04:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
      [2015/10/30 04:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
      [2015/10/30 04:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
      [2015/10/30 04:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
      [2015/10/30 04:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
      [2015/10/30 04:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
      [2015/06/01 21:00:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
      [2015/06/01 19:46:58 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
      [2015/06/01 19:45:24 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
      [2015/05/10 16:46:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
      [2015/05/05 20:19:36 | 000,811,218 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\unins000.exe
      [2015/05/05 20:19:36 | 000,017,292 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\unins000.dat
       
      ========== ZeroAccess Check ==========
       
      [2016/07/29 16:52:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\windows.storage.dll -- [2016/07/29 09:56:51 | 006,605,544 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\windows.storage.dll -- [2016/07/29 09:56:52 | 005,240,960 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 04:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 04:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 04:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
       
      ========== LOP Check ==========
       
      [2016/07/26 06:30:01 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Fantasy Grounds
      [2015/04/30 13:29:05 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Fingertapps
      [2016/07/29 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\PCDr
      [2016/07/29 19:12:15 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Spotify
       
      ========== Purity Check ==========
       
       
       
      ========== Custom Scans ==========
       
      < %systemroot%\system32\drivers\*.* /90 >
       
      < %systemdrive%\drivers\*.exe >
       
      < %SYSTEMDRIVE%\*.* >
      [2015/10/30 04:18:34 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
      [2012/04/05 20:59:57 | 000,033,797 | RH-- | M] () -- C:\dell.sdr
      [2016/07/29 18:58:28 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
      [2016/07/29 19:18:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
      [2016/07/29 18:46:02 | 4294,967,295 | -HS- | M] () -- C:\pagefile.sys
      [2016/07/29 18:46:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
       
      < %LOCALAPPDATA%\*.exe >
       
      < %LOCALAPPDATA%\*.txt >
       
      < %LOCALAPPDATA%\*.ini >
       
      < %LOCALAPPDATA%\*.dll >
       
      < %LOCALAPPDATA%\*.dat >
      [2015/07/29 21:01:02 | 000,105,576 | ---- | M] () -- C:\Users\FreeFall\AppData\Local\GDIPFONTCACHEV1.DAT
       
      < %USERPROFILE%\*.exe >
       
      < %USERPROFILE%\*.txt >
       
      < %USERPROFILE%\*.ini >
      [2016/07/29 11:09:05 | 000,000,020 | -HS- | M] () -- C:\Users\FreeFall\ntuser.ini
       
      < %USERPROFILE%\*.dll >
       
      < %USERPROFILE%\*.dat /30 >
      [2016/07/29 18:18:55 | 002,883,584 | -HS- | M] () -- C:\Users\FreeFall\NTUSER.DAT
       
      < C:\windows\system32\Tasks\*.* /s >
      [2015/05/22 21:24:12 | 000,001,066 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
      [2015/05/22 21:24:12 | 000,001,070 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
      [2016/04/27 04:10:46 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
       
      < C:\windows\system32\Tasks\*.* /s /64 >
      [2016/07/29 10:34:35 | 000,003,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Adobe Acrobat Update Task
      [2016/07/29 10:34:37 | 000,003,924 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\GoogleUpdateTaskMachineCore
      [2016/07/29 10:34:45 | 000,004,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\GoogleUpdateTaskMachineUA
      [2016/07/29 10:34:49 | 000,003,738 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\HPCustParticipation HP Officejet Pro 8100
      [2016/07/29 19:40:56 | 000,004,020 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
      [2016/07/29 15:56:10 | 000,004,208 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
      [2016/07/29 10:34:36 | 000,003,194 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\McAfeeLogon
      [2016/07/29 17:43:29 | 000,004,182 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\User_Feed_Synchronization-{F913369A-30D6-49AF-A679-1FFF203BAE96}
      [2016/07/29 10:34:47 | 000,003,040 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\McAfee\McAfee Idle Detection Task
      [2016/07/29 10:34:42 | 000,004,196 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat
      [2016/07/29 10:34:37 | 000,003,658 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack
      [2016/07/29 10:34:36 | 000,003,596 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn
      [2016/07/29 10:34:38 | 000,004,268 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
      [2016/07/29 10:34:47 | 000,002,660 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
      [2016/07/29 10:34:43 | 000,002,666 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
      [2016/07/29 10:34:47 | 000,002,822 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
      [2016/07/29 10:34:43 | 000,002,816 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
      [2016/07/29 10:34:49 | 000,003,978 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
      [2016/07/29 10:34:37 | 000,003,426 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
      [2016/07/29 10:34:48 | 000,003,436 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
      [2016/07/29 10:34:50 | 000,002,722 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter
      [2016/07/29 10:34:37 | 000,003,320 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
      [2016/07/29 10:34:35 | 000,003,346 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
      [2016/07/29 11:10:19 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
      [2016/07/29 10:34:50 | 000,003,014 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
      [2016/07/29 10:34:49 | 000,003,090 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
      [2016/07/29 10:34:39 | 000,003,052 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState
      [2016/07/29 10:34:45 | 000,002,716 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup
      [2016/07/29 10:34:38 | 000,003,026 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
      [2016/07/29 10:34:35 | 000,002,870 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy
      [2016/07/29 10:34:50 | 000,002,328 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
      [2016/07/29 10:34:42 | 000,002,936 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
      [2016/07/29 10:34:40 | 000,002,830 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
      [2016/07/29 10:34:40 | 000,003,092 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
      [2016/07/29 10:34:50 | 000,003,694 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
      [2016/07/29 10:34:38 | 000,003,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
      [2016/07/29 10:34:50 | 000,003,554 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
      [2016/07/29 10:34:46 | 000,002,780 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
      [2016/07/29 10:34:35 | 000,003,428 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Clip\License Validation
      [2016/07/29 10:34:44 | 000,002,242 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CloudExperienceHost\CreateObjectTask
      [2016/07/29 10:34:48 | 000,003,030 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
      [2016/07/29 10:34:50 | 000,003,410 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
      [2016/07/29 10:34:44 | 000,003,260 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
      [2016/07/29 10:34:35 | 000,003,714 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
      [2016/07/29 10:34:46 | 000,003,354 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
      [2016/07/29 10:34:45 | 000,002,930 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
      [2016/07/29 10:34:43 | 000,002,984 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
      [2016/07/29 11:44:23 | 000,003,198 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
      [2016/07/29 10:34:45 | 000,003,192 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
      [2016/07/29 11:44:23 | 000,003,112 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
      [2016/07/29 11:44:23 | 000,003,204 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
      [2016/07/29 11:08:38 | 000,003,444 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
      [2016/07/29 11:44:23 | 000,003,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
      [2016/07/29 11:44:23 | 000,003,212 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
      [2016/07/29 10:34:43 | 000,003,202 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
      [2016/07/29 10:34:36 | 000,003,308 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
      [2016/07/29 10:34:50 | 000,003,092 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled
      [2016/07/29 10:34:46 | 000,003,072 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup
      [2016/07/29 10:34:50 | 000,003,034 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
      [2016/07/29 10:34:37 | 000,002,766 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
      [2016/07/29 10:34:41 | 000,002,398 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
      [2016/07/29 10:34:45 | 000,002,562 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
      [2016/07/29 10:34:45 | 000,002,384 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DUSM\dusmtask
      [2016/07/29 10:34:40 | 000,002,782 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
      [2016/07/29 10:34:44 | 000,002,948 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
      [2016/07/29 10:34:41 | 000,002,880 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient
      [2016/07/29 10:34:43 | 000,002,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
      [2016/07/29 10:34:38 | 000,003,550 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
      [2016/07/29 10:34:39 | 000,003,168 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
      [2016/07/29 10:34:48 | 000,003,340 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
      [2016/07/29 10:34:47 | 000,002,638 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Location\Notifications
      [2016/07/29 10:34:42 | 000,002,572 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Location\WindowsActionDialog
      [2016/07/29 10:34:50 | 000,003,002 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT
      [2016/07/29 10:34:36 | 000,002,998 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Management\Provisioning\Logon
      [2016/07/29 10:34:42 | 000,002,946 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maps\MapsToastTask
      [2016/07/29 10:34:39 | 000,003,474 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
      [2016/07/29 10:34:46 | 000,005,684 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
      [2016/07/29 10:34:39 | 000,003,446 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
      [2016/07/29 10:34:41 | 000,003,582 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
      [2016/07/29 10:34:38 | 000,003,578 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MobilePC\HotStart
      [2016/07/29 10:34:40 | 000,002,796 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MUI\LPRemove
      [2016/07/29 10:34:37 | 000,002,574 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
      [2016/07/29 10:34:46 | 000,002,444 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
      [2016/07/29 10:34:48 | 000,002,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\NlaSvc\WiFiTask
      [2016/07/29 10:34:45 | 000,002,944 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
      [2016/07/29 10:34:44 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
      [2016/07/29 10:34:43 | 000,002,880 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PI\Sqm-Tasks
      [2016/07/29 10:34:47 | 000,002,972 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
      [2016/07/29 10:34:38 | 000,002,992 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
      [2016/07/29 10:34:41 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
      [2016/07/29 10:34:45 | 000,002,338 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
      [2016/07/29 10:34:50 | 000,003,128 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
      [2016/07/29 10:34:50 | 000,003,462 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Ras\MobilityManager
      [2016/07/29 10:34:39 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
      [2016/07/29 10:34:49 | 000,003,218 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Registry\RegIdleBackup
      [2016/07/29 10:34:50 | 000,003,796 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
      [2016/07/29 10:37:28 | 000,004,030 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
      [2016/07/29 10:34:49 | 000,002,502 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
      [2016/07/29 10:34:42 | 000,002,544 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
      [2016/07/29 10:34:42 | 000,002,904 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
      [2016/07/29 10:34:40 | 000,002,838 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
      [2016/07/29 10:34:46 | 000,002,636 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\CreateObjectTask
      [2016/07/29 10:34:51 | 000,003,512 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor
      [2016/07/29 10:34:51 | 000,004,052 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
      [2016/07/29 10:34:45 | 000,002,756 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
      [2016/07/29 10:34:37 | 000,003,802 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
      [2016/07/29 10:34:36 | 000,003,912 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
      [2016/07/29 21:05:27 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
      [2016/07/29 11:09:08 | 000,003,372 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
      [2016/07/29 10:34:41 | 000,004,048 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
      [2016/07/29 10:34:35 | 000,003,006 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask
      [2016/07/29 10:34:35 | 000,003,070 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask
      [2016/07/29 10:34:40 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
      [2016/07/29 10:34:40 | 000,003,286 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
      [2016/07/29 10:34:49 | 000,003,056 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
      [2016/07/29 10:34:40 | 000,003,126 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
      [2016/07/29 10:34:48 | 000,002,972 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
      [2016/07/29 10:34:42 | 000,002,968 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
      [2016/07/29 10:34:49 | 000,002,976 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SystemRestore\SR
      [2016/07/29 10:34:44 | 000,002,762 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Task Manager\Interactive
      [2016/07/29 10:34:39 | 000,004,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
      [2016/07/29 10:34:39 | 000,004,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
      [2016/07/29 10:34:37 | 000,002,566 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
      [2016/07/29 10:34:39 | 000,002,932 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
      [2016/07/29 10:34:42 | 000,002,902 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
      [2016/07/29 10:34:44 | 000,002,600 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone
      [2016/07/29 10:34:45 | 000,002,816 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
      [2016/07/29 10:34:46 | 000,003,592 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
      [2016/07/29 10:34:42 | 000,002,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install
      [2016/07/29 10:34:40 | 000,002,342 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install
      [2016/07/29 10:34:49 | 000,002,904 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot
      [2016/07/29 16:33:28 | 000,002,268 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot
      [2016/07/29 16:25:49 | 000,005,286 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
      [2016/07/29 10:34:43 | 000,002,330 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
      [2016/07/29 10:34:40 | 000,002,396 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
      [2016/07/29 10:34:50 | 000,002,328 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
      [2016/07/29 10:34:47 | 000,003,650 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
      [2016/07/29 10:34:44 | 000,002,920 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WCM\WiFiTask
      [2016/07/29 10:34:49 | 000,002,892 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WDI\ResolutionHost
      [2016/07/29 10:34:50 | 000,003,990 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
      [2016/07/29 10:34:50 | 000,003,288 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
      [2016/07/29 10:34:44 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
      [2016/07/29 11:09:08 | 000,003,224 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
      [2016/07/29 10:34:37 | 000,003,426 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
      [2016/07/29 21:26:41 | 000,005,246 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
      [2016/07/29 10:34:46 | 000,003,300 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\sih
      [2016/07/29 10:34:34 | 000,003,186 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\sihboot
      [2016/07/29 10:34:51 | 000,002,564 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Wininet\CacheTask
      [2016/07/29 10:34:48 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
      [2016/07/29 10:34:41 | 000,002,794 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
      [2016/07/29 10:34:36 | 000,002,790 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
      [2016/07/29 10:34:36 | 000,003,090 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
      [2016/07/29 10:34:38 | 000,002,744 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join
      [2016/07/29 10:34:44 | 000,004,116 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WS\License Validation
      [2016/07/29 10:34:47 | 000,002,784 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WS\WSTask
      [2016/07/29 10:34:42 | 000,004,490 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\WPD\SqmUpload_S-1-5-21-2517854909-2660416918-4196023361-1000
       
      < %windir%\tasks\*.* /s >
      [2016/07/29 18:59:53 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2016/07/29 21:49:08 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2016/07/29 18:46:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
       
      < %systemroot%\*.scr >
      [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
      "SavedLegacySettings" = 46 00 00 00 22 04 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 12 B3 26 50 6C 84 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
      "DefaultConnectionSettings" = 46 00 00 00 FF 03 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 12 B3 26 50 6C 84 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
       
      < HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
       
      < HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl >
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MEMPROTECT_MODE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
       
      < \FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
       
      < HKCU\Software\Microsoft\Internet Explorer\Downloads >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >
      "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2015/10/30 04:24:29 | 000,000,000 | --SD | M]
      "CodeBaseSearchPath" = CODEBASE
      "EnablePunycode" = 1
      "MinorVersion" = 0
      "WarnOnIntranet" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\LUI]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings >
      "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2015/10/30 04:24:29 | 000,000,000 | --SD | M]
      "CodeBaseSearchPath" = CODEBASE
      "EnablePunycode" = 1
      "MinorVersion" = 0
      "WarnOnIntranet" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\LUI]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server >
      "AllowRemoteRPC" = 0
      "DelayConMgrTimeout" = 0
      "DeleteTempDirsOnExit" = 1
      "fDenyTSConnections" = 1
      "fSingleSessionPerUser" = 1
      "NotificationTimeOut" = 0
      "PerSessionTempDir" = 0
      "ProductVersion" = 5.1
      "RCDependentServices" = CertPropSvcSessionEnv [binary data]
      "SnapshotMonitors" = 1
      "StartRCM" = 0
      "TSUserEnabled" = 0
      "InstanceID" = 0988b076-e88a-4260-a571-7e151ad
      "GlassSessionId" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >
      "DefaultDomainName" =
      "DefaultUserName" =
      "EnableSIHostIntegration" = 1
      "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
      "Shell" = explorer.exe -- [2016/07/29 09:57:37 | 004,074,160 | ---- | M] (Microsoft Corporation)
      "ShellCritical" = 0
      "SiHostCritical" = 0
      "SiHostReadyTimeOut" = 0
      "SiHostRestartCountLimit" = 0
      "SiHostRestartTimeGap" = 0
      "Userinit" = C:\WINDOWS\system32\userinit.exe,
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa >
      "auditbasedirectories" = 0
      "auditbaseobjects" = 0
      "Bounds" = 0  [binary data]
      "crashonauditfail" = 0
      "LimitBlankPasswordUse" = 1
      "NoLmHash" = 1
      "Notification Packages" = scecli [binary data] -- [2015/10/30 04:18:26 | 000,227,840 | ---- | M] (Microsoft Corporation)
      "Authentication Packages" = msv1_0 [binary data] -- [2016/07/29 09:56:54 | 000,294,752 | ---- | M] (Microsoft Corporation)
      "SecureBoot" = 1
      "disabledomaincreds" = 0
      "everyoneincludesanonymous" = 0
      "forceguest" = 0
      "restrictanonymous" = 0
      "restrictanonymoussam" = 1
      "fullprivilegeauditing" =  [binary data]
      "LsaPid" = 812
      "ProductType" = 3
      "Security Packages" = kerberosmsv1_0schannelwdigestt [Binary data over 200 bytes]
      "SamConnectedAccountsExist" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CentralizedAccessPolicies]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts >
       
      < \UserList >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
      "Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
      "ApplicationTileImmersiveActivation" = 1
      "AssociationActivationMode" = 0
      "AutoHide" = yes
      "Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
      "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL" =  [binary data]
      "Delete_Temp_Files_On_Exit" = yes
      "Enable_Disk_Cache" = yes
      "Extensions Off Page" = about:NoAdd-ons
      "Local Page" = C:\Windows\SysWOW64\blank.htm
      "Placeholder_Height" = 1A 00 00 00  [binary data]
      "Placeholder_Width" = 1A 00 00 00  [binary data]
      "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page" = about:SecurityRisk
      "Start Page" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS" = yes
      "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2016/07/29 09:57:46 | 000,820,416 | ---- | M] (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon >
      "DefaultDomainName" =
      "DefaultUserName" =
      "EnableSIHostIntegration" = 1
      "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
      "Shell" = explorer.exe -- [2016/07/29 09:57:37 | 004,074,160 | ---- | M] (Microsoft Corporation)
      "ShellCritical" = 0
      "SiHostCritical" = 0
      "SiHostReadyTimeOut" = 0
      "SiHostRestartCountLimit" = 0
      "SiHostRestartTimeGap" = 0
      "Userinit" = C:\WINDOWS\system32\userinit.exe,
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
       
      < \SpecialAccounts\UserList >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
      "Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
      "ApplicationTileImmersiveActivation" = 1
      "AssociationActivationMode" = 0
      "AutoHide" = yes
      "Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
      "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL" =  [binary data]
      "Delete_Temp_Files_On_Exit" = yes
      "Enable_Disk_Cache" = yes
      "Extensions Off Page" = about:NoAdd-ons
      "Local Page" = C:\Windows\SysWOW64\blank.htm
      "Placeholder_Height" = 1A 00 00 00  [binary data]
      "Placeholder_Width" = 1A 00 00 00  [binary data]
      "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page" = about:SecurityRisk
      "Start Page" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS" = yes
      "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2016/07/29 09:57:46 | 000,820,416 | ---- | M] (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService >
      "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2015/10/30 04:18:25 | 000,037,256 | ---- | M] (Microsoft Corporation)
      "DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268
      "ErrorControl" = 1
      "Start" = 3
      "Type" = 32
      "Description" = @%SystemRoot%\System32\termsrv.dll,-267
      "DependOnService" = RPCSS [binary data]
      "ObjectName" = NT Authority\NetworkService
      "ServiceSidType" = 1
      "RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [Binary data over 200 bytes]
      "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00  [binary data]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance]
       
      < net user /c >
      Contas de usu rio para \\FREEFALL-PC
      -------------------------------------------------------------------------------
      Administrador            Convidado                DefaultAccount          
      FreeFall                
      Comando conclu¡do com ˆxito.
       
      < MD5 for: TERMSRV.DLL  >
      [2014/10/13 23:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows.old\Windows\System32\termsrv.dll
      [2014/10/13 23:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
      [2015/10/30 04:18:18 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=14307D4801C8CEF0A615907C09E886B3 -- C:\WINDOWS\SysNative\termsrv.dll
      [2015/10/30 04:18:18 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=14307D4801C8CEF0A615907C09E886B3 -- C:\Windows\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_10.0.10586.0_none_1b24da20fe9b4a93\termsrv.dll
      [2010/11/21 00:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
      [2014/07/16 23:07:44 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=4FC4C50985E5B840F4D72E57286887B8 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
      [2014/10/13 23:16:40 | 000,686,592 | ---- | M] (Microsoft Corporation) MD5=6A5B600AD0041E9AF564DE73B716F3D2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
      [2014/07/16 00:23:41 | 000,686,080 | ---- | M] (Microsoft Corporation) MD5=F4D7114060C034134A440846F411BB7F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
       
      < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
       
      ========== Alternate Data Streams ==========
       
      @Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt   < End of report > -->